Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation.
The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek.
WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation
Palo Alto Networks has conducted an analysis of malicious LLMs that help threat actors with phishing, malware development, and reconnaissance.
The post WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation appeared first on SecurityWeek.
Major US Banks Impacted by SitusAMC Hack
Hackers stole corporate data such as accounting records and legal agreements, but did not deploy file-encrypting ransomware.
The post Major US Banks Impacted by SitusAMC Hack appeared first on SecurityWeek.
640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack
The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories.
The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek.
Canon Says Subsidiary Impacted by Oracle EBS Hack
More than 100 alleged victims of the Oracle EBS campaign have been added to the Cl0p ransomware website.
The post Canon Says Subsidiary Impacted by Oracle EBS Hack appeared first on SecurityWeek.
Mercedes F1 Team Principal Toto Wolff Sells 15% Stake to CrowdStrike CEO George Kurtz
CrowdStrike became a global partner of Mercedes’ F1 team in 2019, but Kurtz’s purchase into the ownership group was his personally.
The post Mercedes F1 Team Principal Toto Wolff Sells 15% Stake to CrowdStrike CEO George Kurtz appeared first on SecurityWeek.
CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability
CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek.
CrowdStrike Insider Helped Hackers Falsely Claim System Breach
The company has confirmed that it terminated an insider who shared screenshots of his computer with cybercriminals.
The post CrowdStrike Insider Helped Hackers Falsely Claim System Breach appeared first on SecurityWeek.
Microsoft Highlights Security Risks Introduced by New Agentic AI Feature
Without proper security controls, AI agents could perform malicious actions, such as data exfiltration and malware installation.
The post Microsoft Highlights Security Risks Introduced by New Agentic AI Feature appeared first on SecurityWeek.
Mazda Says No Data Leakage or Operational Impact From Oracle Hack
The Cl0p ransomware group has listed Mazda and Mazda USA as victims of the Oracle EBS campaign on its leak website.
The post Mazda Says No Data Leakage or Operational Impact From Oracle Hack appeared first on SecurityWeek.
