infosecintel – Page 39 – Curated Information Security Articles and Threat Intelligence News

6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

August 7, 2025

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. “The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis CameraRead More »6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

August 7, 2025

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. “We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability,” the companyRead More »SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites

August 7, 2025

A desync attack method leveraging HTTP/1.1 vulnerabilities impacted many websites and earned researchers more than $200,000 in bug bounties. The post New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites appeared first on SecurityWeek.

Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation

August 6, 2025

Zenity has shown how AI assistants such as ChatGPT, Copilot, Cursor, Gemini, and Salesforce Einstein can be abused using specially crafted prompts. The post Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation appeared first on SecurityWeek.

Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities

August 6, 2025

CyberArk has patched several vulnerabilities that could be chained for unauthenticated remote code execution. The post Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities appeared first on SecurityWeek.

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

August 6, 2025

Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, whoRead More »Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

August 6, 2025

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNSRead More »Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

Google Discloses Data Breach via Salesforce Hack

August 6, 2025

A Google Salesforce instance may have been targeted as part of a ShinyHunters campaign that hit several major companies. The post Google Discloses Data Breach via Salesforce Hack appeared first on SecurityWeek.

PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins

August 6, 2025

Splunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion. The post PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins appeared first on SecurityWeek.

WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says

August 6, 2025

Meta linked these scams to a criminal scam center in Cambodia — and said it disrupted the campaign in partnership with ChatGPT maker OpenAI. The post WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says appeared first on SecurityWeek.

« Previous
1
…
37
38
39
40
41
…
187
Next »