A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.
...moreSummary
Top Articles:
- Swipe Right for Data Leaks: Dating Apps Expose Location, More
- Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4
- GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects
- 20 Million Trusted Domains Vulnerable to Email Hosting Exploits
- Google Kubernetes Clusters Suffer Widespread Exposure to External Attackers
- Russia's Fancy Bear Pummels Windows Print Spooler Bug
- D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day
- 300K Internet Hosts at Risk for 'Devastating' Loop DoS Attack
- Attackers Exploit 'EvilVideo' Telegram Zero-Day to Hide Malware
- Cisco Zero-Days Anchor 'ArcaneDoor' Cyber-Espionage Campaign
Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection
Published: 2024-04-05 11:34:21
Popularity: None
Author: Elizabeth Montalbano, Contributing Writer
300K Internet Hosts at Risk for 'Devastating' Loop DoS Attack
Published: 2024-03-21 18:17:06
Popularity: 8
Author: Elizabeth Montalbano, Contributing Writer
Attackers can create a self-perpetuating, infinite scenario in such a way that volumes of traffic overwhelm network resources indefinitely.
...moreGoogle Kubernetes Clusters Suffer Widespread Exposure to External Attackers
Published: 2024-01-25 16:40:00
Popularity: 16
Author: Elizabeth Montalbano, Contributing Writer
Misunderstanding the permissions of an authentication group in Google Kubernetes Engine (GKE) opens millions of containers to anyone with a Google account.
...moreD-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day
Published: 2024-05-15 15:42:28
Popularity: 10
Author: Elizabeth Montalbano, Contributing Writer
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
...moreRussia's Fancy Bear Pummels Windows Print Spooler Bug
Published: 2024-04-23 13:21:39
Popularity: 14
Author: Elizabeth Montalbano, Contributing Writer
The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.
...moreCisco Zero-Days Anchor 'ArcaneDoor' Cyber-Espionage Campaign
Published: 2024-04-25 15:59:45
Popularity: 6
Author: Elizabeth Montalbano, Contributing Writer
Attacks by a previously unknown threat actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.
...moreOkta Warns Once Again of Credential-Stuffing Attacks
Published: 2024-05-30 15:43:41
Popularity: 6
Author: Elizabeth Montalbano, Contributing Writer
🤖: "password fail"
This time it's the identity management service provider's cross-origin authentication feature that's being targeted by adversaries.
...more20 Million Trusted Domains Vulnerable to Email Hosting Exploits
Published: 2024-07-18 17:53:43
Popularity: 21
Author: Elizabeth Montalbano, Contributing Writer
🤖: "Email fail"
Three newly discovered SMTP smuggling attack techniques can exploit misconfigurations and design decisions made by at least 50 email-hosting providers.
...moreSwipe Right for Data Leaks: Dating Apps Expose Location, More
Published: 2024-07-22 18:18:55
Popularity: 145
Author: Elizabeth Montalbano, Contributing Writer
🤖: "Data leak alert"
Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.
...moreAttackers Exploit 'EvilVideo' Telegram Zero-Day to Hide Malware
Published: 2024-07-23 16:21:16
Popularity: 7
Author: Elizabeth Montalbano, Contributing Writer
🤖: "Sneaky malware"
An exploit sold on an underground forum requires user action to download an unspecified malicious payload.
...moreSecurity Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4
Published: 2024-07-25 15:32:05
Popularity: 22
Author: Elizabeth Montalbano, Contributing Writer
🤖: "oops, hired wrong guy"
A software engineer hired for an internal IT AI team immediately became an insider threat by loading malware onto his workstation.
...moreGitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects
Published: 2024-08-14 14:16:57
Popularity: 22
Author: Elizabeth Montalbano, Contributing Writer
🤖: ""Ouch, they're vulnerable""
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.
...morePython-Based Malware Slithers Into Systems via Legit VS Code
Published: 2024-10-02 15:18:01
Popularity: 6
Author: Elizabeth Montalbano, Contributing Writer
🤖: "Sneaky snake"
The prolific Chinese APT Mustang Panda is the likely culprit behind a sophisticated cyber-espionage attack that sets up persistent remote access to victim machines.
...more