Tag Archives: security

Massive breach spills credentials for thousands of sensitive networks

Hudson Rock said the attackers went on to “actively intercept SSL VPN authentication hashes and crack them using a massive, dedicated 45-GPU cluster managed via Hashtopolis.” From there, they used the GPU cluster to crack the hashes, meaning to try massive combinations of plain-text passwords until they found the right one. These passwords allowed the… Read More: Massive breach spills credentials for thousands of sensitive networks »

“Dangerous” AI models are coming no matter what

“It’s myopic in the extreme to think that no other competitors to Anthropic will develop similar capabilities to Mythos or even that they have not already done so,” says Tarah Wheeler, chief security officer of the specialized cybersecurity consulting firm TPO Group. “There are other companies hot on Anthropic’s heels who probably have the capabilities,… Read More: “Dangerous” AI models are coming no matter what »

Windows and Linux users: The deadline to update Secure Boot keys is near

In 2012, a new form of bootkit was demonstrated. Instead of targeting machines through the BIOS or master boot record, one such bootkit attacked Mac OS X systems by infecting the EFI, a package of firmware that started the boot process. A second very primitive bootkit targeted Windows 8 machines by infecting the UEFI bootkit,… Read More: Windows and Linux users: The deadline to update Secure Boot… »

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

To bring about the Parameter-to-Prompt Injection an attacker sends the target an email that contains the URL with the syntax https://m365.cloud.microsoft/search/?auth=2&origindomain=microsoft365&q=. The field contains an instruction. Copilot readily complied. “The search functionality is exactly what attackers need, because even with limited capabilities, a user with access to critical information is enough,” the researchers wrote Monday.… Read More: Critical Copilot vulnerability allowed hackers to seal 2FA code from… »

Users cry foul after AMD stripped memory crypto from its consumer CPUs

Limoncello promptly replied: “My apologies; but I don’t have any more information to share on this topic.” With that, the discussion and Kilpatrick’s inquiry were over. The Lendacky comment in 2020 Kilpatrick referred to came in this thread discussing encryption features available in AMD CPUs. Lendacky said that the Ryzen 3700x, a consumer CPU, “should… Read More: Users cry foul after AMD stripped memory crypto from its… »

PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

“While several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise, resulting in stolen data being published on the ShinyHunters DLS,” Mandiant said. (DLS is short for data leak site.) An analysis of a bash script left in the staging environment shows the attackers performed reconnaissance on compromised organizations, including mapping the… Read More: PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data »

Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed

Tuesday’s patch bundle also fixed MiniPlasma, a separate vulnerability disclosed by Nightmare Eclipse. Microsoft said in an email that the vulnerability is tracked as CVE-2020-17103, a vulnerability Microsoft first fixed six years ago. That means MiniPlasma was the result of a regression or an incomplete patch in its initial form. The company is in the… Read More: Locked in heated rivalry with researcher, Microsoft fixes 0-day they… »

High-severity vulnerability in Linux caused by a single errant character

When a verdict map is deleted from memory, catchall elements are deactivated and a chain’s reference counter is decremented. When errors occur the deletion can be reversed and the counter incremented. CVE-2026-53111 allows for that process to be altered. As a result, the exploit can decrement the variable an arbitrary number of times and then… Read More: High-severity vulnerability in Linux caused by a single errant character »

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents. In all, multiple researchers said, 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Rather than noting they… Read More: For the 2nd time in weeks, Microsoft packages laced with… »

How a USB-connected speaker can infect a PC without ever being touched

After successfully replacing the firmware with a replacement image that did nothing more than display the word “patched” on the speaker’s LED display, the researcher got to wondering what else a hacker might do. So he turned his attention to FreeRTOS, the open source operating system that ran the Katana V2X. It contained a set… Read More: How a USB-connected speaker can infect a PC without ever… »