06Avr 2024 by

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Actualités
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of
Read More
05Avr 2024 by

AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

Actualités
New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers' models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. "Malicious models represent a major risk to AI systems,
Read More
05Avr 2024 by

CISO Perspectives on Complying with Cybersecurity Regulations

Actualités
Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and
Read More