Please turn on your JavaScript for this page to function normally.
industry
Web-based PLC malware: A new potential threat to critical infrastructure

A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced …

ransomware
What makes ransomware victims less likely to pay up?

There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more. University of Twente …

CloudFoxable
CloudFoxable: Open-source AWS penetration testing playground

CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to …

Bosch Rexroth NXA015S
Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that …

artificial intelligence
Securing AI systems against evasion, poisoning, and abuse

Adversaries can intentionally mislead or “poison” AI systems, causing them to malfunction, and developers have yet to find an infallible defense against this. In …

server room
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 …

SSH
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the …

Windows injection
“Pool Party” process injection techniques evade EDRs

SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool …

passwords
Many popular websites still cling to password creation policies from 1985

A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. …

GenAI
Researchers automated jailbreaking of LLMs with other LLMs

AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an …

Best EDR of the market
Open-source AV/EDR bypassing lab for training and learning

Best EDR Of The Market is a user-mode endpoint detection and response (EDR) project designed to serve as a testing ground for understanding and bypassing EDR’s user-mode …

open-source software
Open-source vulnerability disclosure: Exploitable weak spots

Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are …

Don't miss

Cybersecurity news