Researcher Jailbreaking an AI’s System Prompt Through Creativity
In a remarkable display of creativity, a researcher showcased how an artificial intelligence (AI) system’s tightly guarded “system prompt” could be indirectly accessed not through…
Category: CyberSecurityNews
Rails Apps File Write Vulnerability Let Attackers Execute Code Remotely
Researchers uncovered a critical security vulnerability in Rails applications that leverages the Bootsnap caching library. This exploit allows attackers to achieve remote code execution (RCE) by…
Open-Source ClamAV Releases Critical Security Patch Updates – What’s Inside!
The ClamAV team has announced the release of security patch updates for ClamAV versions 1.4.2 and 1.0.8. These updates address a critical vulnerability and include…
New Cookie Sandwich Technique Let Attackers Bypass HttpOnly Flag On Servers
A newly discovered attack technique, dubbed the “cookie sandwich,” enables attackers to bypass the HttpOnly flag on certain servers, exposing sensitive cookies, including session identifiers,…
New Supply Chain Attack Targeting Chrome Extensions To Inject Malicious Code
A sophisticated supply chain attack targeting Chrome browser extensions has compromised at least 35 Chrome extensions, potentially exposing over 2.6 million users to data theft…
Helldown Ransomware Exploiting Zyxel Devices Using Zero-Day Vulnerability
A new ransomware threat dubbed “Helldown” has emerged, actively exploiting vulnerabilities in Zyxel firewall devices to breach corporate networks. Cybersecurity researchers have uncovered evidence linking…
Malicious VS Code Mimic As Zoom App Steals Cookies From Chrome
Cybersecurity researchers have uncovered a new threat targeting developers using Visual Studio Code (VS Code). A malicious extension masquerading as a Zoom app has been…
AWS Releases Best Security Practices To Mitigate Ransomware Attacks
Amazon Web Services (AWS) has announced a set of best practices aimed at helping customers protect their cloud environments against ransomware attacks and other unauthorized…
Ex-CIA Analyst Pleads Guilty To Leaking National Defense Information
A former CIA analyst, Asif William Rahman, 34, pleaded guilty today to unlawfully retaining and transmitting Top Secret National Defense Information, which was later leaked…
China Hackers Compromised VPN Service Provider in Supply-Chain Attack
A sophisticated supply-chain attack targeting a South Korean VPN provider. The attack has been attributed to a previously undisclosed China-aligned Advanced Persistent Threat (APT) group,…
Threat Actors Delivering Ransomware Via Microsoft Teams Using Voice Calls
Sophos Managed Detection and Response (MDR) has uncovered two distinct ransomware campaigns exploiting Microsoft Teams to gain unauthorized access to targeted organizations. The threat actors,…
318 Vulnerabilities Patched in January 2025 Oracle Critical Security Update
Oracle has released its January 2025 Critical Patch Update (CPU), addressing 318 newly discovered security vulnerabilities across its extensive product portfolio. This quarterly update underscores…