A critical vulnerability in Google Gemini Enterprise and Vertex AI Search, dubbed GeminiJack, that allows attackers to exfiltrate sensitive corporate data without any user interaction or security alerts. The flaw exploits an architectural weakness in how enterprise AI systems process and…
Tag: EN
Cybercriminals Use Fake Game Updates on Itch.io and Patreon to Push Lumma Stealer
The indie gaming community faces a new and sophisticated threat. Malicious actors are exploiting itch.io and Patreon to distribute the Lumma Stealer malware disguised as legitimate game updates, targeting unsuspecting gamers through a systematic spam campaign across the platform. Newly…
High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking
A critical stored cross-site scripting (XSS) vulnerability in Ivanti Endpoint Manager (EPM) enables unauthenticated attackers to hijack administrator sessions by injecting malicious JavaScript into the management dashboard. The vulnerability, identified as CVE-2025-10573 with a CVSS score of 9.6, affects all…
Essential Eight: What Organisations Should Expect in 2026
Explore how the Essential Eight may shift in 2026, why ACSC expectations could rise, and what Australian organisations should do for greater resilience. The post Essential Eight: What Organisations Should Expect in 2026 appeared first on TechRepublic. This article has…
Crisis in Icebergen: How NATO crafts stories to sharpen cyber skills
1,500 military digital defenders spent past week cleaning up a series of cyberattacks on fictional island Andravia and Harbadus – two nations so often at odds with one another – were once again embroiled in conflict over the past seven…
Fortinet Patches Critical Authentication Bypass Vulnerabilities
The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled. The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fortinet…
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
GeminiJack is a zero-click Gemini attack that could have been exploited using specially crafted emails, calendar invites, or documents. The post Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
OWASP Project Publishes List of Top Ten AI Agent Threats
OWASP unveils its GenAI Top 10 threats for agentic AI, plus new security and governance guides, risk maps, and a FinBot CTF tool to help organizations secure emerging AI agents. The post OWASP Project Publishes List of Top Ten AI…
FBI Warns of Fake Video Scams
The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will…
Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data
The flaw, dubbed ‘GeminiJack,’ exploits the trust boundary between user-controlled content in data sources and the AI model’s instruction processing This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Fixes Zero Click Gemini Enterprise Flaw That Exposed…
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS…
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To…
Ivanti EPM Update Patches Critical Remote Code Execution Flaw
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Crimes Extorting Ransoms by Manipulating Online Photos
It is estimated that there are more than 1,000 sophisticated virtual kidnapping scams being perpetrated right now, prompting fresh warnings from the FBI, as criminals are increasingly using facial recognition software to create photos, videos, and sound files designed…
01flip: Multi-Platform Ransomware Written in Rust
01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks. The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42. This article has been indexed from…
Australia Begins Enforcing Child Social Media Ban
Australia’s social media ban for under-16s comes into force, as major platforms obliged to ensure children do not hold accounts This article has been indexed from Silicon UK Read the original article: Australia Begins Enforcing Child Social Media Ban
FortiSandbox OS command injection Vulnerability Let Attackers execute Malicious code
Fortinet has released a critical security update for its FortiSandbox analysis appliances to fix a dangerous vulnerability. If left unpatched, this flaw could allow attackers to take control of the underlying system. The vulnerability, tracked as CVE-2025-53949, was officially published on…
North Korean Hackers Exploit React2Shell Vulnerability in the Wild to Deploy EtherRAT
A novel, highly sophisticated malware strain targeting vulnerable React Server Components, signaling a significant evolution in how state-sponsored threat actors are exploiting the critical React2Shell vulnerability disclosed just days earlier. On December 5, 2025, just two days after the disclosure…
SAP Patches Critical Vulnerabilities With December 2025 Security Updates
Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek. This article has been indexed from…
Backslash secures MCP servers from data leakage, prompt injection, and privilege abuse
Backslash Security announced the launch of its end-to-end solution for the secure use of Model Context Protocol (MCP) servers across software development environments. As organizations increasingly adopt AI-native coding agents and integrated development environments (IDEs), the Backslash platform is designed…