KnowledgeDeliver flaw exploited as a zero-day to install web shells
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. [...]
Insights
Practical writing on software architecture, SaaS products, AI automation, legacy modernisation, and the business of building reliable systems.
Curated links from external sources — not 360Softy original articles.
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. [...]
The transition from "Chatbots" to "Autonomous Agents" represents the most significant shift in enterprise software architecture since the move to the cloud. However, as we grant AI agents the ability to use tools, access databases, and execute code, we introduce a terrifying new attack surface. In a traditional setup, a user interacts with a model. In an Agentic Workflow, the model interacts with your infrastructure. If not properly architected, an agent can become a "super-user" with no account
"BadHost" was found in Starlette, a package with 325 million weekly downloads.
Enterprise owners now have granular control over which GitHub Copilot models are available to each organization. With targeted model rules, you can allow specific models for specific organizations instead of… The post Target Copilot models to organizations with model rules appeared first on The GitHub Blog.
In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.
U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]
A recent congressional hearing highlighted how states are reeling from federal cutbacks to important cyber grants and information sharing initiatives amid damaging attacks to critical infrastructure.
Comments
Work with 360Softy
Book a free consultation and we will tell you honestly whether we can help.