The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...

Coempt gave CBSE cyber certificates that were expired, tied to other client

The cybersecurity certificates submitted to CBSE for its OSM platform were outdated and covered a different client's deployment, raising questions on the platform's actual security.

Why decades-old attacks still work, and why that should worry you

AI systems inherit decades-old security flaws many organizations still fail to address consistently.
RCR Wireless NewsOpinion

At-scale testing for LLM implementations and guardrails (Reader Forum)

As AI becomes the public face of business, organizations must validate performance, security, and cost efficiency at scale.

Internal Red Flags, CERT-In Warnings, Firm Track Record: What CBSE Ignored For OSM Tender

CBSE OSM: What was projected as a major digital transformation in India’s school examination system is now facing intense ...
Cryptopolitan on MSN

North Korea’s Lazarus turns to fileless malware in new crypto attacks

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.
Newspoint on MSN

CBSE accepted fake security certificate for exam platform

Hyderabad: The cybersecurity certificates that the Central Board of Secondary Education (CBSE) accepted as proof that its ...