Dark Reading

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

One bug — CSCwc67015 — was spotted in yet-to-be-released code. It could have allowed hackers to remotely execute their own code, and potentially overwrite most of the files on the device. The second, ...

OpenAI says prompt injections that can trick AI browsers like ChatGPT Atlas may never be fully solved—experts say risks are a feature not a bug

OpenAI has said that some attack methods against AI browsers like ChatGPT Atlas are likely here to stay, raising questions ...
Bleeping Computer

SonicWall: Patch critical SQL injection bug immediately

SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS (Global Management System) and Analytics On-Prem products. "SonicWall PSIRT strongly ...
Threat Post

Unpatched Fujitsu Wireless Keyboard Bug Allows Keystroke Injection

Fujitsu is stopping sales for its popular wireless keyboard after a researcher discovered it is vulnerable to keystroke injection attacks that could allow an adversary to take control of a victim’s ...
Bleeping Computer

Fortinet warns of critical command injection bug in FortiSIEM

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through ...
ZDNet

WordPress patches SQL injection bug in security release

A bug discovered in WordPress allows attackers to trigger an SQL injection attack leading to complete website hijacking. The vulnerability was discovered in the WordPress content management system ...
Threat Post

SQL Injection Bug Fixed in Popular WordPress SEO Plug-In

Popular search engine optimization plugin, SEO by Yoast fixed a blind SQL injection vulnerability yesterday that could be exploited to take control of affected sites. SEO by Yoast, a popular search ...