NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

Threat Score:

The Hacker News

1 day ago

Part of cluster #1639

Overview

A newly disclosed set of security flaws inNVIDIA's Triton Inference Serverfor Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution (RCE)," Wiz researchers Ronen Shustin and Nir Ohfeldsaidin a report published today. Thevulnerabilities...

Continue Reading on Original Site

5 articles

Destructive Ransomware is Outpacing Your Recovery Plan

Morphisec News • 5 hours ago

Discover why data recovery is the biggest breach cost driver—and how you can foritfy your ransomware recovery plan.

Score

CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin

OSS Security • 4 hours ago

oss-secmailing list archives CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin Current thread: CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum pluginNicolas Malin (Aug 05)

Score

Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware

SecurityWeek • 2 hours ago

Microsoft has unveiled Project Ire, a prototype autonomous AI agent that can analyze any software file to determine if it’s malicious.

Score

Microsoft Launches Zero-Day Quest Hacking Contest with Rewards Up to $5 Million

GB Hackers • 2 hours ago

Microsoft Launches Zero-Day Quest Hacking Contest with Rewards Up to $5 Million Microsoft has unveiled the return of its groundbreaking Zero Day Quest initiative, escalating the stakes in cybersecurity research with a staggering total bounty pool of up to $5 million. Building on the success of last year’s inaugural event, which offered $4 million in awards and garnered overwhelming participation from the global security community, this year’s program intensifies focus on high-impact vulnerabilit

Score

APT36 Targets Indian Government: Credential Theft Campaign Uncovered

GB Hackers • 5 hours ago

APT36 Targets Indian Government: Credential Theft Campaign Uncovered A sophisticated phishing campaign attributed with medium confidence to the Pakistan-linked APT36 group, also known as Transparent Tribe or Mythic Leopard, has been uncovered targeting Indian defense organizations and government entities. This operation employs typo-squatted domains that mimic official Indian government platforms, such as mail.mgovcloud.in and virtualeoffice.cloud, to deceive users into surrendering credentials.

Score

CVES

CVE-2025-23310

CVE-2025-23311

CVE-2025-23317

CVE-2025-23319

CVE-2025-23320

ATTACK TYPES

Data Manipulation

Denial of Service

Information Disclosure

Remote Code Execution

VULNERABILITIES

Denial of Service

Information Disclosure

RCE

Remote Code Execution

COMPANIES

NVIDIA

Wiz

SECURITY VENDORS

Wiz

PLATFORMS

Linux

Triton Inference Server

Windows

APT GROUPS

APT41

RANSOMWARE

Python

MALWARE

Leverage

Triton

MITRE ATT&CK

T1003

T1053

T1059.001

T1059.006

T1060

INDUSTRIES

Artificial Intelligence

Technology

ARTICLE INFORMATION

Article #8318

Published 1 day ago

The Hacker News

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

Destructive Ransomware is Outpacing Your Recovery Plan

CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin

Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware

Microsoft Launches Zero-Day Quest Hacking Contest with Rewards Up to $5 Million

APT36 Targets Indian Government: Credential Theft Campaign Uncovered

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies