From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions.
On the defense side, AI is stepping up to block ransomware in real time, but privacy fights over data access and surveillance are heating up just as fast.
It’s a week that shows how wide the battlefield has become — from the apps on our phones to the cars we drive. Don’t keep this knowledge to yourself: share this bulletin to protect others, and add The Hacker News to your Google News list so you never miss the updates that could make the difference.
-
Claude Now Finds Your Bugs
Anthropic said it has rolled out a number of safety and security improvements to Claude Sonnet 4.5, its latest coding focused model, that make it difficult for bad actors to exploit and secure the system against prompt injection attacks,
sycophancy (i.e., the tendency of an AI to echo and validate user beliefs no matter how delusional or harmful they may be),
and child safety risks. “Claude’s improved capabilities and our extensive safety training have allowed us to substantially improve the model’s behavior, reducing concerning behaviors like sycophancy, deception, power-seeking, and the tendency to encourage delusional thinking,”
the company said. “For the model’s agentic and computer use capabilities, we’ve also made considerable progress on defending against prompt injection attacks, one of the most serious risks for users of these capabilities.”
The AI company said the latest model has better defensive cybersecurity abilities, such as vulnerability discovery, patching, and basic penetration testing capabilities. However, it did acknowledge that these tools could be “dual-use,” meaning they might also potentially be used by malicious actors, as well as cybersecurity professionals.
Generative AI systems like those offered by Microsoft and OpenAI are at the forefront of a battle between companies providing sophisticated text and image generation capabilities and malicious actors looking to exploit them. -
Scan Waves Hint Pre-Exploit Staging
The SANS Internet Storm Center Security has disclosed its observation of a significant increase in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability
(CVE-2024-3400). The vulnerability, disclosed last year, is a command injection vulnerability that could be exploited by an unauthenticated attacker to execute arbitrary code with root privileges on susceptible firewalls.
SANS ISC said it has detected specially crafted requests that seek to upload a TXT file and subsequently attempt to retrieve…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
