Vulnerability Discovered in AI-Enabled Children’s Toy Reveals Sensitive Data In a concerning incident this month, security researcher Joseph Thacker uncovered a significant vulnerability in Bondus, a line of stuffed dinosaur toys equipped with artificial intelligence chat functions aimed at children. The toy allows kids to engage in interactive conversations, functioning…
Urgent updates are once again necessary for websites running on Drupal. This marks the third critical patch release in the span of just 30 days, following a recent notification from the Drupal team regarding a significant remote code execution (RCE) vulnerability affecting versions 7 and 8 of its core software.…
Critical Vulnerability Resurfaces in Oracle WebLogic Server Earlier this month, Oracle issued a patch addressing a significant Java deserialization remote code execution vulnerability in its WebLogic Server component, part of the Fusion Middleware suite. This flaw, identified as CVE-2018-2628, poses a severe threat, potentially allowing attackers to gain complete control…
Recent developments within U.S. immigration enforcement agencies indicate a troubling shift in tactics that could have significant implications for civil liberties and public safety. Echoing the adage that “war is politics by other means,” state-sponsored violence—specifically actions taken by Immigration and Customs Enforcement (ICE)—has escalated under the guidance of White…
A recent case underscores the persistent threat posed by cybersecurity breaches, particularly within government systems. **Konrads Voits**, a young hacker from Ypsilanti, Michigan, has been sentenced to over seven years in prison for attempting to breach the Washtenaw County Jail’s computer system. His objective was to manipulate prison records in…
Security Professionals Settle Lawsuit Following Unauthorized Arrest During Courthouse Assessment Two security experts, arrested in 2019 while conducting a sanctioned security evaluation of a courthouse in Iowa, have agreed to a $600,000 settlement in a lawsuit alleging wrongful arrest and defamation. Gary DeMercurio and Justin Wynn, penetration testers affiliated with…
Recent findings from security researchers indicate that some hacking groups have discovered a method to circumvent a critical security feature within Microsoft Office 365, aimed at safeguarding users from phishing and malware threats. Known as Safe Links, this feature is bundled with Microsoft’s Advanced Threat Protection (ATP) and operates by…
Recent discussions among cybersecurity experts highlight serious concerns regarding data privacy in AI-enabled toys, with specific focus on Bondu, a company producing these products. Security researchers Margolis and Thacker have raised alarms over access to sensitive user data, questioning how many employees within these organizations can view such information, the…
As businesses brace for vulnerabilities in their systems, Microsoft has announced the release of critical security patches during the May 2018 Patch Tuesday. This update addresses a staggering 67 security vulnerabilities, including two zero-day exploits under active attack by cybercriminals, a situation that demands immediate attention from organizations across various…