Researchers Discover Over 20 Supply Chain Vulnerabilities in MLOps Platforms

Inherent vulnerabilities stem from the underlying formats and processes of the technology, allowing attackers to exploit features like automatic code execution in ML models and certain dataset formats.

Cyware News – Latest Cyber News – ​Read More

Tech Support Scam Found Hijacking Microsoft Search Queries Through Google Ads

Two deceptive campaigns were identified recently using Google ads and Microsoft’s infrastructure. The first scam involves a fake helpdesk page on Microsoft Learn whereas the second one hijacks Microsoft search queries through a Google ad.

Cyware News – Latest Cyber News – ​Read More

Identity of Notorious Hacker USDoD Revealed

USDoD, the hacker known for high-profile data leaks, is a man from Brazil, according to CrowdStrike and others.

The post Identity of Notorious Hacker USDoD Revealed appeared first on SecurityWeek.

SecurityWeek – ​Read More

Seattle Airport Blames Outages on Potential Cyberattack

The Port of Seattle, including the SEA Airport, is experiencing system outages likely caused by a cyberattack.

The post Seattle Airport Blames Outages on Potential Cyberattack appeared first on SecurityWeek.

SecurityWeek – ​Read More

Researchers Discover Several Potential Attack Vectors in Bicycles With Shimano Di2 Wireless Gear-Shifting System

Researchers found a vulnerability in the Shimano Di2 system’s proprietary protocol, making it susceptible to a replay attack. They demonstrated that an attacker could intercept and replay commands using off-the-shelf software-defined radio.

Cyware News – Latest Cyber News – ​Read More

Google Warns of Exploited Chrome Vulnerability

Google flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild.

The post Google Warns of Exploited Chrome Vulnerability appeared first on SecurityWeek.

SecurityWeek – ​Read More

Centreon Issues Critical Security Update to Fix SQL Injection Vulnerabilities That Threaten IT Monitoring

These vulnerabilities, known as CVE-2024-32501, CVE-2024-33852, CVE-2024-33853, CVE-2024-33854, CVE-2024-5725, and CVE-2024-39841, pose a significant risk to organizations relying on Centreon for IT infrastructure monitoring.

Cyware News – Latest Cyber News – ​Read More

Critical SSTI Flaw in WPML Plugin Exposes Millions of WordPress Sites to RCE Attacks

This vulnerability allows authorized users to inject and execute malicious code through the plugin’s shortcode feature, potentially leading to data theft and website takeover.

Cyware News – Latest Cyber News – ​Read More

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot

Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling.
“ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface,” security researcher Johann Rehberger said.
“This means that an attacker

The Hacker News – ​Read More

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome prior to

The Hacker News – ​Read More