A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. “If exploited, it could allow attackers to execute arbitrary code on your system,
The Jumio 2024 Online Identity Study reveals that while consumers are increasingly concerned about the risks posed by deepfakes and generative AI, they continue to overestimate their ability to detect these deceptions.
Cybersecurity researchers have discovered a critical vulnerability, dubbed “Linguistic Lumberjack,” in the popular logging and metrics utility Fluent Bit that could allow for denial-of-service (DoS), information disclosure, or remote code execution.
An attorney discovered that the mobile ads she saw were reflecting her recent library audiobook borrowing habits, raising concerns about the privacy of library patron data and the potential for targeted advertising based on that information.
Researchers at Genians Security Center (GSC) identified the North Korea-linked Kimsuky APT group targeting victims via Facebook Messenger, using fake accounts posing as South Korean officials to deliver malware.
Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. “Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, […]
Cybercriminals’ new tactics led to a 64% increase in ransomware claims in 2023, driven by a 415% rise in “indirect” incidents and remote access vulnerabilities, pressuring more victims to pay ransoms, according to At-Bay.
Researchers at Horizon3.ai discovered a critical remote code execution vulnerability (CVE-2023-34992) in Fortinet FortiSIEM, allowing unauthenticated attackers to execute commands as root users and gain access to sensitive information.
The acquisition will allow CyberArk to expand its capabilities in securing machine-to-machine communications and address the growing attack surface in the cloud-first, AI-driven, and post-quantum world.