A critical remote code execution vulnerability has been discovered in the widely used JavaScript library expr-eval, affecting thousands of projects that rely on it for mathematical expression evaluation and natural language processing. The vulnerability, tracked as CVE-2025-12735, poses significant risks to server environments and to AI-powered applications that process user input. Identifier Value CVE ID […]
The post Popular npm Library Used in AI and NLP Projects Exposes Systems to RCE appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
You must login to view this content
Intel has filed a federal lawsuit against a former employee accused of downloading thousands of classified documents shortly after being terminated, raising serious concerns about corporate data security and insider threats. Jinfeng Luo, a software developer who has worked at Intel since 2014, was based in Seattle when the company notified him of his pending […]
The post Fired Intel Engineer Stolen 18,000 Files, Many of which Were Classified as “Top Secret” appeared first on Cyber Security News.
The Cybersecurity and Information Sharing Act of 2015 would go from expired to extended through Jan. 30.
The post Cyber information sharing law would get extension under shutdown deal bill appeared first on CyberScoop.
Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before:
Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an internal storage system and deliver them to the user. End-to-end encryption is sufficient in such a narrow context. But often we want our cloud providers to be able to perform computation on our raw data: search, analysis, AI model training or fine-tuning, and more. Without expensive, esoteric techniques, such as secure multiparty computation protocols or homomorphic encryption techniques that can perform calculations on encrypted data, cloud servers require access to the unencrypted data to do anything useful...
The post New Attacks Against Secure Enclaves appeared first on Security Boulevard.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Each day without reauthorization erodes the trust, coordination, and shared visibility that have underpinned the resilience of America’s most critical systems.
The post CISA’s expiration leaves a dangerous void in US cyber collaboration appeared first on CyberScoop.