The attackers, posing as interviewers, urge candidates to download a ZIP file containing malware. The campaign has targeted victims in South Korea, North America, Europe, and the Middle East.

The flaw in the Jetson Linux component of the JetPack SDK impacts devices such as the Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series, and Jetson Nano.

The cybersecurity arm of the UK government, RITICS, has released a new guide to assist companies in enhancing the security of their operational technology (OT) and industrial control system (ICS) hardware.

Exploiting these flaws could allow attackers to execute arbitrary commands, read source code, and gain unauthorized access. The vulnerabilities require authentication, with one flaw specifically requiring the built-in SSH server to be enabled.

The Vanna AI library has been found to have a vulnerability (CVE-2024-5565) that could allow for remote code execution (RCE) due to a prompt injection issue related to the Plotly script.

The CISA will prolong the comment period for new regulations under the Cyber Incident Reporting for Critical Infrastructure Act for another month after requests from the energy and information technology sectors and other industries.

The researchers presented two variations of what they call Ahoi attacks. One of them, dubbed Heckler, involves a malicious hypervisor injecting interrupts to alter data and control flow, breaking the integrity and confidentiality of CVMs.

Exploited vulnerabilities and compromised credentials are the primary ways active adversaries breach organizations, making patch management and credential security crucial defenses.

The Series A funding was led by new investors Ballistic Ventures and Artisanal Ventures, as well as existing backers Webb Investment Network, Ridge Ventures, and TechOperators.

Qualcomm has announced a critical vulnerability that could lead to remote attacks on devices using their chipsets. The flaw, tracked as CVE-2023-33025, involves a buffer overflow during VoLTE calls, allowing attackers to execute code remotely.