Peter Chofield
-
OWASP Updates Top 10 Risks, Highlights Supply Chain and Systemic Flaws
OWASP has updated its Top 10 list of web application security risks, highlighting supply chain and systemic design weaknesses, marking its first major revision since 2021.
-
Military Experts Raise Alarms Over AI Chatbot Vulnerabilities: A New Front in Cyberwarfare
Military experts warn about critical security flaws in AI chatbots, specifically prompt injection attacks, which can be exploited by hostile foreign powers to compromise sensitive information and unleash chaos. The article highlights real-world vulnerabilities in popular LLMs like Google Gemini, OpenAI’s ChatGPT, and Microsoft Copilot, and the potential for adversaries to pilfer critical files, warp…
-
EU Considers Banning Huawei Telecom Equipment for Member States
The European Union is contemplating a ban on Huawei telecommunications equipment for member states, driven by escalating cybersecurity and national security concerns. This move reflects a growing international apprehension regarding the integration of specific foreign technologies into global telecom networks and aims to fortify critical infrastructure against potential vulnerabilities.
-
Lukoil Halts Iraqi Operations at West Qurna-2 Amid Sanctions, Citing Force Majeure
Russian energy giant Lukoil has ceased all operations at Iraq’s West Qurna-2 oilfield and declared force majeure, a direct consequence of escalating international sanctions against Moscow.
-
Ukraine Urges U.S. for Patriot Missile Systems Amid Escalating Russian Attacks on Power Grid
Kyiv is intensifying its plea to Washington for additional Patriot air defense systems, a critical request as Russia escalates its systematic targeting of Ukraine’s energy infrastructure.
-
QNAP Issues Urgent Updates for Critical NAS Vulnerabilities Exposed at Pwn2Own
QNAP has issued a series of critical security updates following the discovery of eight severe vulnerabilities, enabling remote attackers to gain complete control over affected NAS systems.
-
SesameOp Backdoor Leverages OpenAI API for Stealthy Command and Control
Microsoft has identified a novel backdoor, dubbed “SesameOp,” that utilizes OpenAI’s Assistants API as a command-and-control (C2) channel. This sophisticated technique allows threat actors to stealthily orchestrate malicious activities within compromised environments, potentially evading traditional security measures.
-
MIT Retracts Controversial AI Ransomware Study Amid Expert Scrutiny
MIT’s Sloan School of Management has retracted a study claiming AI drives 80% of ransomware attacks after cybersecurity experts raised concerns about its methodology and evidence.
-
Cybercriminals Exploit Legitimate Remote Tools to Target Logistics Networks
Cybercriminals are increasingly targeting the logistics and freight industry by exploiting legitimate Remote Monitoring and Management (RMM) tools to gain unauthorized access, with the ultimate goal of stealing cargo.
-
Alleged Jabber Zeus Coder ‘MrICQ’ Extradited to U.S.
Yuriy Igorevich Rybtsov, known online as “MrICQ” and an alleged developer for the Jabber Zeus cybercrime group, has been arrested in Italy and extradited to the United States. He faces charges related to a scheme that allegedly stole tens of millions of dollars from U.S. businesses.