Tag: security
Apache HugeGraph users told to patch immediately to stay safe from this dangerous bug
Months after being patched, a vulnerability in the Apache HugeGraph-Server is being exploited to trigger remote code execution (RCE) on vulnerable endpoints. Nonprofit security organization the Shadowserver Foundation sounded the alarm on Mastodon, noting, “We are observing Apache HugeGraph-Server CVE-2024-27348 RCE “POST /gremlin” exploitation attempts from multiple sources,” the warning…
Read More
A GitHub token leak could have put the entire Python language at risk
What if the Python programming language itself was malicious? It would be the most devastating supply chain attack in human history – but it almost happened after an important GitHub token was accidentally leaked. Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container…
Read More
US government warns of possible security issue with popular geospatial data platform
The US government has warned its agencies of critical software vulnerabilities being exploited in a top geospatial data platform. Found by security researcher Steve Ikeoka, the flaws affect the OSGeo GeoServer GeoTools, an open source software server used to share and edit geospatial data. The US Cybersecurity and Infrastructure Security…
Read More
Crypto websites registered to Squarespace are being hijacked and redirected by scammers
Multiple cryptocurrency projects registered with the Squarespace web hosting provider, were recently targeted with a coordinated DNS hijacking attack. The goal of the attack was to steal their users’ money. DNS hijacking, also known as DNS redirection, is a type of cyberattack where attackers manipulate the Domain Name System (DNS)…
Read More
This new ransomware tries to stop victims recovery by using passphrases
A new ransomware strain has been discovered with a unique feature that makes analysis by cybersecurity experts more difficult. The fourth strain of the HardBit Ransomware, HardBit 4.0, introduced passphrase protection, which needs to be provided during the runtime, in order for the ransomware to be executed properly, researchers from…
Read More
Gemini AI platform caught scanning Google Drive files without user permission
Google’s Gemini AI has been caught scanning PDF files hosted on Google Drive without active permission or initiation, sparking yet another discussion around AI safety and privacy concerns. Senior Advisor on AI Governance Kevin Bankson took to X to share concerns over an automatically generated AI summary in a private…
Read More