Tag: access
-
DifyTap: Four Bugs Put over 1 million AI Apps at Risk
Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilities in Dify, the open-source AI platform used by major companies like Volvo and Maersk to run over a million applications across over 60 industries. Two vulnerabilities are of critical…
-
OTC Glucose Monitors Make Wellness Tracking More Personal, and More Complicated
Over-the-counter CGMs are making glucose data easier to access, but not every user benefits equally. Here’s where the evidence is strongest, and what to know about app privacy. The post OTC Glucose Monitors Make Wellness Tracking More Personal, and More Complicated appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-otc-glucose-monitors-wearable-tech/
-
Wenn Altsysteme zur Zeitbombe werden
Tags: accessAngreifer verschafften sich zwischen dem 8. und 11. Juni Zugriff auf ein Dateispeichersystem eines Drittanbieters, in dem archivierte Patientendaten von One Medical Seniors sowie der übernommenen Gesundheitsorganisation Iora Health gespeichert waren. Die Hackergruppe Shinyhunters behauptet, 8,8 Terabyte an Unternehmens- und Patientendaten exfiltriert zu haben. Amazon hat für One Medical 2023 fast vier Milliarden Dollar bezahlt.…
-
SocGholish Takedown Highlights Malicious TDS Threats
SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims’ networks for cybercrime groups such as the notorious Evil Corp. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/socgholish-takedown-malicious-tds-threats
-
Zero-Trust für KI-Agenten
Der Spezialist für Secure-Access-Service-Edge (SASE), Versa, stellt eine neue Zero-Trust-Architektur für das Model-Context-Protocol (MCP) vor. Bei diesem zum Patent angemeldeten Ansatz wird keiner KI-Aktion implizit vertraut. Jeder von einem Agenten generierte Schritt wird vor der Ausführung anhand der Benutzeridentität, rollenbasierter Zugriffskontrollen und Systemrichtlinien überprüft. Zudem kann eine explizite menschliche Validierung auf der Grundlage von entsprechend…
-
DifyTap Flaws Expose AI Data Across Tenants on Platform Powering 1M+ Apps
A series of critical vulnerabilities in the widely used open-source LLMOps platform Dify, which powers over one million AI applications. These vulnerabilities, collectively referred to as “DifyTap,” include four flaws, two rated as critical and two that require no authentication. They expose cross-tenant data leakage risks, allowing attackers to access private AI conversations, preview sensitive…
-
DifyTap Bugs Let Attackers ‘Wiretap’ AI Chat Histories
Four vulnerabilities allow attackers to exploit Dify, a platform for AI application building and management, to silently access and exfiltrate sensitive data. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/difytap-bugs-wiretap-ai-chat-histories
-
GTA 6 Scams Emerge as Pre-Orders Open
Cybercriminals launch fake GTA 6 pre-order sites offering early access for crypto payments First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gta-6-scams-emerge-as-preorders/
-
GTA 6 early access offers are taking gamers’ crypto
Scam websites are circulating across the internet with a pitch aimed at millions of gamers: a way to play Grand Theft Auto VI before its release. The pages promise early … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/gta-6-early-access-scam/
-
GTA 6 early access offers are taking gamers’ crypto
Scam websites are circulating across the internet with a pitch aimed at millions of gamers: a way to play Grand Theft Auto VI before its release. The pages promise early … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/gta-6-early-access-scam/
-
GTA 6 early access offers are taking gamers’ crypto
Scam websites are circulating across the internet with a pitch aimed at millions of gamers: a way to play Grand Theft Auto VI before its release. The pages promise early … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/gta-6-early-access-scam/
-
GTA 6 early access offers are taking gamers’ crypto
Scam websites are circulating across the internet with a pitch aimed at millions of gamers: a way to play Grand Theft Auto VI before its release. The pages promise early … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/gta-6-early-access-scam/
-
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT).The list of identified packages, is below – aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-minify-selector-parser (615 downloads)All the packages were published over the past month by an npm user named First seen on thehackernews.com Jump…
-
OpenAI wants AI to fix vulnerabilities, not just find them
OpenAI expanded Daybreak, its cybersecurity initiative that combines AI models, Codex Security, security researchers, maintainers, industry partners, and access controls to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/openai-expanded-daybreak-cybersecurity-initiative/
-
Free, no-signup World Cup streams serve scams instead of football
Researchers at Malwarebytes identified dozens of websites claiming to offer free access to FIFA World Cup matches. Instead of streaming games, the sites directed visitors … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/fake-world-cup-streaming-sites-scams/
-
Free, no-signup World Cup streams serve scams instead of football
Researchers at Malwarebytes identified dozens of websites claiming to offer free access to FIFA World Cup matches. Instead of streaming games, the sites directed visitors … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/fake-world-cup-streaming-sites-scams/
-
Free, no-signup World Cup streams serve scams instead of football
Researchers at Malwarebytes identified dozens of websites claiming to offer free access to FIFA World Cup matches. Instead of streaming games, the sites directed visitors … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/fake-world-cup-streaming-sites-scams/
-
WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools
WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims’ PCs. Kaspersky published a technical analysis this week of an active malware campaign that spreads through WhatsApp messages and ends with a remote management tool silently installed on the victim’s machine. The campaign is still running…
-
WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools
WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims’ PCs. Kaspersky published a technical analysis this week of an active malware campaign that spreads through WhatsApp messages and ends with a remote management tool silently installed on the victim’s machine. The campaign is still running…
-
8 Best Enterprise VPN Solutions for 2026
Find the best enterprise VPN solution for your business with 2026 comparisons of pricing, security, remote access, endpoint protection, and ZTNA features. The post 8 Best Enterprise VPN Solutions for 2026 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/top-enterprise-vpns/
-
Cloudflare PACT: Neuer Privacy-Standard gegen Bots, Captchas und KI-Traffic im Internet
PACT steht für Private Access Control Tokens. Dabei handelt es sich um ein geplantes, datenschutzorientiertes Protokoll, mit dem Browser gegenüber Websites Vertrauenssignale übermitteln können First seen on infopoint-security.de Jump to article: www.infopoint-security.de/cloudflare-pact-neuer-privacy-standard-gegen-bots-captchas-und-ki-traffic-im-internet/a45560/
-
Pakt für PACT Cloudflare und Browser-Hersteller entwickeln Datenschutz-Protokoll für das Internet
Datenschutz soll künftig direkt in die Infrastruktur des Internets eingebaut werden. Cloudflare hat gemeinsam mit führenden Browser-Herstellern wie Mozilla, Google, Microsoft und Shopify die Entwicklung eines neuen, datenschutzorientierten Internet-Protokolls angekündigt. Private-Access-Control-Tokens (PACT). Das Verfahren soll Websites helfen, legitime Nutzer und autorisierte KI-Agenten von schädlichem automatisiertem Traffic zu unterscheiden ganz ohne aufdringliche Captchas, Zwangs-Logins oder […]…
-
Anthropic’s Mythos AI broke into almost all NSA classified systems in hours
Senate testimony claims Anthropic’s Mythos AI breached NSA and Cyber Command systems in hours, prompting a U.S.-ordered shutdown. On June 12, the Trump administration directed Anthropic to restrict access to Fable 5 and Mythos 5, its two most capable models, exclusively to US citizens. Because verifying every user’s nationality in real time isn’t practically possible,…
-
âš¡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
It’s Monday again.This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control.The annoying part is how little of this feels new. Weak credentials, sketchy downloads, browser extensions with too much access, and WordPress sites are…
-
Malicious npm Package Masquerades as PostCSS Utility to Deliver PowerShell Downloader
A malicious npm package, postcss-minify-selector-parser, has been discovered masquerading as a benign PostCSS utility and delivering a multi-stage Windows remote access trojan (RAT). The imposter deliberately mimics the widely used postcss-selector-parser a legitimate library with more than 150 million weekly downloads by reusing the same keyword space (postcss, selector, parser, css) and depending on the…
-
282 iOS Apps Found Leaking LLM API Credentials in Network Traffic
Researchers have uncovered a systemic LLM credential exposure problem in the iOS ecosystem, with 282 AI”‘powered apps leaking exploitable API credentials and backend access mechanisms directly in network traffic. The findings highlight widespread misuse of OpenAI, Gemini, and other LLM provider APIs in mobile apps and show that many issues remain unpatched even after responsible…
-
Beats Studio Buds Vulnerability Lets Attackers Within Bluetooth Range Access Microphone
Apple has revealed a significant security vulnerability affecting Beats Studio Buds, which could allow attackers within Bluetooth range to access a device’s microphone without user consent. This issue, identified as CVE-2025-20701, was addressed in Beats Firmware Update 1B211, released on June 16, 2026. According to Apple’s advisory, the flaw impacts devices that are not yet…
-
Who pays when you gate cyber-capable AI models?
In this interview with Help Net Security, Jaya Baloo, COO CISO at Aisle, examines the debate over restricting access to cyber-capable AI models. She lays out the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/22/jaya-baloo-aisle-gating-cyber-capable-ai-models/
-
Hundreds of AI-powered iOS apps found exposing credentials
Mobile app developers are packing AI features into everything from writing assistants to productivity tools and lifestyle apps. New research shows that securing access to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/22/llm-api-credential-leakage-ios-apps/