DifyTap Bugs Let Attackers 'Wiretap' AI Chat Histories
Four vulnerabilities allow attackers to exploit Dify, a platform for AI application building and management, to silently access and exfiltrate sensitive data.
Four vulnerabilities allow attackers to exploit Dify, a platform for AI application building and management, to silently access and exfiltrate sensitive data.
A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. [...]
Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials. [...]
The cuts come as Karl Storz plans to retire the Asensus brand and the Senhance robot as part of organizational changes.
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline, injecting backdoor…
Apple has released a security update to patch a Beats Studio Buds flaw that let nearby hackers listen to conversations through the microphone.
Microsoft has confirmed that Windows 11 version 26H2 will be the next feature update and that devices running Windows 11 24H2 and 25H2 will be able to upgrade using a small enablement package. [...]
A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. [...]
Starts November 15th in Las Vegas - HLTH is the premier health innovation event, connecting the entire health ecosystem to transform care delivery, fund biotech disruptors, and scale digital health. Register today for the best rates! The post Register for HLTH 2026 in Las Vegas a…
How HIPAA applies to self-funded health plans and third-party administrators JD Supra
HHS Launches Unprecedented Department-Wide Effort to Restore American Leadership in Clinical Trials HHS.gov
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers' application…
Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.
Executives with Abbott, PercuSense and Biolinq spoke with MedTech Dive about what’s next with multi-analyte sensor technology.
Around 3 million Texas licence holders face a data breach after hackers targeted a third-party vendor, exposing driver's licences and passport numbers.
J&J’s Abiomed and manufacturing partner Oscor warned of a bleeding risk from devices used to introduce catheters to the body.
Fosters Innovation for the Medicare Drug Price Negotiation Program - A new proposal from the CMS would establish a permanent framework for the Medicare Drug Price Negotiation Program, creating a more transparent and sustainable process for lowering drug costs for millions of Medi…
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squi…
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must layer up their security measures.