New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

/in

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances.
The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.
According to DEVCORE security researcher, the shortcoming makes

The Hacker News – ​Read More

Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns

/in

Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in.
Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an “explorable visual timeline” by capturing screenshots of what appears on users’ screens every five seconds, which are subsequently analyzed and

The Hacker News – ​Read More

Harvard, MIT, and Wharton research reveals pitfalls of relying on junior staff for AI training

/in

New study by Harvard, MIT, Wharton, and BCG researchers finds that relying on junior employees to train seniors on generative AI risks is ineffective, highlighting the need for top-down governance and expertise at all levels.Read More

Security News | VentureBeat – ​Read More

New Phishing Campaign Uses Stealthy JPGs to Drop Agent Tesla

/in

Spanish speakers beware! A new campaign using the Agent Tesla RAT targets Spanish-speaking individuals. Learn how to protect…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

GitHub Repos Targeted in Cyber-Extortion Attacks

/in

Since at least February, a threat actor has been attempting to extort victims by stealing or wiping data in their GitHub repositories.

darkreading – ​Read More

OpenAI, Anthropic Research Reveals More About How LLMs Affect Security and Bias

/in

Anthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.

Security | TechRepublic – ​Read More

CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways

/in

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering.

darkreading – ​Read More

How AI-driven identity attacks are defining the new threatscape

/in

Attackers are turning to deepfakes and other identity attacks to achieve their goals, quickly changing the enterprise threatscape.Read More

Security News | VentureBeat – ​Read More

Microsoft temporarily disables Recall on Copilot+ PCs amid security and privacy concerns

/in

Microsoft temporarily disables its AI-powered Recall feature on Copilot+ PCs following privacy and security concerns raised by cybersecurity experts and the public.Read More

Security News | VentureBeat – ​Read More

Snowflake’s customer breaches make 2024 the year of the identity siege

/in

Access happened because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.Read More

Security News | VentureBeat – ​Read More