Security

Apple released iOS 17.4 on Tuesday, more than a month after the tech giant released iOS 17.3. While the latest update brings new emoji to all users and new app store capabilities to people in the European Union, it also patches a few issues that Apple said might be actively exploited.

To download the update, go to Settings > General > Software Update, tap Install Now and follow the onscreen prompts.

VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products.

A worm that uses clever prompt engineering and injection is able to trick generative AI (GenAI) apps like ChatGPT into propagating malware and more.

In a laboratory setting, three Israeli researchers demonstrated how an attacker could design "adversarial self-replicating prompts" that convince a generative model into replicating input as output – if a malicious prompt comes in, the model will turn around and push it back out, allowing it to spread to further AI agents. The prompts can be used for stealing information, spreading spam, poisoning models, and more.

Hackers backed by the North Korean government gained a major win when Microsoft left a Windows zero-day unpatched for six months after learning it was under active exploitation.

The thought of quantum computing may elicit a shrug from many a CISO who has enough on their plate already and has decided that’s an issue for the future. My take: get into the conversation, as it is your entity that will be affected sooner or later when post-quantum cryptography becomes a possibly concerning reality.

The Ukrainian Defense Ministry’s Main Directorate of Intelligence (HUR) says its cyber specialists have penetrated Russian Defense Ministry computer systems via cyberattack, obtaining secret documents and data revealing the military organizational structure and personal info on key leaders.

Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s a likely harbinger of what’s to come.

As generative AI systems like OpenAI's ChatGPT and Google's Gemini become more advanced, they are increasingly being put to work. Startups and tech companies are building AI agents and ecosystems on top of the systems that can complete boring chores for you: think automatically making calendar bookings and potentially buying products. But as the tools are given more freedom, it also increases the potential ways they can be attacked.

On a recent Thursday afternoon, a Consumer Reports journalist received an email containing a grainy image of herself waving at a doorbell camera she’d set up at her back door.

If the message came from a complete stranger, it would have been alarming. Instead, it was sent by Steve Blair, a CR privacy and security test engineer who had hacked into the doorbell from 2,923 miles away.

Internet-of-things (IoT) devices that use Microsoft’s uAMQP C library for communication with Azure Cloud Services may be vulnerable to remote code execution (RCE) due to a critical vulnerability disclosed on Tuesday.