Security Vulnerability in OpenAI’s ChatGPT App for macOS Allowed Spyware Implantation
Attackers exploited a memory feature in ChatGPT to implant spyware, enabling continuous data exfiltration of user input and responses.
Attackers exploited a memory feature in ChatGPT to implant spyware, enabling continuous data exfiltration of user input and responses.
ValleyRAT malware poses a significant threat to Chinese-speaking individuals and industries, utilizing shellcode, sleep obfuscation, XOR encoding, AES-256 decryption, reflective DLL loading, API hashing, and callback procedures to evade detection and control victims.
A recent joint report by CISA, Australia, and Canada reveals that over half of critical open source software projects analyzed exhibit memory safety vulnerabilities, emphasizing the need for organizations to transition to memory safe languages and adopt secure coding practices.
The White House Office of the National Cyber Director emphasizes the importance of memory safety in preventing data exposure and corruption to enhance cybersecurity.
FortiGuard researchers have discovered the TicTacToe dropper, a group of malware droppers that have been active throughout 2023 and are responsible for delivering various final-stage payloads, posing a significant threat to organizations.
Orca security firm discovers three vulnerabilities in Microsoft Azure’s HDInsight big-data analytics service, including denial-of-service and privilege escalation bugs, which have been promptly addressed by Microsoft.
Cybersecurity researchers analyze the command-and-control server of the SystemBC malware, exposing its ability to serve as a persistent backdoor for threat actors and deliver additional payloads.
Multiple vulnerabilities in the TianoCore EFI Development Kit II (EDK II) allow for remote code execution, denial-of-service attacks, DNS cache poisoning, and leakage of sensitive information, impacting various UEFI firmware implementations.
Google has released important updates for its Chrome browser to address a critical zero-day vulnerability, known as CVE-2024-0519, which allows attackers to bypass protection mechanisms and execute code on the target device.