Forscher haben Anmeldeinformationen in den Trainingsdaten von Large Language Models entdeckt. BOY ANTHONY – Shutterstock.com Beliebte LLMs wie DeepSeek werden mit Common Crawl trainiert, einem riesigen Datensatz mit Website-Informationen. Forscher von Truffle Security haben kürzlich einen Datensatz des Webarchives analysiert,… Read More "Forscher entdecken LLM-Sicherheitsrisiko | CSO Online"
A new phishing campaign leveraging the open-source Havoc command-and-control (C2) framework has been discovered. Attackers are using modified versions of Havoc Demon Agent alongside Microsoft Graph API to control infected systems through SharePoint. According to a new advisory by FortiGuard Labs, the… Read More "Phishing Campaign Uses Havoc Framework to Control Infected Systems"
As cyber threats increase in complexity and frequency, traditional security methods often fall short of safeguarding sensitive data and vital systems. DevSecOps offers a groundbreaking approach by incorporating security practices into all stages of the software development lifecycle (SDLC). By… Read More "Boost Your Cybersecurity with DevSecOps"
In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023. After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year’s total). Law enforcement actions against major groups like LockBit… Read More "The New Ransomware Groups Shaking Up 2025"
The UK’s privacy regulator has launched an investigation into TikTok, Reddit and Imgur after expressing concerns over the way the sites use children’s personal information. The Information Commissioner’s Office (ICO) revealed the news this morning, claiming that “recommender systems,” on the… Read More "ICO Launches TikTok Investigation Over Use of Children’s Data"
.jpeg?w=1140&resize=1140,855&ssl=1 "8 Black Kite Competitors & Alternatives: Comparison & Review")
Over the past five years, digital supply chains have evolved significantly, spurred by post-pandemic corrections, technological advancements, and globalization. This evolution has made the average organization more efficient and better suited to handle the demands of their unique operation. However,… Read More "8 Black Kite Competitors & Alternatives: Comparison & Review"
Some of the vulnerabilities mentioned in the logs are old, but widespread, such as the CVE-2022-30190 remote code execution flaw in Microsoft Office remote template feature, also known as the Follina flaw, that has been widely exploited via malicious Word… Read More "Ransomware access playbook: What Black Basta’s leaked logs reveal"
Ransomware actors have been observed exploiting a zero-day Bring Your Own Vulnerable Driver (BYOVD) flaw in Paragon Partition Manager. The CERT Coordination Center (CERT/CC) issued a security update on Friday revealing the news. It claimed Microsoft had spotted BYOVD attacks exploiting… Read More "BYOVD Attacks Exploit Zero-Day in Paragon Partition Manager"
Atlassian’s Confluence Data Center and Confluence Server are currently facing zero-day vulnerability attacks due to CVE-2023-22515. While Atlassian quickly released security updates for the impacted versions, Confluence administrators should ensure that the affected versions are updated to a fixed version… Read More "Atlassian Confluence Zero-Day Vulnerability: What Is CVE-2023-25515?"
Mar 03, 2025Ravie LakshmananMobile Security / Botnet Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been… Read More "Vo1d Botnet’s Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries"
