Patronus AI launches the first multimodal LLM-as-a-Judge for evaluating AI systems that process images, with Etsy already implementing the technology to validate product image captions across its marketplace. This article has been indexed from Security News | VentureBeat Read the…
Category: EN
2-year-old Windows Kernel 0-day Vulnerability Exploited in the Wild
Microsoft has patched a critical Windows Kernel vulnerability that has been actively exploited for nearly two years. The vulnerability, tracked as CVE-2025-24983, was included in the company’s March 2025 Patch Tuesday release in March. According to cybersecurity firm ESET, which…
Apache NiFi Vulnerability Let Attackers Access MongoDB Username & Passwords
A significant security vulnerability has been identified in Apache NiFi, allowing potential attackers with specific access privileges to expose MongoDB authentication credentials. The vulnerability, tracked as CVE-2025-27017 (NIFI-14272), affects multiple versions of the Apache NiFi data processing system and could…
How to secure your personal metadata from online trackers
When it comes to safeguarding your privacy online, most people focus on securing passwords, encrypting communications, and clearing browsing history. While these practices are essential, they overlook one important element—metadata. This data, which is collected about your digital interactions, can…
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability These types of vulnerabilities are frequent…
Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities
Researchers warn of a “coordinated surge” in the exploitation attempts of SSRF vulnerabilities in multiple platforms. Threat intelligence firm GreyNoise observed Grafana path traversal exploitation attempts before the Server-Side Request Forgery (SSRF) surge on March 9, suggesting the attackers may…
Don’t let your kids on Roblox if you’re worried, says Roblox CEO
To parents worried about their children’s presence on Roblox, the CEO said don’t let your kids be on Roblox. This article has been indexed from Malwarebytes Read the original article: Don’t let your kids on Roblox if you’re worried, says…
Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign
Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms. The post Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign appeared first on SecurityWeek. This article has been indexed from…
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique…
‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality
Microsoft said the ongoing phishing campaign is designed to infect hospitality firms with multiple credential-stealing malware This article has been indexed from www.infosecurity-magazine.com Read the original article: ‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 3, 2025 to March 9, 2025)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…
Setting the Record Straight: Debunking Myths About Mainframe Security in Cyber Strategies
Earlier this year, the modern mainframe celebrated its 60th anniversary, underscoring its ongoing significance. According to this 2024 Forrester report, 61% of global infrastructure hardware decision-makers confirm their firms still rely… The post Setting the Record Straight: Debunking Myths About Mainframe…
That ‘angry guest’ email from Booking.com? It’s a scam, not a 1-star review
Phishers check in, your credentials check out, Microsoft warns An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees’ inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.… This article has…
Apple’s appeal against UK’s secret iCloud backdoor order must be held in public, rights groups urge
Privacy rights groups have called on Apple’s legal challenge to a secret U.K. government order asking it to backdoor an end-to-end encrypted (E2EE) version of its iCloud storage service to be heard in public, rather than behind closed doors. The…
Bitdefender Warns of Multiple Vulnerabilities That Let Attackers Execute MITM Attack
Bitdefender has disclosed two critical vulnerabilities affecting its BOX v1 device that could allow network-adjacent attackers to execute Man-in-the-Middle (MITM) attacks, potentially leading to remote code execution. The vulnerabilities, assigned CVE-2024-13872 and CVE-2024-13871, both received a CVSS score of 9.4,…
Mozilla Urging Users to Update Firefox, Else Add-ons Will Stop Working
Mozilla has issued an urgent warning to Firefox users worldwide, emphasizing the critical need to update their browsers before March 14, 2025, when a vital root certificate will expire. This expiration threatens to disable extensions, break DRM-protected content playback, and…
Microsoft Warns of Hospitality Sector Attacks Involving ClickFix
A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering. The post Microsoft Warns of Hospitality Sector Attacks Involving ClickFix appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back…
Is your phone eavesdropping on you? Try NordVPN’s simple test to find out
Ever had a random conversation and then seen an ad for something you mentioned? This simple trick will help you find out if it was just a coincidence or something more. This article has been indexed from Latest stories for…
Hackers Use Trump’s Coin, Binance’s Name in Crypto Phishing Scam
Threat actors are running an email phishing scam to entice victims to install Binance software in hopes of collecting TRUMP coins. However, if they try, they instead get the ConnectWise RAT installed on their systems, which could let the malware…