Critical Nvidia Security Flaw Exposes Cloud AI Systems to Host Takeover

A stark warning from researchers at Wiz after discovering a TOCTOU (Time-of-check Time-of-Use) vulnerability that exposes enterprise cloud environments to code execution, information disclosure and data tampering attacks. Read More

National Public Data Published Its Own Passwords
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. Read More

Tech contractor exposes data of 4.6 million US voters
The databases, which lacked any password protection, included highly sensitive personal information such as full names, addresses, dates of birth, Social Security numbers, and driver’s license numbers. Read More

Hackers leak documents stolen from Pentagon contractor Leidos
Leidos serves prominent clients including the US Department of Defense (DOD), the Department of Homeland Security (DHS), NASA, and various other US and foreign agencies. Read More

Cisco warns of appliances vulnerable to RegreSSHion vulnerability
Cisco said dozens of its networking and communications devices are likely vulnerable to a recently disclosed SSH vulnerability. Read More

CISA warns chemical facilities may have been hacked in CSAT breach
Attacker may have site security plans for chemical facilities all over the US, CISA warns. Read More

Researchers Urge Immediate Action on New EmailGPT Vulnerability Exposing Users to Data Breach
The implications of this EmailGPT vulnerability are profound. Read More

NATO Draws a Cyber Red Line in Tensions With Russia
This is clearly a strong and coordinated statement by NATO allies warning Russia to curtail the activity of APT28. Read More

Lessons From LOCKED SHIELDS 2024 Cyber Exercise
The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that it plans to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist. Read More

Russian Sandworm Hackers Pose As Hacktivists In Water Utility Breaches
The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. Read More