vulnerability

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Security /

Hackers are ramping up their attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances, security researchers warned this week. Threat intelligence startup GreyNoise said in a blog post on Tuesday that it had observed a “notable resurgence of in-the-wild activity” targeting the three ServiceNow vulnerabilities, tracked as CVE-2024-4879, CVE-2024-5178, […]

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems Read More »

Hackers are exploiting Fortinet firewall bugs to plant ransomware

Security /

Security researchers have observed hackers linked to the notorious LockBit gang exploiting a pair of Fortinet firewall vulnerabilities to deploy ransomware on several company networks.  In a report published last week, security researchers at Forescout Research said a group it’s tracking dubbed “Mora_001” is exploiting the Fortinet firewalls, which sit on the edge of a

Hackers are exploiting Fortinet firewall bugs to plant ransomware Read More »

AI models trained on unsecured code become toxic, study finds

AI /

A group of AI researchers has discovered a curious — and troubling — phenomenon: Models say some pretty toxic stuff after being fine-tuned on unsecured code. In a recently published paper, the group explained that training models, including OpenAI’s GPT-4o and Alibaba’s Qwen2.5-Coder-32B-Instruct, on code that contains vulnerabilities leads the models to give dangerous advice,

AI models trained on unsecured code become toxic, study finds Read More »

Palo Alto Networks warns of another firewall vulnerability under attack by hackers

Security /

U.S. cybersecurity giant Palo Alto Networks has warned that hackers are exploiting another vulnerability in its firewall software to break into unpatched customer networks. Attackers are exploiting a recently disclosed vulnerability in PAN-OS, the operating system that runs Palo Alto Networks firewalls, the California-based company confirmed on Tuesday. Cybersecurity firm Assetnote first discovered the vulnerability,

Palo Alto Networks warns of another firewall vulnerability under attack by hackers Read More »

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers

Security /

Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.  Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers Read More »

Facebook awards researcher $100,000 for finding bug that granted internal access

Security /

In October 2024, security researcher Ben Sadeghipour was analyzing Facebook’s ad platform when he found a security vulnerability that allowed him to run commands on the internal Facebook server housing that platform, essentially giving him control of the server.   After he reported the vulnerability to Facebook’s owner Meta, which Sadeghipour said took just one hour

Facebook awards researcher $100,000 for finding bug that granted internal access Read More »

Hackers are exploiting a new Ivanti VPN security bug to hack into company networks

Security /

U.S. software giant Ivanti has warned that a zero-day vulnerability in its widely-used enterprise VPN appliance has been exploited to compromise the networks of its corporate customers. Ivanti said on Wednesday that the critical-rated vulnerability, tracked as  CVE-2025-0282, can be exploited without any authentication to remotely plant malicious code on Ivanti’s Connect Secure, Policy Secure,

Hackers are exploiting a new Ivanti VPN security bug to hack into company networks Read More »

Researchers find security flaws in Skoda cars that may let hackers remotely track them

Transportation /

Security researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars that could allow malicious actors to remotely trigger certain controls and track the cars’ location in real time. PCAutomotive, a cybersecurity firm specializing in the automotive sector, unveiled 12 new security vulnerabilities impacting the latest model of the Skoda Superb

Researchers find security flaws in Skoda cars that may let hackers remotely track them Read More »

Bitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breach

Security /

Byte Federal, one of the largest Bitcoin ATM operators in the U.S., said the personal data of thousands of customers may have been compromised during a recent breach. In a filing with Maine’s attorney general, Florida-based Byte Federal said hackers tried to access the data of 58,000 customers, including names, addresses, phone numbers, government-issued IDs,

Bitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breach Read More »

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again

Security /

Security researchers are warning that hackers are actively exploiting another high-risk vulnerability in a popular file transfer technology to launch mass hacks.  The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based enterprise software company Cleo, according to researchers at cybersecurity company Huntress.  The flaw was first disclosed by Cleo in a security advisory on

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again Read More »