Security researchers at Trustwave are warning organizations of a vulnerability in Kyocera Device Manager that can be exploited to capture credentials and gain access to accounts and devices.  A web-based application, the Kyocera Device Manager is used for the management of multiple Kyocera printers and multifunction devices within an organization’s environment, offering support for application deployment, setting up alerts, and more.

Volt Typhoon, a China-backed cyber espionage group, is systematically targeting legacy Cisco devices in a sophisticated campaign to expand its attack infrastructure. The threat actor, known for targeting critical infrastructure, has exploited router vulnerabilities from 2019 to infiltrate and control the devices.

A security flaw in vision language Artificial Intelligence (AI) models, discovered by computer scientists at the University of California, Riverside, could allow malicious actors to use AI for nefarious purposes such as obtaining bomb-making instructions. Vision language models, when integrated with models such as Google Bard and ChatGPT, enable users to make inquiries using both images and text. The team demonstrated a "jailbreak" hack by manipulating the operations of Large Language Model (LLM) software programs, which are the foundation of query-and-answer AI programs.

Sebastien Raoult, also known as "Sezyo Kaizen," a 22-year-old Frenchman, has been sentenced to three years in US federal prison for participating in the ShinyHunters hacking group. Raoult and two co-conspirators hacked over 60 companies and posted stolen data on dark web forums such as RaidForums, EmpireMarket, and Exploit. They sometimes threatened to leak data if a ransom was not paid. ShinyHunters targeted well-known entities in 2020 and 2021, including the clothing retailer Bonobos, the photo app Pixlr, and Microsoft's GitHub account.

By krahal

By grigby1 

According to Cloudflare researchers, the use of Application Programming Interfaces (APIs) is increasing but poses greater management and security risks. APIs generated about 57 percent of global dynamic Internet traffic in 2023. However, the increased API traffic causes additional management and security issues, especially as there are more API endpoints than companies reported. The researchers discovered up to 30.7 percent more API endpoints than specified. These "Shadow APIs" are often used by developers or individual end users to run specific business applications.

By aekwall 

Hackers took over the US Securities and Exchange Commission's (SEC) X account and used it to spread false information regarding the approval of Bitcoin ETFs on security exchanges. According to the now-removed message, the SEC granted approval to Bitcoin ETFs for listing on registered national security exchanges. The news immediately impacted the cryptocurrency industry, with Bitcoin briefly reaching $48,000 before dropping to around $45,000 following the SEC's denial.

Cybercriminals are targeting hotels' backend Booking.com logins in order to take over the accounts and eventually harvest data on the hotels' customers. According to Perception Point's analysis of the campaign, threat actors are changing their tactics by focusing on specific industry practices and relationships to conduct targeted and convincing phishing attacks. Many of the phishing messages are addressed to hotel managers, claiming that former guests are leaving harsh reviews of the property online. The emails encourage hotels to sign in and respond to the complaints.