CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager ...

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.

Google says hackers are abusing Gemini AI for all attacks stages

Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in ...
IEEE

Trident: Detecting SQL Injection Attacks via Abstract Syntax Tree-based Neural Network

Abstract: SQL injection attacks have posed a significant threat to web applications for decades. They obfuscate malicious codes into natural SQL statements so as to steal sensitive data, making them ...
New York Post

Death by nature? These states are where you’re most likely to die from an animal attack

It’s a jungle out there, ya’ll! Texas tops the list for fatal animal attacks in the United States, according to a recent study which found 1,604 animal-related deaths reported nationwide between 2018 ...
The New York Times

Australian Boy, 12, Dies After Shark Attack Near Sydney

Nico Antic died in a hospital after a shark bit him in the legs, the first of several recent shark attacks along Australia’s southeastern coast. By John Yoon A 12-year-old boy died on Saturday after ...
Reuters

Iran will treat any attack as 'all-out war against us,' says senior Iran official

Jan 23 (Reuters) - Iran will treat any attack "as an all-out war against us," a senior Iranian official said on Friday, ahead of the arrival of a U.S. military aircraft carrier strike group and other ...
CSOonline

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...
Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

The North Korean threat actors behind the Contagious Interview campaign are employing a new mechanism that uses Microsoft Visual Studio Code to deliver a previously unseen backdoor that enables remote ...
IEEE

SQL Injection in LLM-Generated Queries: Systematic Analysis of Detection Gaps and Security Risks

Abstract: Large language models (LLMs) are being woven into software systems at a remarkable pace. When these systems include a back-end database, LLM integration opens new attack surfaces for SQL ...
Ars Technica

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white ...
Ars Technica

ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

There’s a well-worn pattern in the development of AI chatbots. Researchers discover a vulnerability and exploit it to do something bad. The platform introduces a guardrail that stops the attack from ...