Category: security
This cyberattack lets hackers crack AI models just by changing a single character
Researchers from HiddenLayer devised a new LLM attack called TokenBreaker By adding, or changing, a single character, they are able to bypass certain protections The underlying LLM still understands the intent Security researchers have found a way to work around the protection mechanisms baked into some Large Language Models (LLM)…
Read More
Over 80,000 Microsoft Entra ID accounts hit by password spraying attacks
Hackers are abusing a legitimate tool to target Entra ID accounts The password spraying attack targeted some 80,000 accounts Attackers managed to take over some accounts, accessing Microsoft Teams, OneDrive, Outlook data Cybercriminals have been spotted abusing a legitimate penetration testing tool to target people’s Entra ID user accounts with…
Read More
No, those amazing deals on Facebook aren’t real – it’s a scam, and here’s how to spot it
High-end and luxury products are being advertised with huge savings 4,000+ fake domains impersonating big brands have been spotted Victims are losing money without receiving their products More than 4,000 fake domains impersonating popular brands have been spotted in a scheme pushing scam ads targeting Facebook users. The campaign was…
Read More
Holidaymakers under threat from devious new cyber threat – here’s how to stay safe
Experts warns of fake Booking.com sites circulating the web The sites come with a fake “Accept Cookie” prompt that downloads a RAT Shoppers should be on their guard when searching for deals Hackers have been found targeting holidaymakers around the world with remote access trojans (RAT) distributed through fake Booking.com…
Read More
Microsoft Copilot targeted in first “zero-click” attack on an AI agent – what you need to know
Security researchers Aim Labs discovered an LLM Scope Violation flaw in Microsoft 365 Copilot The critical-severity bug allows threat actors to exfiltrate sensitive corporate data by sending an email Microsoft says it has fixed the issue server-side, but users should be on guard Microsoft has fixed a dangerous zero-click attack…
Read More
US government vaccine hub, Nvidia events page abused in cyberattack spewing out AI slop
An Nvidia events page has been hijacked with AI generated spam NPR, Stanford, and some US government sites were also taken over The spam seems to be explicit but non-malicious Several Nvidia-owned web domains were hijacked to show explicit and AI-generated content in a spam campaign that also targeted NPR,…
Read More