The Breach News

Unveiling AI Secrets Hidden in Encrypted Shadows

Recent developments in the realm of artificial intelligence have brought to light a serious vulnerability affecting encrypted communications. Dubbed ‘Whisper Leak,’ this sophisticated side-channel attack, disclosed by Microsoft researchers, has the potential to glean sensitive information from encrypted traffic directed at large language models (LLMs). As outlined in a recent…

Read MoreUnveiling AI Secrets Hidden in Encrypted Shadows

Qualcomm Calls on OEMs to Address Critical DSP and WLAN Vulnerabilities as Exploits Are Underway

Qualcomm has issued security updates responding to nearly two dozen vulnerabilities affecting both proprietary and open-source components. Among these, a particularly severe flaw has been identified, which is reportedly under active exploitation in the field. This high-severity vulnerability, designated as CVE-2024-43047 with a CVSS score of 7.8, has been characterized…

Read MoreQualcomm Calls on OEMs to Address Critical DSP and WLAN Vulnerabilities as Exploits Are Underway

Malware Attack Targeting South Korean Entities Attributed to Andariel Group

A recent malware campaign has been uncovered, targeting South Korean organizations, specifically attributed to the North Korean hacking group Andariel. This development highlights the ongoing evolution of tactics employed by state-sponsored actors, particularly within the Lazarus Group, which has been consistently adapting its methodologies to enhance operational effectiveness. Kaspersky, a…

Read MoreMalware Attack Targeting South Korean Entities Attributed to Andariel Group

For OT Cyber Defenders, Insufficient Data Poses the Greatest Threat

The State of Operational Technology Security: A Sector Lagging Behind As cyber defenders focus on securing operational technology (OT) and industrial control systems (ICS), a significant challenge emerges: the scarcity of actionable data. Unlike their IT counterparts, OT operators often lack comprehensive logging capabilities, which hampers incident response efforts. According…

Read MoreFor OT Cyber Defenders, Insufficient Data Poses the Greatest Threat

Cycode Report Highlights: Shadow AI Emerges as a Major Blind Spot in Enterprise Security

A recent report from Cycode underscores the burgeoning challenges surrounding AI integration in enterprise software development. According to their findings, businesses face a profound “Shadow AI” crisis, where the rapid uptake of AI technologies has eclipsed the capacity of security teams to effectively manage the associated risks. The State of…

Read MoreCycode Report Highlights: Shadow AI Emerges as a Major Blind Spot in Enterprise Security

Microsoft Releases Security Update Addressing 118 Vulnerabilities, Including Two Under Active Exploitation

Microsoft has announced the release of security updates addressing 118 vulnerabilities in its software suite, two of which have been identified as actively exploited vulnerabilities in the wild. Among these vulnerabilities, three have been classified as Critical, while 113 are rated Important, and two are deemed Moderate. Notably, this Patch…

Read MoreMicrosoft Releases Security Update Addressing 118 Vulnerabilities, Including Two Under Active Exploitation