AI/MLMicrosoft’s ‘AI Watchdog’ defends against new LLM jailbreak methodLaura FrenchApril 15, 2024The “Crescendo” attack uses a chain of seemingly benign prompts to achieve an adverse output.
Network SecurityDelinea patches API vulnerability in Secret Server CloudSteve ZurierApril 15, 2024If left unpatched, the API flaw could let attackers bypass authentication, gain admin access, and steal company secrets.
IdentityRoku activates 2FA for 80M users after breach of 576K accountsSimon HenderyApril 15, 2024The streaming service enables 2FA on all accounts following its second credential-stuffing attack this year.
Network SecurityPalo Alto Networks PAN-OS critical 0-day exploited; hotfixes availableLaura FrenchApril 12, 2024The max severity (CVSS 10) bug enables command injection through the GlobalProtect feature.
AI/MLAI-generated code potentially used in new Rhadamanthys campaignLaura FrenchApril 12, 2024A PowerShell script used to deploy the infostealer contains unusually specific comments, researchers say.
IdentityLastPass thwarts attempt to deceive employee with deepfake audioSteve ZurierApril 12, 2024While the employee did not fall for the scam, LastPass took the incident as an opportunity to spread awareness about deepfakes.
RansomwareLockBit copycat DarkVault spurs rebranding rumorLaura FrenchApril 11, 2024Several impersonators have used LockBit’s branding and leaked builder in their attacks.
IdentitySisense customers told to reset credentials amid supply chain attack fearsSteve ZurierApril 11, 2024While details of the breach are limited, CISA sends alert after security researchers discover compromise.
RansomwareRansomware gang steals 534,000 records from Wisconsin healthcare providerSimon HenderyApril 11, 2024The BlackSuit group claimed responsibility for an attack on Group Health Cooperative of South Central Wisconsin.
Network SecurityFortinet patches FortiClientLinux critical RCE vulnerabilityLaura FrenchApril 10, 2024The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.