Wiz, a cloud security organization, has disclosed a recently patched vulnerability in Microsoft’s Azure Cosmos database that posed a significant risk by allowing unauthorized users to gain full administrative access to the database instances of other customers. This vulnerability, named “ChaosDB,” was particularly alarming due to its potential for exploitation…
Phishing Campaigns Targeting Booking.com Users Raise Security Concerns Recent reports highlight a sophisticated phishing campaign aimed primarily at Windows users, as detailed by cybersecurity experts. The attackers exploit compromised accounts from hotels listed on Booking.com or similar online travel services. By leveraging the sensitive information available in these accounts, they…
On Thursday, Microsoft issued a significant warning regarding an extensive email campaign distributing the Java-based STRRAT malware, which disguises itself as ransomware while stealing sensitive information from compromised systems. According to the Microsoft Security Intelligence team, this Remote Access Trojan (RAT) is notorious for mimicking ransomware by adding the file…
Key Insights: Cisco researchers identified significant security vulnerabilities in several popular open-weight AI models. Multi-turn adversarial attacks were found to be substantially more effective than single interactions. These findings highlight critical concerns regarding AI safety, data privacy, and the integrity of AI models. Cisco has uncovered critical security vulnerabilities in…
Apple Releases Critical Security Updates Addressing Password Vulnerabilities and Audio Privacy Issues Apple has recently issued important updates for iOS and iPadOS targeting two significant security vulnerabilities. One of these flaws has the potential to expose users’ saved passwords via the VoiceOver assistive technology, raising alarm among cybersecurity experts. The…
Recent developments in the realm of artificial intelligence have brought to light a serious vulnerability affecting encrypted communications. Dubbed ‘Whisper Leak,’ this sophisticated side-channel attack, disclosed by Microsoft researchers, has the potential to glean sensitive information from encrypted traffic directed at large language models (LLMs). As outlined in a recent…
Microsoft has announced the release of security updates addressing 118 vulnerabilities in its software suite, two of which have been identified as actively exploited vulnerabilities in the wild. Among these vulnerabilities, three have been classified as Critical, while 113 are rated Important, and two are deemed Moderate. Notably, this Patch…
Microsoft is set to launch an update for Teams, rolling out targeted releases by early November 2025 and expected to reach a global audience by January 2026. This new feature enables users to initiate chats using only an email address, allowing for communication with recipients who do not have Teams…
On Tuesday, Microsoft publicly acknowledged that the LAPSUS$ hacking group had achieved “limited access” to its systems, coinciding with a revelation from Okta, an identity authentication services provider, indicating that nearly 2.5% of its customer base may have been affected by the breach. Microsoft’s Threat Intelligence Center (MSTIC) confirmed that…
