OpenAI Enhances Cybersecurity Efforts with New Tools and Initiatives
OpenAI has launched several cybersecurity initiatives, including an upgraded AI model for vulnerability detection and a program aimed at supporting open-source projects.
Category Security & Privacy
Ciberseguridad, vulnerabilidades y privacidad
Supply Chain Attack Compromises ShapedPlugin WordPress Pro Plugins
A supply chain attack has led to the compromise of multiple Pro plugins from ShapedPlugin, affecting users who installed updates through official channels.
Gizmodo Users Targeted by ClickFix Malware Following Account Breach
Gizmodo has confirmed a security incident that exposed readers to ClickFix malware prompts after a compromised account was exploited. Windows users were particularly at risk from the attack.
Operation Endgame Disrupts SocGholish Infrastructure and Cleans Infected WordPress Sites
A collaborative effort by law enforcement agencies has led to the disruption of SocGholish's malicious infrastructure, impacting nearly 15,000 WordPress sites worldwide.
AutoJack Attack Exploits AI Agent for Remote Code Execution
A newly identified exploit chain, named AutoJack, allows attackers to leverage an AI browsing agent for unauthorized code execution on local machines. This vulnerability affects specific pre-release versions of Microsoft's AutoGen Studio.
Exploitation of Gravity SMTP Plugin Vulnerability Exposes Sensitive Data
A security flaw in the Gravity SMTP WordPress plugin has been exploited by attackers to access sensitive information from approximately 100,000 sites. The vulnerability allows unauthenticated access to configuration data, including API keys and secrets.
Amazon’s Shift Away from ‘Human-in-the-Loop’ AI Governance
Amazon's VP of Security, Eric Brandwine, discusses the limitations of human oversight in AI systems, advocating for a new approach to governance.
The Gentlemen RaaS Leverages GentleKiller Framework to Target Security Processes
The Gentlemen ransomware-as-a-service (RaaS) operation is utilizing a sophisticated suite of endpoint detection and response (EDR) killers, primarily through its GentleKiller framework, to compromise security measures before deploying ransomware.
Unpatchable ‘usbliter8’ Exploit Compromises Apple A12 and A13 SecureROM
A newly disclosed exploit, 'usbliter8,' allows arbitrary code execution within the SecureROM of Apple's A12 and A13 chips, posing significant risks for affected devices.
The Transition to Agentic AI in Threat Management
The evolution from assistive to agentic AI is reshaping how enterprises manage security threats, emphasizing the need for proactive, autonomous systems.
