Tag: infosecurity magazine
36 articles

PromptFix attacks: Must-Have Defenses vs Risky Threats
Researchers warn of a new PromptFix attack that hijacks the prompts and data feeding agentic AIs, letting attackers steer, confuse, or corrupt assistants without touching the underlying models. As these agents enter everyday tools, layered protections like provenance checks, least‑privilege actions, and better monitoring are essential to keep them safe.

voice cloning: Must-Have Protection Against Scams
Imagine a familiar celebrity voice demanding an urgent payment to lock in a sponsorship — it might be a scam. With voice cloning on the rise, executives and creators should use simple verification steps and tighter processes to protect budgets, reputations, and relationships.

SAP NetWeaver flaw: Urgent Critical Risk, Must-Have Fix
A critical, unauthenticated RCE in SAP NetWeaver AS Java now has exploit code in the wild, meaning internet-facing servers can be commandeered without credentials. If you run NetWeaver, inventory exposed instances and apply patches or network mitigations immediately—this isn’t a routine update, it’s an emergency.

VPN extension Risky: Stunning Privacy Betrayal
Thought your VPN extension kept you private? Researchers found a popular Chrome add-on quietly turned into spyware, exfiltrating browsing data—time to audit your extensions and stick with reputable, audited tools.

iiNet data breach: Risky Stunning 280k Exposed
Worried about the data you hand to your ISP? A recent iiNet incident exposed over 280,000 customer records—here’s what happened, who’s at risk, and simple steps you can take to protect yourself.

USB-borne campaign: Critical, Risky Cryptominer Threat
A new global USB-borne campaign turns everyday thumb drives into stealthy cryptomining engines by chaining DLL hijacking with PowerShell — quietly draining CPU/GPU power and sidestepping network defenses. Treat unknown USBs as hostile: disable autorun, use scanned maintenance drives, and harden endpoints to block this low‑tech delivery of high‑tech abuse.

mass account breach: Stunning 20-Month Sentence, Risky
A recent 20-month prison sentence for Al-Tahery Al-Mashriky after a mass account breach forces a sharp rethink of where digital protest ends and criminal harm begins. The case highlights tough questions about cybersecurity, proportional justice, and the real-world fallout for ordinary users caught in online activism.

OT security taxonomy: Must-Have, Best Defense Framework
Imagine industrial control systems finally speaking the same security language — the US and five partners unveiled a unified OT taxonomy and common asset inventory to cut through confusion, speed incident response, and make cross-border coordination far easier. If widely adopted, this shared framework could turn fragmented asset lists into actionable data, helping operators and defenders act faster when it matters most.

AI-generated code: Risky Threats & Must-Have Fixes
A new Checkmarx study reveals a surprising and worrying trend: AI-generated code now makes up over 60% of some codebases—and much of it contains known vulnerabilities—so the same tools that speed development can also widen your attack surface. Treat AI suggestions like draft work: add automated scans, clear guardrails, and reviewer sign-off to keep convenience from turning into a systemic security risk.

malvertising campaign: Exclusive Dangerous PS1Bot Threat
What if the ads you trust were actually a backdoor? A new malvertising campaign is quietly using compromised ad networks to deploy PS1Bot — a modular PowerShell malware that runs in memory, evades traditional defenses, and can turn ordinary browsers into footholds for wider attacks.

storytelling jailbreak: Stunning Risky Threat Exposed
A new storytelling jailbreak shows how crafty prompts can hide dangerous requests inside fiction to coax GPT-5 past its safeguards. That loophole exposes real risks for safety, trust, and policy — and pushes developers to build smarter, context-aware defenses.

Hackers Breach Dutch Lab: Stunning Privacy Risk
Half a million people who trusted a Dutch cancer‑screening lab with their most intimate health details have had that trust shattered after hackers stole sensitive records — a breach that threatens patient privacy, public‑health confidence, and the future of screening programs. As investigators work to pin down the scope, this crisis is a clear wake‑up call for stronger cybersecurity, better policies, and swift support for those affected.