More than 3,000 publicly disclosed ASP.NET keys were discovered that attackers can use to launch a ViewState code injection attack that could perform malicious actions on target servers. In a Feb. 6 blog, Microsoft Threat Intelligence explained that developers took these ASP.NET machined keys from publicly accessible resources, such as code documentation and repositories. The … Read more
Posted February 1, 2025 by Ben Carlson Five years removed from the onset of the pandemic, it’s interesting to reflect on the stuff that’s changed and the stuff that hasn’t. Remember when people were predicting handshakes were going to become a thing of the past? Or how no one was going to attend college anymore? … Read more
FunkSec ransomware is a relatively new ransomware-as-a-service (RaaS) group with hacktivist ties that appears to use AI to assist its cybercrime activities, Check Point Research outlined in an analysis published Friday. The group was first introduced in October 2024 in a post on the Breached forum and first established its data leak site in … Read more
Jan 04, 2025Ravie LakshmananVulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It … Read more
Photo by Mohamed Nohassi on Unsplash The European AI Office is currently facilitating the drawing-up of the General-Purpose AI Code of Practice (the “Code”). The European Commission published the first draft of the Code on 14 November 2024. Further drafts are to be prepared, with the final version of the Code forecast to be released … Read more
