ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads aff...
Amazon
20 articles
CrewAI Hit by Critical Vulnerabilities Enabling Sandbox Escape and Host Compromise
CrewAI, a prominent tool used by developers to orchestrate multi-agent AI systems, is currently vulnerable to a chain of critical security flaws. By using di...
OkCupid, Match Group settle with FTC over unlawful data sharing with AI firm
Dating app OkCupid and its parent company Match Group Americas have reached a settlement with the Federal Trade Commission, following the latter's lawsuit th...
New compliance guide available: ISO/IEC 27001:2022 on AWS
We’re excited to announce the release of our latest compliance guide, ISO/IEC 27001:2022 on AWS, which provides practical guidance for organizations designin...
Amazon sends AI agents into pen testing and DevOps
Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent. “These agents are changin...
Maryland Man Charged Over $53m Uranium Finance Crypto Hack
Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds
TeamPCP Moves From OSS to AWS Environments
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Mo...
What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection
Stop the noise and scale your cloud security. Our latest updates introduce custom policy automation via Explorer, AWS ABAC support for true least privilege, ...
OpenAI patches twin leaks as Codex slips and ChatGPT spills
OpenAI has fixed two flaws in its AI stack that could allow AI agents to move sensitive data in unintended ways. The issues, disclosed by researchers at Beyo...
PNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive Data
Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network G...
Claude AI Uncovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Security researchers at Calif recently demonstrated the evolving power of artificial intelligence in vulnerability research by using Claude AI to uncover zer...
Major services accessible via exposed API keys, report finds
Nearly 2,000 API credentials enabling access to AWS, OpenAI, GitHub, and Stripe have been observed by Stanford University researchers to be exposed across 10...
LangChain path traversal bug adds to input validation woes in AI pipelines
Security researchers are warning that applications using AI frameworks without proper safeguards can expose sensitive information in basic, yet critical, non...
European Commission Confirms Cloud Data Breach
The European Commission has revealed details of a data breach impacting its AWS infrastructure
Critical Grafana Flaws Allow Attackers to Achieve Remote Code Execution
Grafana Labs has rolled out critical security updates to address two severe vulnerabilities impacting its widely used analytics and interactive visualization...
ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit t...
ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit t...
European Commission Confirms Cyberattack After AWS Account Breach
The European Commission has confirmed a cybersecurity incident affecting its cloud-based infrastructure after attackers gained access to an Amazon Web Servic...
European Commission data stolen in a cyberattack on the infrastructure hosting its web sites
The European Commission is continuing to investigate the theft of data from its cloud infrastructure earlier this week. On Thursday, the Commission revealed ...
BIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash Servers
The Internet Systems Consortium (ISC) has released critical security advisories addressing three new vulnerabilities in the widely used BIND 9 Domain Name Sy...