AI Assistant Jailbreaked to Reveal its System Prompts
Anonymous tinkerer claims to have bypassed an AI assistant’s safeguards to uncover its highly confidential system prompt—the underlying instructions shaping its behavior. The breach, achieved…
Month: January 2025
Bashe Ransomware strikes ICICI Bank
A relatively unknown ransomware group named Bashe, potentially linked to the infamous LockBit gang, has launched a cyberattack on ICICI Bank, a major Indian financial…
DigitalOcean Per-Bucket Access Keys boosts object storage security
DigitalOcean announced Per-Bucket Access Keys for DigitalOcean Spaces, its S3-compatible object storage service. This feature provides customers with identity-based, bucket-level control over access permissions, helping…
QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features
Jan 23, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors…
Open-Source ClamAV Releases Critical Security Patch Updates – What’s Inside!
The ClamAV team has announced the release of security patch updates for ClamAV versions 1.4.2 and 1.0.8. These updates address a critical vulnerability and include…
SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly advises users of the…
New Cookie Sandwich Technique Let Attackers Bypass HttpOnly Flag On Servers
A newly discovered attack technique, dubbed the “cookie sandwich,” enables attackers to bypass the HttpOnly flag on certain servers, exposing sensitive cookies, including session identifiers,…
Open-Source ClamAV Releases Security Update for Buffer Overflow Vulnerability
ClamAV, a widely used open-source antivirus software, has released security patch updates to address a critical buffer overflow vulnerability (CVE-2025-20128). The vulnerability, identified in the…
Cisco addresses a critical privilege escalation bug in Meeting Management
Cisco addresses a critical privilege escalation bug in Meeting Management Pierluigi Paganini January 23, 2025 Cisco addressed a critical flaw in its Meeting Management that…
New Supply Chain Attack Targeting Chrome Extensions To Inject Malicious Code
A sophisticated supply chain attack targeting Chrome browser extensions has compromised at least 35 Chrome extensions, potentially exposing over 2.6 million users to data theft…
Rails Apps Arbitrary File Write Vulnerability Let Attackers Execute Code Remotely
A newly exposed vulnerability in Ruby on Rails applications allows attackers to achieve Remote Code Execution (RCE) through a flaw that permits arbitrary file writing.…
Bitsight Instant Insights accelerates vendor risk assessments
Bitsight unveiled Instant Insights, a new offering from the Bitsight IQ suite of AI-based capabilities. The new feature leverages generative AI to analyze and summarize…