critical
-
Blog
Microsoft says AI tools such as Copilot or ChatGPT are affecting critical thinking at work – staff using the technology encounter ‘long-term reliance and diminished independent problem-solving’
Using generative AI at work may impact the critical thinking skills of employees — and that’s according to Microsoft. Researchers at Microsoft and Carnegie Mellon University surveyed 319 knowledge workers in an attempt to study the impact of generative AI at work, raising concerns about what the rise of the technology means for our brains. Concerns about the negative impact…
Read More » -
Blog
Seashell Blizzard hacker group escalating attacks on critical infrastructure, Microsoft warns
A subgroup of the Russian state-sponsored hacking group, Seashell Blizzard, has been targeting critical infrastructure organizations and governments around the world for years, authorities have warned. The campaign, dubbed ‘BadPilot‘ by Microsoft’s Threat Intelligence Team, saw the group gain access to targets across a number of sensitive sectors, including energy, oil and gas, telecommunications, shipping, and arms manufacturing, as well…
Read More » -
Blog
Ivanti fixes three critical flaws in Connect Secure & Policy Secure
Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems. The company learned about the flaws through its responsible disclosure program from security researchers at CISA and Akamai, and through the HackerOne bug bounty platform. Ivanti notes in the security bulletin…
Read More » -
Blog
Critical RCE bug in Microsoft Outlook now exploited in attacks
CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, the flaw is caused by improper input validation when opening emails with malicious links using vulnerable Outlook versions. The attackers gain remote code execution…
Read More » -
Blog
Cisco patches critical flaws in Identity Services Engine
Cisco has rolled out software updates to address a pair of critical vulnerabilities in its Identity Services Engine (ISE) that could let hackers take over devices and access data. The flaws affect Cisco ISE and Cisco ISE Passive Identity Connector, versions 3.0 to 3.3, but not 3.4. A workaround is not possible, so a software upgrade is required. Cisco said…
Read More » -
Blog
DeepSeek R1 has taken the world by storm, but security experts claim it has ‘critical safety flaws’ that you need to know about
DeepSeek R1, the new frontier reasoning model that shook up the AI industry, is vulnerable to a wide range of jailbreaking techniques, according to new research. A new report from Cisco warns that although DeepSeek’s R1 frontier reasoning model has been able to compete with state-of-the-art models from OpenAI or Anthropic, it has been found to have “critical safety flaws”.…
Read More » -
Blog
Critical zero-days impact premium WordPress real estate plugins
The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. Although the two flaws were discovered in September 2024 by Patchstack, and multiple attempts were made to contact the vendor (InspiryThemes), the researchers say they have not received a response. Also, Patchstack says the…
Read More » -
Blog
SAP fixes critical vulnerabilities in NetWeaver application servers
SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. As part of the January Security Patch Day, the vendor also released updates for other products to patch 12 additional issues rated with medium and high severity. “SAP strongly recommends that the customer visits the Support Portal and applies…
Read More » -
Blog
Critical macOS flaw puts your data and cameras at risk — update right now
MacOS has a critical component called the System Integrity Protection, or SIP, which is responsible for protecting the operating system against malware and other threats. It does this by restricting system-level operations – even for users with root privileges – basically preventing unauthorized software from altering specific folders and files in protected areas. Disabling the SIP normally requires a system…
Read More » -
Blog
A critical Ivanti flaw is being exploited in the wild – here’s what you need to know
Ivanti has published details of two buffer overflow CVEs affecting its Connect Secure, Policy Secure, and ZTA Gateways devices, claiming cyber criminals are already taking advantage of them. The first flaw, CVE-2025-0282, is described as a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the victim’s device. The flaw is yet to receive an NVD…
Read More »