Cybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith isRead More »LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
The Washington Post was the subject of a cyberattack.
Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe. The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan’s National Taxation Bureau,Read More »Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
GreyNoise warns of a spike in exploitation attempts targeting a two-year-old vulnerability in Zyxel firewalls. The post Zyxel Firewall Vulnerability Again in Attacker Crosshairs appeared first on SecurityWeek.
The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun to target major insurance companies, according to Google Threat Intelligence Group (GTIG). “Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarksRead More »Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms
Google is warning insurance companies that Scattered Spider appears to have shifted its focus from the retail sector. The post US Insurance Industry Warned of Scattered Spider Attacks appeared first on SecurityWeek.
Research has identified an unencrypted, non-password-protected database containing 170,360 records.
Cloud security startup Circumvent has raised $6 million to develop a network of agents for autonomous prioritization and remediation. The post Circumvent Raises $6 Million for Cloud Security Platform appeared first on SecurityWeek.
For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or staleRead More »Are Forgotten AD Service Accounts Leaving You at Risk?
If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you’re safe for another day. But theRead More »Where AI Provides Value
