Security researchers have identified a severe pre-authentication SQL injection vulnerability in Fortinet’s FortiWeb Fabric Connector, designated as CVE-2025-25257, that allows unauthenticated attackers to execute unauthorized SQL commands and potentially achieve remote code execution. The vulnerability affects multiple versions of FortiWeb,…
Author: IT Security News Bot
Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. McDonald’s…
BSI-Präsidentin Plattner: NIS-2-Umsetzung soll bis Anfang 2026 kommen
Deutschland ist bei der Umsetzung der EU-Cybersicherheitsvorgaben im Verzug. Die BSI-Chefin mahnt zur Eile bei NIS 2. (Nis 2, Security) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: BSI-Präsidentin Plattner: NIS-2-Umsetzung soll bis Anfang 2026…
Grok-4 Falls to a Jailbreak Two Days After Its Release
The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak. The post Grok-4 Falls to a Jailbreak Two Days After Its Release appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Cyberbetrug per KI: So gefährlich sind Deepfakes für Unternehmen
Deepfakes werden immer häufiger für Betrug und Identitätsdiebstahl in Unternehmen genutzt. Der Trend-Micro-Bericht zeigt, wie Angreifer mit einfachen KI-Tools Sicherheitsmechanismen umgehen. Dieser Artikel wurde indexiert von Newsfeed Lesen Sie den originalen Artikel: Cyberbetrug per KI: So gefährlich sind Deepfakes für…
Week in review: Microsoft fixes wormable RCE bug on Windows, check for CitrixBleed 2 exploitation
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed…
Omnicuris – 215,298 breached accounts
In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training…
Whatsapp, Signal, Telegram in einer App? Beeper will es – aber wie gut gelingt es?
Beeper soll Chats aller großen Messenger in einer App versammeln. Wir haben ausprobiert, wie gut das funktioniert und wo es noch Probleme gibt. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen Artikel: Whatsapp, Signal,…
Nach antisemitischem Grok-Eklat: xAI-Mitarbeiter droht mit Kündigung
Nach extremistischen Kommentaren von Grok zeigt sich das Entwicklungsteam gespalten. Während einige das Fehlverhalten verurteilen, meinen andere, das gehöre beim Einsatz innovativer Technologien dazu. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen Artikel: Nach…
DPC Investigates TikTok Over Transfer of EU User Data to China
The Data Protection Commission (DPC) has launched a formal inquiry into TikTok Technology Limited, scrutinizing the company’s practices regarding the transfer and storage of European Economic Area (EEA) users’ personal data to servers in China. This development stems from discrepancies…
COMmander: Network-Based Tool for COM and RPC Exploitation
The need for solutions that improve detection skills against sophisticated attacks is growing in the ever-changing cybersecurity world. COMmander emerges as a lightweight, C#-based utility designed to bolster defensive telemetry by monitoring Remote Procedure Call (RPC) and Component Object Model…
Researchers Bypass Meta’s Llama Firewall Using Prompt Injection Vulnerabilities
Researchers at Trendyol, a leading e-commerce platform, have uncovered multiple vulnerabilities in Meta’s Llama Firewall, a suite of tools designed to safeguard large language models (LLMs) against malicious inputs. Llama Firewall incorporates components like PROMPT_GUARD for mitigating prompt injection attacks…
Fake Gaming and AI Companies Target Windows and macOS Users with Drainer Malware Attacks
The cybersecurity company Darktrace has uncovered a persistent, intricate social engineering campaign that targets bitcoin users, building on earlier findings by Cado Security Labs in December 2024. Threat actors are fabricating elaborate startup companies themed around AI, gaming, video conferencing,…
Bitcoin Depot Breach Exposes Data of 27,000 Crypto Users
Bitcoin Depot, Inc., a prominent cryptocurrency ATM operator, has disclosed a data breach that compromised the personal information of approximately 27,000 users. The breach, which involved unauthorized access to sensitive customer records, underscores the persistent vulnerabilities in the fintech sector,…
GPUHammer: First-Ever Rowhammer Attack Targeting NVIDIA GPUs
Researchers from the University of Toronto have unveiled the first successful Rowhammer attack on an NVIDIA GPU, specifically targeting the A6000 model equipped with GDDR6 memory. Dubbed “GPUHammer” in some circles, this exploit builds on the decade-old Rowhammer vulnerability, traditionally…
Red Hat Advanced Cluster Security 4.8 simplifies management, enhances workflows and offers deeper external IP visibility
Security continues to be a top priority for organizations managing Kubernetes clusters. Red Hat has made significant strides for improved security for containers with its latest release of Red Hat Advanced Cluster Security 4.8. This release focuses on simplifying management,…
GPUHammer – First Rowhammer Attack Targeting NVIDIA GPUs
Cybersecurity researchers at the University of Toronto have achieved a breakthrough in hardware-level attacks by successfully demonstrating GPUHammer, the first Rowhammer attack specifically targeting discrete NVIDIA GPUs. The research, which focuses on the popular NVIDIA A6000 GPU with GDDR6 memory,…
WordPress GravityForms Plugin Hacked to Include Malicious Code
A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one…
OpenAI is to Launch a AI Web Browser in Coming Weeks
OpenAI is reportedly preparing to release an artificial intelligence-enhanced web browser within the coming weeks, marking the company’s latest expansion beyond its popular ChatGPT platform. The new browser will feature integrated AI agent capabilities designed to autonomously handle various online…
Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability
Trendyol’s application security team uncovered a series of bypasses that render Meta’s Llama Firewall protections unreliable against sophisticated prompt injection attacks. The findings raise fresh concerns about the readiness of existing LLM security measures and underscore the urgent need for…