Category: vulnerabilities

Auto Added by WPeMatico

Time-of-Check Time-of-Use Attacks Against LLMs

Posted on By infossl
academic papers, cyberattack, LLM, Security technology, Uncategorized, vulnerabilities

This is a nice piece of research: “Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents“.: Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection) and data-oriented threats (e.g., data … Read More “Time-of-Check Time-of-Use Attacks Against LLMs” »

Lawsuit About WhatsApp Security

Posted on By infossl
facebook, Security technology, Uncategorized, vulnerabilities, whatsapp, whistleblowers

Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passed in 2002, said that in … Read More “Lawsuit About WhatsApp Security” »

Google Project Zero Changes Its Disclosure Policy

Posted on By infossl
disclosure, google, patching, Security technology, Uncategorized, vulnerabilities

Google’s vulnerability finding team is again pushing the envelope of responsible disclosure: Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period allowed for patch adoption if the bug is fixed before the deadline. However, … Read More “Google Project Zero Changes Its Disclosure Policy” »

Spying on People Through Airportr Luggage Delivery Service

Posted on By infossl
air travel, hacking, Security technology, Uncategorized, vulnerabilities

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage. … Read More “Spying on People Through Airportr Luggage Delivery Service” »

Microsoft SharePoint Zero-Day

Posted on By infossl
exploits, hacking, microsoft, Security technology, Uncategorized, vulnerabilities, zero-day

Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of active exploitation of the vulnerability, which affects … Read More “Microsoft SharePoint Zero-Day” »

Another Supply Chain Vulnerability

Posted on By infossl
china, risks, Security technology, supply chain, Uncategorized, vulnerabilities

ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found. The arrangement, which was critical to Microsoft winning the federal government’s cloud computing … Read More “Another Supply Chain Vulnerability” »

Security Vulnerabilities in ICEBlock

Posted on By infossl
anonymity, ios, privacy, Security technology, Uncategorized, vulnerabilities

The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making false promises regarding user … Read More “Security Vulnerabilities in ICEBlock” »

New Linux Vulnerabilities

Posted on By infossl
linux, passwords, Security technology, Uncategorized, vulnerabilities

They’re interesting: Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. […] “This means that if a local attacker manages to induce a … Read More “New Linux Vulnerabilities” »

CVE Program Almost Unfunded

Posted on By infossl
cybersecurity, dhs, national security policy, Security technology, Uncategorized, vulnerabilities

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common … Read More “CVE Program Almost Unfunded” »