Google's AI assistant Gemini is vulnerable to ASCII smuggling, a well-documented attack method that could trick it into providing users with fake information, alter the model's behavior, and silently poison its data.
submitted by /u/Equal_Personality157 [link] [comments]
It is quite strange wherever ask for advice, the post gets taken down by mods? I am an American with CNVD certs for a zero-click attack chain. I'm not a political actor, just a researcher who tried to do the right thing. The irony?... A foreign government certified my work before my own did. My question is.... does this attack chain matter, who cares and what can the netsec community do to steer me in the right direction? A bounty-lawyer, a journalist with a backbone or maybe just someone's...
.webp)
Microsoft has issued a warning that both cybercriminals and state-sponsored threat actors are increasingly abusing the features and capabilities of Microsoft Teams throughout their attack chains. The platform's extensive adoption for collaboration makes it a high-value target, with its core functions for messaging, calls, and screen-sharing being weaponized for malicious purposes. The extensive collaboration features
WVSR-FM, owned by Bristol Broadcasting, announced on October 5, 2025, that it was experiencing a technical disruption in Charleston, West Virginia, potentially related to ransomware, impacting remote hosting, traffic systems, and phone services. By October 7, online streams for multiple stations were offline, and the cause of the disruptions remained unverified, with no identified threat actor as Bristol Broadcasting continued to broadcast over-the-air. submitted by /u/CatfishEnchiladas [link]...
🚨 A massive DDoS attack seems to be happening right now. You can check it out yourself, it looks huge and still ongoing. Does anyone know what's going on? submitted by /u/UnrealSalty [link] [comments]
BK Technologies Corporation, a provider of communications equipment for public safety and government agencies, has disclosed a cybersecurity incident in which an unauthorized third party breached its information technology systems and potentially exfiltrated sensitive data. In a recent Form 8-K filing with the U.S. Securities and Exchange Commission (SEC), the company confirmed that it detected
FreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of vulnerabilities in the past. Most recently, a SQL injection vulnerability was found that allows attackers to modify the database.
Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools.
Ransomware operators have shifted from opportunistic malware distribution to highly targeted campaigns that exploit legitimate software for stealth and persistence. Emerging in early 2025, several ransomware families began abusing popular remote access tools - such as AnyDesk and Splashtop - to establish footholds within enterprise networks. By hijacking or silently installing these utilities, adversaries bypass security controls that traditionally
A novel and alarming cybersecurity threat has emerged, turning an ordinary computer peripheral into a sophisticated eavesdropping device. Researchers have detailed a new technique, dubbed the "Mic-E-Mouse" attack, which allows threat actors to exfiltrate sensitive data by exploiting the high-performance optical sensors found in many modern computer mice. This method can covertly capture and reconstruct
Security teams are drowning in threat intel - but AI is changing that. AI-powered Breach and Attack Simulation turns new threats into real, testable scenarios in minutes - delivering proof that your defenses work, not just assumptions. Join the BAS Summit 2025 to see how AI redefines security validation.
Hey guys. I am looking into the Jaguar Land Rover cuber incident which occurred on the 31st of August leading to a halt in global production - I am sure most of you have read about it. Specifically I am looking for more technical reports or intelligence concerning the kill chain of the attack. I can't find much online, and the good reason is probably that not much, if any, exists since JLR have been quite tightlipped about it. Nevertheless, I still wanted to try my chances here to see if any of...
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : DIAScreen Vulnerabilities : Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory buffer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAScreen are affected: DIAScreen: Version 1.6.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1...
Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software, which is reportedly being used in highly targeted attacks by an unknown threat actor. According to Rapid7, the exploit chain combines two vulnerabilities, CVE-2025-20362 and CVE-2025-20333, to achieve unauthenticated remote code
A sophisticated cyberattack has compromised Red Hat Consulting's infrastructure, potentially exposing sensitive data from over 5,000 enterprise customers worldwide. The breach, executed by the extortion group Crimson Collective, has raised serious concerns about the security of critical business documentation and source code belonging to major corporations, including Vodafone, HSBC, American Express, and Walmart. Red Hat,
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked. Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
Western Sydney University suffered another breach in August 2025, however never even addressed this to the students that were affected by the breach. Because of this breach, those that were affected received emails claiming that their certifications were revoked, even after graduating. "Even more alarming is the fact that WSU has not disclosed this breach to students, leaving many unaware that their personal data may have been compromised. This lack of transparency is deeply troubling and...
arXiv:2510.04503v1 Announce Type: new Abstract: During fine-tuning, large language models (LLMs) are increasingly vulnerable to data-poisoning backdoor attacks, which compromise their reliability and trustworthiness. However, existing defense strategies suffer from limited generalization: they only work on specific attack types or task settings. In this study, we propose Poison-to-Poison (P2P), a general and effective backdoor defense algorithm. P2P injects benign triggers with safe alternative...