Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning,… Read More »Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
This week was a total digital dumpster fire! Hackers were like, “Let’s cause some chaos!” and went after everything from our browsers to those fancy cameras that zoom and spin.… Read More »THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 – Nov 03)
German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. “The… Read More »German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant… Read More »Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine
As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit… Read More »Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)
Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal… Read More »New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls
U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to… Read More »Inside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at… Read More »5 SaaS Misconfigurations Leading to Major Fu*%@ Ups
Cybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed… Read More »Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned
Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given… Read More »Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft