In October 2024, Cyble also disclosed details of a sophisticated multi-stage attack campaign orchestrated by a Vietnamese threat actor that targeted job seekers and digital marketing professionals with Quasar RAT using phishing emails containing booby-trapped job description files.
BatShadow is assessed to be active for at least a year, with prior campaigns using similar domains, such as samsung-work[.]com, to propagate malware families including Agent Tesla, Lumma Stealer, and Venom RAT.
“The BatShadow threat group continues to employ sophisticated social engineering tactics to target job seekers and digital marketing professionals,” Aryaka said. “By leveraging disguised documents and a multi-stage infection chain, the group delivers a Go-based Vampire Bot capable of system surveillance, data exfiltration, and remote task execution.”
Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits.
The efforts add to the company’s ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz.
DeepMind said the AI agent is designed to be both reactive and proactive, by fixing new vulnerabilities as soon as they are spotted as well as rewriting and securing existing codebases with an aim to eliminate whole classes of vulnerabilities in the process.
Redis fixes 13-year CVSS 10 flaw allowing Lua script-based remote code execution in all versions.
Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model’s behavior, and silently poison its data.
ASCII smuggling is an attack where special characters from the Tags Unicode block are used to introduce payloads that are invisible to users but can still be detected and processed by large-language models (LLMs).
It’s similar to other attacks that researchers presented recently against Google Gemini, which all exploit a gap between what users see and what machines read, like performing CSS manipulation or exploiting GUI limitations.
The amplituhedron is a geometric shape with an almost mystical quality: Compute its volume, and you get the answer to a central calculation in physics about how particles interact.
Now, a young mathematician at Cornell University named Pavel (Pasha) Galashin has found that the amplituhedron is also mysteriously connected to another completely unrelated subject: origami, the art of paper folding. In a proof posted in October 2024, he showed that patterns that arise in origami can be translated into a set of points that together form the amplituhedron. Somehow, the way paper folds and the way particles collide produce the same geometric shape.
“Pasha has done some brilliant work related to the amplituhedron before,” said Nima Arkani-Hamed, a physicist at the Institute for Advanced Study who introduced the amplituhedron in 2013 with his graduate student at the time, Jaroslav Trnka. “But this is next-level stuff for me.”