Login Subscribe

7secure Coverage

Articles

Search and filter the broader reporting stream across incidents, AI security, policy, and operational coverage.

Compliance & Regulation

NCSC Unveils AI Playbook to Shield Critical Infrastructure

NCSC Unveils AI Playbook to Shield Critical Infrastructure

The UK National Cyber Security Centre released a detailed guidance package aimed at securing generative AI deployments across the nation’s critical infrastructure sectors. The paper maps out realistic threat scenarios—such as prompt injection, model poisoning, and data exfiltration—and provides concrete mitigation tactics, from sandboxed model hosting to

Vulnerabilities & Exploits

Critical XFS Kernel Flaw (CVE‑2024‑2150) Lets Cloud Containers Escape to Root

Critical XFS Kernel Flaw (CVE‑2024‑2150) Lets Cloud Containers Escape to Root

CVE‑2024‑2150 is a critical Linux kernel vulnerability that arises from malformed XFS filesystem operations. The flaw allows a local, unprivileged process to corrupt kernel memory and elevate its privileges to root. Exploits have already been observed in the wild, specifically targeting multi‑tenant cloud platforms where containers share

Vulnerabilities & Exploits

Critical Exchange Server Zero‑Day Exploited in the Wild – Patch Now

Critical Exchange Server Zero‑Day Exploited in the Wild – Patch Now

Microsoft disclosed a critical zero‑day vulnerability (CVE‑2024‑XXXXX) in on‑premises Exchange Server that permits unauthenticated attackers to execute arbitrary code. Exploitation chains observed in the wild use specially crafted HTTP requests to trigger the flaw and drop custom web shells, giving threat actors persistent control over the

EU Proposes Tough AI Security Rules for High‑Risk Systems

EU Proposes Tough AI Security Rules for High‑Risk Systems

The European Commission has released a draft AI cybersecurity framework that targets systems classified as high‑risk. The proposal obliges providers to conduct regular risk assessments, publish clear technical documentation, and adhere to a unified breach‑notification protocol across member states. It also introduces transparency duties, such as informing users

Malware & Ransomware

DarkSide Ransomware Returns with Data‑Stealing Upgrade, Targets Critical Infrastructure

DarkSide Ransomware Returns with Data‑Stealing Upgrade, Targets Critical Infrastructure

The DarkSide ransomware gang, dormant for six months, has resurfaced with a revamped payload that first exfiltrates victim data before encrypting files. The group now threatens to release stolen information publicly unless a ransom is paid, adding a double‑extortion lever to its attack chain. Its renewed focus on critical