Slack Patches AI Bug That Exposed Private Channels

Slack fixed a vulnerability in its AI feature that could allow attackers to steal data from private channels. The flaw involved a prompt injection flaw in an AI feature, which allowed attackers to manipulate the system to perform malicious actions.

Cyware News – Latest Cyber News – ​Read More

China-linked APT Velvet Ant Exploited Zero-Day to Compromise Cisco Nexus Switches

The China-linked APT group Velvet Ant exploited a zero-day vulnerability in Cisco switches, CVE-2024-20399, to take control of network devices. The flaw in Cisco NX-OS Software’s CLI enabled attackers with Admin credentials to run arbitrary commands.

Cyware News – Latest Cyber News – ​Read More

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon” feature that could allow a threat actor to

The Hacker News – ​Read More

Security Flaws in UK Political Party Donation Platforms Exposed

DataDome researchers found that major UK political parties lack critical security features to protect against bot and credential stuffing attacks on their donation platforms.

Cyware News – Latest Cyber News – ​Read More

Hackers Now Use AppDomain Injection to Drop Cobalt Strike Beacons

Hackers are now using AppDomain Injection to drop Cobalt Strike beacons in a series of attacks that began in July 2024. This technique, known as AppDomain Manager Injection, can weaponize any Microsoft .NET application on Windows.

Cyware News – Latest Cyber News – ​Read More

Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk

This vulnerability allows local attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. With a CVSS score of 7.8, CVE-2024-38054 is a critical flaw patched by Microsoft in July.

Cyware News – Latest Cyber News – ​Read More

Scammers are increasingly using messaging and social media apps to attack

Meta platforms, alongside Telegram, are among the growing number of sites used as a form of contact in 45% of scams.

Latest stories for ZDNET in Security – ​Read More

Liverpool Fans Take English Premier League Title for Ticket Scams

Ticket scams are costing football fans close to £200 a season, on average, according to a report.

darkreading – ​Read More

NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams

The release of new NIST quantum-proof cryptography standards signals it’s time for cybersecurity teams to get serious about preparing for the rise of quantum threats.

darkreading – ​Read More