Around 87,000 IPs are likely susceptible to a Fortinet vulnerability that the Cybersecurity and Infrastructure Security Agency put on its "must patch" list last week because attackers are actively exploiting it, according to data from the nonprofit Shadowserver Foundation. The number was at 87,930 on Saturday before dropping slightly to 86,602 on Sunday. CISA placed the critical remote code execution vulnerability on its Known Exploited Vulnerability list. READ MORE...
Game Freak, the company behind the Pokémon franchise, is dealing with a security breach that has compromised the data of more than 2,600 employees and partners. The data leak first came to light on a forum known as 4chan earlier this month before it began circulating on social media and other online forums. Coined "TeraLeak," the breach contains multiple gigabytes of information according to Centro Leaks, a Pokémon leak monitoring account. READ MORE...
A Houston-based services provider to healthcare organizations says a crook may have grabbed up to 400,000 people's information after the miscreant accessed the systems of one of its customers. Gryphon Healthcare, which provides revenue cycle and management services, said patients' names, dates of birth, addresses, and Social Security numbers were all potentially accessed by a malicious attacker. READ MORE...
Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. "Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files," a Cisco spokesperson told BleepingComputer. "We have launched an investigation to assess this claim, and our investigation is ongoing." READ MORE...
Splunk on Monday announced fixes for 11 vulnerabilities in Splunk Enterprise, two of which are high-severity bugs leading to remote code execution on Windows systems. The most severe of the flaws is CVE-2024-45733 (CVSS score of 8.8), an insecure session storage configuration issue that could allow a user without 'admin' or 'power' Splunk roles to execute code remotely. According to Splunk, only instances running on Windows machines are affected by this vulnerability. READ MORE...
What if there was a way to sneak malicious instructions into Claude, Copilot, or other top-name AI chatbots and get confidential data out of them by using characters large language models can recognize and their human users can't? As it turns out, there was-and in some cases still is. The invisible characters, the result of a quirk in the Unicode text encoding standard, create an ideal covert channel that can make it easier for attackers to conceal malicious payloads fed into an LLM. READ MORE...
For a while now, companies like OpenAI and Google have been touting advanced "reasoning" capabilities as the next big step in their latest artificial intelligence models. Now, though, a new study from six Apple engineers shows that the mathematical "reasoning" displayed by advanced large language models can be extremely brittle and unreliable in the face of seemingly trivial changes to common benchmark problems. READ MORE...
Multiple robot vacuum cleaners in the US were hacked to yell obscenities and insults through the onboard speakers. ABC news was able to confirm reports of this hack in robot vacuum cleaners of the type Ecovacs Deebot X2, which are manufactured in China. Ecovacs is considered the leading service robotics brand, and is a market leader in robot vacuums. One of the victims, Minnesota lawyer Daniel Swenson, said he heard sound snippets that seemed similar to a voice coming from his vacuum cleaner. READ MORE...