Aggregator

You must login to view this content

OpenRouter, a startup helping software developers manage the growing number of AI models, has raised $40 million in venture capital. The company wants to make it easier for developers to choose and use the right AI model for their applications, without having to build their own complex systems. “There’s been a Cambrian explosion of models. Our business is a one-stop shop for all models,” CEO and co-founder Alex Atallah told The Wall Street Journal. OpenRouter … More →

The post OpenRouter raises $40 million to simplify AI model overload appeared first on Help Net Security.

A critical vulnerability in Realtek’s Bluetooth Low Energy (BLE) implementation enables attackers to launch denial-of-service (DoS) attacks during device pairing. The flaw (CVE-2024-48290) affects Realtek RTL8762E BLE SDK v1.4.0, allowing malicious actors to disrupt connections by exploiting protocol inconsistencies. Attackers can send a crafted ll_terminate_ind packet or inject premature pairing data, crashing the target device’s Bluetooth stack […]

The post Realtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During Pairing appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

In this write-up we present a malware sample found in the wild that boasts a novel and unusual evasion mechanism — an attempted prompt injection (”Ignore all previous instructions…”) aimed to manipulate AI models processing the sample. The sample gives the impression of an isolated component or an experimental proof-of-concept, and we can only speculate […]

The post In the Wild: Malware Prototype with Embedded Prompt Injection appeared first on Check Point Research.

The Chrome team has announced the rollout of a critical security update for its popular web browser, Chrome, addressing 11 code execution vulnerabilities that could potentially put millions of users at risk. The update, Chrome 138.0.7204.49 for Linux and 138.0.7204.49/50 for Windows and Mac, is now being distributed through the stable channel and will reach […]

The post Chrome Releases Security Patch for 11 Code Execution Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
• CVE-2024-0769 D-Link DIR-859 Router Path Traversal Vulnerability
• CVE-2019-6693 Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.