Cybersecurity
General cybersecurity news and analysis

Apple Intelligence Exposed to Hijacking Risk via Prompt Injection
Security researchers have discovered a vulnerability in Apple Intelligence, allowing hackers to manipulate the AI system into producing malicious output, including profanity, through a technique called prompt injection. This raises serious concerns about user safety and the effectiveness of current security safeguards.
Shadow AI Emerges as Unseen Threat in Enterprise Security
As AI assistants and automation services increasingly seep into everyday use, employers are faced with a daunting question: are productivity gains worth the risk of losing control? Employees are quietly adopting unsanctioned AI tools, often blurring the lines between efficiency and security.

AI Agents Fuel 76% Surge in Non-Human Identities
The machines are catching up - a staggering 76% surge in non-human identities, driven by AI agents acting on our behalf, is raising critical questions about governance and control. As these machine-driven identities multiply, gaps in oversight are emerging, threatening to upend traditional operational and policy domains.

Fitness Equipment Exposes Weak Link in Gym Security
A recent security mishap at a gym serves as a stark reminder of the importance of safeguarding sensitive information, as a technician's careless mistake - stapling configuration details to a cupboard - left fitness equipment vulnerable to exploitation by mischief makers. This embarrassing blunder highlights the need for vigilance in protecting security credentials.

Pentagon Accelerates C-UAS Efforts Amid Rising Threats
As threats from small aerial systems escalate, the Pentagon is rapidly ramping up its counter-unmanned aircraft systems (C-UAS) efforts to stay ahead of the curve. With hypersonic flight and AI-powered shipbuilding also on the agenda, the question is: how do you prioritize across these three rapidly converging and game-changing fields?
Anthropic AI Model Exposes Vulnerabilities in Major Operating Systems
Anthropic's latest AI model, Claude Mythos Preview, has made a groundbreaking discovery, identifying vulnerabilities in every major operating system and web browser, sparking attention from intelligence agencies and a crucial debate on managing powerful tools. This revelation raises important questions about the dual role of AI in exposing and potentially enabling exploitation of critical software.

Unit 42 Uncovers Privilege Escalation Flaw in Amazon Bedrock AgentCore
Imagine a service designed to help users having unrestricted access to sensitive data - that's what Unit 42 discovered in Amazon Bedrock's AgentCore, where a flaw allowed for privilege escalation and data exfiltration due to overly broad permissions. This "Agent God Mode" vulnerability highlights the risks of systemic misconfiguration.

Ninja Forms Flaw Exposes WordPress Sites to Code Execution Risk
A critical vulnerability in the popular Ninja Forms plugin has been discovered, allowing hackers to upload and execute malicious code on WordPress sites without needing login credentials. If you're using Ninja Forms, update to version 3.3.27 immediately to protect your site from remote code execution attacks.

OT Cybersecurity Sector Fears AI Exclusion
As artificial intelligence revolutionizes software security, the operational technology cybersecurity sector is sounding the alarm: will experts who safeguard factories, grids, and industrial sites be left behind? Pure-play OT security firms are pushing for a seat at the table, fearing they may be sidelined by the latest AI-driven initiatives.

Anthropic AI Model Exposes Thousands of Zero-Day Vulnerabilities
Imagine a super-smart AI tool that can uncover thousands of hidden software flaws that nobody knew existed - and what happens when that powerful technology falls into the wrong hands? A new AI model from Anthropic has raised the stakes, leaving cybersecurity experts worried about a surge in zero-day vulnerabilities.

Apache ActiveMQ Flaw Exposes Systems to Remote Code Execution
A critical security flaw in Apache ActiveMQ Classic, hidden for over 13 years, allows remote code execution, putting vulnerable systems at risk of arbitrary command execution. This long-undetected vulnerability highlights the importance of staying vigilant and proactive in identifying and addressing potential security threats.

MDR Bolsters Cyber Defenses for Strained Education, SLTT Teams
As cyber threats escalate, state, local, tribal, and territorial governments and education institutions face a pressing challenge: defending against increasingly sophisticated attacks with limited personnel and budgets. Managed Detection Response (MDR) offers a vital lifeline, bolstering cyber defenses without adding headcount or complexity.

GPU Price Doesn't Dictate Password Cracking Success
You don't need to break the bank on cutting-edge AI hardware to crack weak passwords - a recent study found that a $30,000 GPU doesn't outperform readily available consumer cards, proving that attackers can succeed with everyday tech.

Anthropic Deploys AI to Autonomously Fix Software Vulnerabilities
Imagine an AI that can proactively hunt down and fix hidden software vulnerabilities in critical systems before hackers can exploit them - Anthropic's new Project Glasswing is making this a reality with its cutting-edge AI model, Claude Mythos Preview. This groundbreaking initiative has the potential to revolutionize cybersecurity, but also raises intriguing questions about its capabilities and implications.

Identity Fragmentation Exposes Growing Enterprise Security Risks
As organizations scale, identities are scattering across apps, teams, and systems, creating a blind spot in centralized view and giving rise to what The Hacker News calls Identity Dark Matter. This fragmented state of modern enterprise identity is pushing IAM to the breaking point, exposing growing security risks that demand attention.

Claude AI Uncovers 13-Year-Old Apache ActiveMQ Bug
Meet the AI that just uncovered a 13-year-old secret: Anthropic's Claude helped researchers discover a long-hidden vulnerability in Apache ActiveMQ Classic, a flaw that had been quietly lurking for over a decade. This groundbreaking find is a testament to the power of AI-assisted research in uncovering even the most elusive bugs.

Microsoft Deploys Fix for Windows Start Menu Search Disruption
Microsoft has swiftly deployed a server-side fix to resolve a frustrating issue that left some Windows 11 23H2 users unable to access the Start Menu search feature. This quick action means you should now be able to search with ease again.

Researchers bypass Grafana AI with stealthy data exfiltration technique
Imagine a tool meant to reveal operational insights being turned into a stealthy spy, siphoning off sensitive corporate secrets - that's what happened when researchers exploited Grafana's AI with a cunning technique called indirect prompt injection. Dubbed GrafanaGhost, this attack bypasses Grafana's defenses, exfiltrating data without leaving a digital trail.

Kaspersky Report Exposes Shifting Cyberattack Landscape
Get ready to face the future of cyber threats! The Kaspersky Security Services report delivers eye-opening insights into the evolving cyberattack landscape, combining real-world incident response findings with hard data from its Managed Detection and Response service.

APAC Firms Scramble to Bolster Cloud Security Amid Rising Identity Risks
As APAC firms rush to adopt cloud technology, they're faced with a daunting dilemma: do they risk advancing without a plan, or delay and let identity-related risks leave them vulnerable? With identity issues already causing the majority of cloud breaches in the region, the clock is ticking to get cloud security right.

Unit 42 Research Exposes Risks in Amazon Bedrock's Multi-Agent AI Systems
Unit 42's latest research reveals a hidden threat: multi-agent AI systems on Amazon Bedrock can be vulnerable to new and alarming risks, including prompt injection attacks that practitioners can't afford to ignore. Learn how to safeguard your AI applications from these emerging threats.

Vulnerabilities Exposed in Amazon Bedrock AgentCore Sandbox
Security researchers at Unit 42 have uncovered critical vulnerabilities in Amazon Bedrock AgentCore's sandbox, revealing that a protective layer meant to separate code and services can be breached using DNS tunneling, exposing sensitive credentials in the process. This alarming discovery highlights the potential risks of slipping through the cracks of a supposedly secure system.

Iran's Mine Threat Disrupts Shipping Lanes
A single report of a sea mine can bring shipping lanes to a standstill, highlighting the powerful ripple effect of information in today's fast-paced maritime world. Even the mere rumor of a mine can disrupt vital waterways, as seen in the Strait of Hormuz, where news reports can quickly translate to real-world delays.

Indonesia's Naval Plans Bolstered by Aircraft Carrier Acquisition
Indonesia is taking a giant leap in its military modernization efforts with plans to acquire an aircraft carrier, a strategic move that will bolster its naval capabilities and protect its maritime interests in the region. This ambitious acquisition has sparked debate and curiosity among analysts and policymakers, who are eager to see how it will enhance the country's defense posture.