Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Bielik-7B-v0.1, the Polish LLM based on Mistral
- Kremlin Leaks: How Putin’s regime is building AI surveillance operations
- Meta in Myanmar
- ‘The machine did it coldly’: Israel used AI to identify 37,000 Hamas targets
- Attempted audio deepfake call targets LastPass employee
- Why CISA is warning CISOs about a breach at Sisense
For the more technical
- Command injection and backdoor account in D-Link NAS devices
- How an old bug in Lighttpd gained new life in AMI BMC, including Lenovo and Intel products
- InSpectre Gadget: Inspecting the residual attack surface of cross-privilege Spectre v2
- April 2024 Microsoft Patch Tuesday Summary
- Smoke and (screen) mirrors: A strange signed backdoor
- Sidestepping SharePoint security: Two new techniques to evade exfiltration detection
- CVE-2024-3400 PAN-OS: OS command injection vulnerability in GlobalProtect gateway
- Operation MidnightEclipse, post-exploitation activity related to CVE-2024-3400
- Zero-day exploitation of unauthenticated remote code execution vulnerability in GlobalProtect (CVE-2024-3400)
- Vulnerabilities identified in LG WebOS
- XZ backdoor story – Initial analysis
- An in-depth analysis of the xz backdoor
- Persistent Magento backdoor hidden in XML
- BatBadBut: You can’t securely execute commands on Windows
- Hackers hijacked Notepad++ plugin to execute malicious code
- An IRC client in your motherboard
- CoralRaider targets victims’ data and social media accounts
- New technique to trick developers detected in an open source supply chain attack
- TA547 targets German organizations with Rhadamanthys stealer
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.