39 Million Secrets Leaked on GitHub in 2024
GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected. The post 39 Million Secrets Leaked on GitHub in 2024 appeared first on SecurityWeek.
Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy
Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’. The post Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy appeared first on SecurityWeek.
Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering
Adaptive is pitching a security platform designed to replicate real-world attack scenarios through AI-generated deepfake simulations. The post Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering appeared first on SecurityWeek.
Vulnerabilities Expose Jan AI Systems to Remote Manipulation
Vulnerabilities in open source ChatGPT alternative Jan AI expose systems to remote, unauthenticated manipulation. The post Vulnerabilities Expose Jan AI Systems to Remote Manipulation appeared first on SecurityWeek.
Cyberhaven Banks $100 Million in Series D, Valuation Hits $1 Billion
Cyberhaven bags $100 million in funding at a billion-dollar valuation, a sign that investors remain bullish on data security startups. The post Cyberhaven Banks $100 Million in Series D, Valuation Hits $1 Billion appeared first on SecurityWeek.
AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor
The rise of zero-knowledge threat actors powered by AI marks a turning point in the business of cybercrime where sophisticated attacks are no longer confined to skilled attackers. The post AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor appeared first on SecurityWeek.
Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses
DeepMind found that current AI frameworks are ad hoc, not systematic, and fail to provide defenders with useful insights. The post Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses appeared first on SecurityWeek.
North Korea’s IT Operatives Are Exploiting Remote Work Globally
The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk—using fake identities, remote access, and extortion to compromise organizations. The post North Korea’s IT Operatives Are Exploiting Remote Work Globally appeared first on SecurityWeek.
ImageRunner Flaw Exposed Sensitive Information in Google Cloud
Google has patched a Cloud Run vulnerability dubbed ImageRunner that could have been exploited to gain access to sensitive data. The post ImageRunner Flaw Exposed Sensitive Information in Google Cloud appeared first on SecurityWeek.
Rational Astrologies and Security
John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identifiedRead More »Rational Astrologies and Security