Enterprises beef up cybersecurity plans to mitigate AI risks
Dive Brief: Enterprises are working to address AI’s risks as adoption increases, according to a report published this week by insurance and risk management services…
Month: March 2025
Hackers abuse WordPress MU-Plugins to hide malicious code
Hackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection. The technique was first observed…
CrushFTP Vulnerability Exploited to Bypass Authentication
A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. The vulnerability,…
UK law enforcement data adequacy at risk
The UK government has introduced its Data Use and Access Bill (DUAB) to Parliament, but proposed reforms to police data protection rules could undermine law…
NVIDIA NeMo Guardrails | Daniel Miessler
One of the biggest challenges companies are facing right now with AI systems is how to deploy them securely. Especially when they’re trying to input…
Hacker linked to Oracle Cloud intrusion threatens to sell stolen data
The threat actor that claimed responsibility for an alleged data breach at Oracle Cloud is threatening to release or sell the data, according to security…
North Korean hackers adopt ClickFix attacks to target crypto firms
The notorious North Korean Lazarus hacking group has reportedly adopted ‘ClickFix’ tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance…
Cannon Printer Vulnerability Let Attackers Execute Arbitrary Code
Canon has issued a critical security advisory regarding a severe vulnerability detected in several of its printer drivers that could allow attackers to execute arbitrary…
Zoom software leading to BlackSuit Ransomware drop on Windows
Zoom, the popular video conferencing software widely used by businesses across the globe for meetings and virtual collaboration, has recently made headlines—but not for the…
Understanding of ‘black box’ IT systems will reduce Post Office scandal-like risk
Another Post Office scandal could be avoided if leaders in public bodies understand the “black box” IT systems that run their organisations and encourage a…
Apple’s LifeOS | Daniel Miessler
iOS17 highlighted at WWDC 2023 I think Apple is building LifeOS. I made a prediction the month before the iPhone came out that Apple’s approach…
CISA warns new malware targeting Ivanti zero-day vulnerability
Dive Brief: The Cybersecurity and Infrastructure Security Agency on Friday issued an alert for a new malware variant, dubbed Resurge, that is exploiting CVE-2025-0282, a…