Category: vulnerabilities

Auto Added by WPeMatico

Autonomous AI Hacking and the Future of Cybersecurity

Posted on By infossl
AI, cyberattack, hacking, LLM, Security technology, Uncategorized, vulnerabilities

AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer, hackers proved the concept, industry institutionalized it, and … Read More “Autonomous AI Hacking and the Future of Cybersecurity” »

Apple’s New Memory Integrity Enforcement

Posted on By infossl
apple, cybersecurity, hardware, integrity, Security technology, Uncategorized, vulnerabilities

Apple has introduced a new hardware/software security feature in the iPhone 17: “Memory Integrity Enforcement,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired: In recent years, a movement has been steadily growing across the global tech industry to address a ubiquitous and insidious … Read More “Apple’s New Memory Integrity Enforcement” »

Time-of-Check Time-of-Use Attacks Against LLMs

Posted on By infossl
academic papers, cyberattack, LLM, Security technology, Uncategorized, vulnerabilities

This is a nice piece of research: “Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents“.: Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection) and data-oriented threats (e.g., data … Read More “Time-of-Check Time-of-Use Attacks Against LLMs” »

Lawsuit About WhatsApp Security

Posted on By infossl
facebook, Security technology, Uncategorized, vulnerabilities, whatsapp, whistleblowers

Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passed in 2002, said that in … Read More “Lawsuit About WhatsApp Security” »

Google Project Zero Changes Its Disclosure Policy

Posted on By infossl
disclosure, google, patching, Security technology, Uncategorized, vulnerabilities

Google’s vulnerability finding team is again pushing the envelope of responsible disclosure: Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period allowed for patch adoption if the bug is fixed before the deadline. However, … Read More “Google Project Zero Changes Its Disclosure Policy” »

Spying on People Through Airportr Luggage Delivery Service

Posted on By infossl
air travel, hacking, Security technology, Uncategorized, vulnerabilities

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage. … Read More “Spying on People Through Airportr Luggage Delivery Service” »

Microsoft SharePoint Zero-Day

Posted on By infossl
exploits, hacking, microsoft, Security technology, Uncategorized, vulnerabilities, zero-day

Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of active exploitation of the vulnerability, which affects … Read More “Microsoft SharePoint Zero-Day” »

Another Supply Chain Vulnerability

Posted on By infossl
china, risks, Security technology, supply chain, Uncategorized, vulnerabilities

ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found. The arrangement, which was critical to Microsoft winning the federal government’s cloud computing … Read More “Another Supply Chain Vulnerability” »

Security Vulnerabilities in ICEBlock

Posted on By infossl
anonymity, ios, privacy, Security technology, Uncategorized, vulnerabilities

The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making false promises regarding user … Read More “Security Vulnerabilities in ICEBlock” »