Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Cybercriminals are tricking AI into leaking your data, executing code, and sending you to malicious sites. Here's how.

New GopherWhisper APT group abuses Outlook, Slack, Discord for comms

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate ...
Space.com

Japan's audacious sample-return mission to the Mars moon Phobos has made it to the launch pad

If all goes according to plan, MMX will arrive in orbit around Mars in 2027 to begin mapping and analyzing Phobos and Deimos ...
WeLiveSecurity

GopherWhisper: A burrow full of malware

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian ...
Computer Weekly

Boost cooks up SmokedMeat, open source framework for CI/CD pipelines protection

Boost Security has announced SmokedMeat, an open source red team framework for CI/CD pipelines that shows how attackers ...