ChatGPT Next Web Vulnerability Allows SSRF Exploits via Endpoint
Researchers reported CVE-2023-49785, a critical ChatGPT Next Web (NextChat) vulnerability, raising cybersecurity concerns over its SSRF exploitation potential. NextChat is a web interface for large language models (LLMs) like ChatGPT, [...]
ElizaRAT Uses Google, Telegram, & Slack for C2 Communications
APT36, a Pakistani cyber-espionage group, now uses ElizaRAT, a Windows RAT with advanced evasion and C2 features, to target Indian government, diplomats, and military. APT36 uses Windows, Linux, and Android [...]
Hackers Exploit Windows Event Logs for Manipulation and Data Theft
Hackers exploit wevtutil.exe for LOLBAS attacks, enabling command execution, payload downloads, and persistence while bypassing security. wevtutil.exe is a Windows tool for managing event logs, but attackers can misuse it [...]
Apple Safari JavaScriptCore RCE Vulnerability Actively Exploited
CVE-2024-44308, a critical Safari vulnerability, has been actively exploited, impacting iOS, visionOS, and macOS. Affected Software and Versions The CVE-2024-44308 vulnerability impacts several Apple platforms, as summarized below: SoftwareAffected VersionPatched [...]
Amazon GuardDuty Gains AI/ML Threat Detection for Cloud Security
Amazon has improved cloud security with AI/ML threat detection in GuardDuty. This new feature enhances threat detection by using AWS's cloud visibility and scale to better protect applications, workloads, and [...]
Get Social