Aggregator

Submit #561510 / VDB-307327

Ireland’s Data Protection Commission (DPC) fined TikTok €530M for violating data rules by sending European user data to China. Ireland’s Data Protection Commission (DPC) fined the popular video-sharing platform TikTok €530 million for violating data laws by transferring data belonging to European users to China. TikTok violated GDPR by transferring EEA user data to China […]

Menlo Venture's Rama Sekhar on AI Threats and Opportunities
Public attention has been focused on the dangers of large language models such as hallucinations or harmful output, but the most pressing security risks are no longer rooted in the models, but in how they are integrated with real-world tools, said Rama Sekhar, partner at Menlo Ventures.

DOD's Stacy Bostjanick Shares Cyber Strategies for Enhancing Cyber Resilience
Stacy Bostjanick, deputy CIO and chief of Defense Industrial Base Cybersecurity at the Department of Defense, shared a robust plan to protect the DIB from relentless cyberattacks through stronger standards and proactive cyber strategies.

Administration's Budget Proposals Would Slash Cyber Defense Agency Spending by 16%
President Donald Trump proposed a series of budget cuts Friday that would in part reduce the Cybersecurity and Infrastructure Security Agency's spending for fiscal year 2026 by nearly $500 million - a 16% reduction the administration said was aimed at realigning the agency with its core mission.

Hacker Who Feigned Russian Hacktivist Persona Faces Up to a Decade in Prison
A California man whose theft of a terabyte of company data from Disney led the media and entertainment conglomerate to eschew Slack pleaded guilty in Los Angeles federal court to two felony charges. Santa Clarita resident Ryan Mitchell Kramer, 25, gained access to a Disney employee's computer.

According to the New York Department of Financial Services, finance companies operating in New York — even if not based there — must implement a variety of protections against unauthorized access to IT systems.

The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. [...]

The Model Context Protocol (MCP) is a protocol definition for how LLM apps/agents can leverage external tools. I have been calling it Model Control Protocol at times, because due to prompt injection, MCP tool servers control the client basically. This post will explain in detail why that is, and I will also share a novel exploit chain. Why MCP - How Is It Different? The main difference to other tool invocation setups, like OpenAPI is that MCP is dynamic.

Time it Takes a Hacker to Brute Force your Password in 2025

Author/Presenter: Randall Wyatt

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Proving Ground – You Can Be Neurodivergent And Succeed In InfoSec appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in IBM InfoSphere Information Server 11.7. Affected is an unknown function. The manipulation leads to information exposure through error message. This vulnerability is traded as CVE-2025-25045. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM InfoSphere Information Server 11.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component DataStage Flow Designer. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is known as CVE-2025-25046. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

DLC-ID falls victim to Qilin Ransomware

A vulnerability classified as problematic was found in Fortinet FortiWeb up to 6.3.15/6.4.1. This vulnerability affects unknown code of the component Error Handler. The manipulation leads to open redirect. This vulnerability was named CVE-2021-36191. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Fortinet FortiWeb up to 6.3.15/6.4.1 and classified as problematic. Affected by this issue is some unknown functionality of the component SAML Login Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2021-41015. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Bundler up to 2.2.32. It has been declared as critical. This vulnerability affects unknown code of the component Gemfile Handler. The manipulation leads to argument injection. This vulnerability was named CVE-2021-43809. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.