A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is… Read More »LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis… Read More »One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is… Read More »⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary… Read More »The Onboarding Password Mistake That Creates Unnecessary Risk
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site… Read More »Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans… Read More »152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The… Read More »Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations.… Read More »Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability,… Read More »Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Anthropic said on Friday it will “abruptly disable” its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it… Read More »U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals