The OWASP GenAI Security Project has recently updated its guidelines in response to 21 identified risks associated with generative AI technologies. The organization recommends that companies adopt distinct but interconnected strategies to protect both generative AI and agentic AI systems. This update is significant as it provides a structured approach for organizations looking to enhance their security posture in the rapidly evolving landscape of AI technology. By recognizing these risks, OWASP aims to help businesses understand the vulnerabilities they may face and the steps they need to take to safeguard their systems. This is particularly relevant as more companies integrate AI into their operations, making it crucial to address these security challenges proactively.
Articles tagged "Update"
Found 137 articles
Fortinet has issued an emergency security update for a serious vulnerability found in its FortiClient Enterprise Management Server (EMS). This flaw is currently being exploited in the wild, posing a significant risk to organizations using the software. Users of FortiClient EMS should prioritize applying the patch released over the weekend to protect their systems from potential attacks. The vulnerability affects the management of client devices, which could allow unauthorized access or control if not addressed promptly. The urgency of this update highlights the ongoing challenges companies face in securing their environments against evolving threats.
SCM feed for Latest
Recent reports indicate that ransomware attackers are increasingly using legitimate IT tools, such as Process Hacker and IOBit Unlocker, to bypass traditional antivirus software. These tools have deep access to operating system functions, allowing attackers to execute malicious activities without raising alarms. This trend poses significant risks to organizations, as it makes it harder for security systems to detect and prevent these kinds of attacks. Companies must reassess their security measures to account for the misuse of legitimate software, which could compromise sensitive data and disrupt operations. As attackers continue to evolve their tactics, it’s crucial for users and companies to stay vigilant and update their defenses accordingly.
Windows 11 users who attempted to install a problematic preview update released in March are encouraged to download a new out-of-band update that fixes installation errors. This recent update addresses issues that may have prevented users from successfully applying the earlier version. Affected users should check for the latest updates in their system settings to ensure they have the fix installed. This situation is important because installation errors can disrupt users' workflows and impact system stability. Keeping software up to date is crucial for security and performance.
Google has released a series of updates to address 21 vulnerabilities in its Chrome browser, including a significant zero-day flaw identified as CVE-2026-5281. This vulnerability affects the Dawn component of Chrome and has been exploited in the wild, which means attackers are actively taking advantage of it. Users of Chrome are urged to update their browsers to the latest version to protect themselves against potential exploits. Keeping browsers up to date is crucial as these vulnerabilities can allow unauthorized access or manipulation of user data. The timely patching of such vulnerabilities emphasizes the ongoing need for vigilance in maintaining cybersecurity.
A significant security vulnerability in TrueConf, a video conferencing software, has been actively exploited in attacks on government networks in Southeast Asia. This vulnerability, identified as CVE-2026-3502, has a CVSS score of 7.8, indicating its severity. The flaw stems from a lack of integrity checks when updating the application, which allows attackers to deliver malicious updates to users. The campaign, named TrueChaos, is specifically targeting government entities, making it a serious concern given the sensitive nature of the information handled by these organizations. Immediate action is necessary to protect affected systems from further exploitation.
A recent software update at Lloyds Banking Group has led to a significant security incident, affecting nearly 450,000 mobile banking users. On March 12, due to a faulty update, some customers were able to view the transaction details of other users within the banking app. This exposure raises concerns about customer privacy and the potential for misuse of financial information. Lloyds has acknowledged the issue and is likely working on a fix, but the incident underscores the vulnerabilities that can arise from software changes. For affected users, it's crucial to monitor their accounts closely and report any suspicious activity to the bank.
A recently discovered vulnerability in StrongSwan, a popular open-source VPN solution, allows unauthorized attackers to crash VPN services remotely. This integer underflow flaw affects StrongSwan versions released over the past 15 years, putting a wide range of users at risk. The vulnerability can be exploited without authentication, meaning attackers can target systems without any prior access. Organizations using StrongSwan should take this seriously, as it could lead to significant downtime and disruption of services. Users are advised to update their StrongSwan installations as soon as possible to mitigate the risk of exploitation.
A recent software update from Lloyds Bank has accidentally exposed mobile banking users' transaction details to other users of the app. This incident has affected around 450,000 individuals who may have had their sensitive information accessible to others using the same application. The breach raises significant concerns about data privacy and the security of financial transactions. Users are now at risk of having their banking activities viewed by unintended parties, which could lead to identity theft or fraud. Lloyds has acknowledged the issue and is working to rectify the situation, but the incident serves as a reminder of the vulnerabilities that can arise from software updates.
CareCloud, a healthcare IT company, is investigating a cybersecurity incident that may involve a data breach within one of its electronic health record systems. While the specifics of the breach have not been fully disclosed, the company is assessing the situation to determine the scope and impact. This incident raises concerns about the security of sensitive patient information, as breaches in healthcare can lead to significant risks for individuals, including identity theft and compromised medical records. The investigation is ongoing, and CareCloud is likely to update its clients and stakeholders as more information becomes available.
Infosecurity Magazine
A recent glitch in Lloyds Banking Group's app has exposed sensitive data of nearly 448,000 customers. During a routine update, the flaw allowed unauthorized access to transaction details and personal information, raising significant concerns about data privacy. The bank has acknowledged the issue and is investigating the extent of the exposure. Customers affected by this incident may need to monitor their accounts closely for any suspicious activity. This incident underscores the risks associated with software updates and the importance of robust security measures in protecting customer data.
Help Net Security
Google has rolled out new location privacy features in the Android 17 Beta 3, allowing users better control over their precise location data. A key addition is the location button, which enables one-time access to location information for tasks like finding nearby places or tagging content, without the need for continuous tracking. This update aims to minimize data collection practices and enhance user privacy while providing developers with the tools necessary to design safer applications. This change is particularly relevant as location data can often be sensitive, and users are increasingly concerned about how their information is used. By implementing these features, Google is responding to user demands for greater transparency and control over personal data.
BleepingComputer
Microsoft has withdrawn the KB5079391 update for Windows 11 after users reported installation issues resulting in error code 0x80073712. This non-security preview update was intended to enhance the operating system but instead caused problems for those attempting to install it. The company is now investigating the source of the error, which is affecting users who downloaded this particular update. For many, this means they may have to wait longer for fixes or improvements that were supposed to come with the update. It's a reminder of the potential complications that can arise from software updates and the importance of monitoring system changes closely.
BleepingComputer
A new type of malware called Torg Grabber is targeting users by stealing sensitive information from around 850 browser extensions, with over 700 specifically linked to cryptocurrency wallets. This malware is designed to capture private keys, passwords, and other critical data, posing a significant risk to individuals who manage their digital assets online. The widespread nature of this attack means that many popular wallet extensions could be compromised, leaving users vulnerable to financial theft. Researchers are urging users to be cautious about which extensions they install and to regularly update their security practices. This incident highlights the ongoing challenges in keeping digital assets safe from evolving cyber threats.
TP-Link has addressed a significant security vulnerability in its Archer NX router series, identified as CVE-2025-15517, which has a CVSS score of 8.6. This flaw allows attackers to bypass authentication measures, potentially enabling them to install malicious firmware on affected devices. The vulnerability affects several models, including the Archer NX200, NX210, and NX500, among others. Users of these routers are urged to update their firmware promptly to protect against potential exploits. This incident is particularly concerning as it highlights the risks associated with consumer-grade networking equipment, which often lacks robust security measures.