Topic

#vulnerability

10 articles found

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhis

#cybersecurity#ai#phishing#vulnerability

· 1 day ago· Bleeping Computer

Gogs Zero-Day Flaw Exposes Indian Devs to Remote Code Execution Threats

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]

#security#zero-day#remote-code-execution#gogs#vulnerability

· 3 days ago· SecurityWeek

Flaw in Widely Used Conferencing Tool Allowed Unrestricted User Access

Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek.

#security#vulnerability#open-source#cybersecurity#account-takeover

· 3 days ago· The Hacker News

Gitea flaw reveals private container images, bypassing authentication safeguards

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The vulnerab

#gitea#vulnerability#cybersecurity#container-security#authentication

· 3 days ago· Bleeping Computer

CISA mandates federal agencies to fix critical cPanel vulnerability in four days

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. [...]

#cybersecurity#cisa#vulnerability#patching

· 3 days ago· SecurityWeek

Analysis temporarily unavailable. Please try again in a moment.

Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges. The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek.

#cybersecurity#zero-day#vulnerability#cisa#patch-management

· 3 days ago· Ars Technica AI

Millions of AI Systems Exposed as Critical Open Source Flaw Uncovered

"BadHost" was found in Starlette, a package with 325 million weekly downloads.

#ai#open-source#vulnerability#starlette#cybersecurity

· 3 days ago· Bleeping Computer

Zero-day vulnerability in KnowledgeDeliver enables web shell installation

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. [...]

#zero-day#cybersecurity#web-shells#vulnerability#malware

· 4 days ago· Bleeping Computer

Analysis temporarily unavailable. Please try again in a moment.

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. [...]

#cisa#drupal#sql-injection#cybersecurity#vulnerability

· 6 days ago· SANS Internet Storm

Wireshark 4.6.6 Launches with New Features and Enhancements

Wireshark release 4.6.6 fixes 1 vulnerability and 11 bugs.

#wireshark#security#vulnerability#bug-fix