Japanese electronics giant Casio has confirmed that the personal data of almost 8,500 individuals was stolen during an October ransomware attack. Casio was the target of a ransomware attack on October 5, which saw hackers access sensitive data and render many of the company’s systems unusable. The attack was claimed by the Underground ransomware gang, … Read more
An unpatched vulnerability in the Ivanti Connect Secure VPN has been under active attack. Researchers with Google’s Mandiant Cloud security team said that one or more threat actors are currently exploiting CVE-2025-0282 for remote takeover attacks on targeted networks. The flaw, originally exploited as a zero-day vulnerability, has since been given an emergency patch and … Read more
Jan 03, 2025Ravie LakshmananMachine Learning / Vulnerability Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model’s (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit … Read more
In a supply chain attack that was first detected on Dec. 25, several Chrome extensions were compromised after a Cyberhaven employee was tricked by a phishing email that stole the worker’s credentials to the Google Chrome Web Store. A Dec. 27 blog post by Cyberhaven explained the attacker used these credentials on Dec. 24 to … Read more
Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of … Read more
