Coinbase funds lawsuit against Tornado Cash cryptomixer sanctions
Coinbase announced on Tuesday that it is funding a lawsuit brought by six people in the U.S. against the Department…
EvilProxy Commodifies Reverse-Proxy Tactic for Phishing, Bypassing 2FA
The phishing-as-a-service offering targets accounts from tech giants, and also has connections to PyPI phishing and the Twilio supply chain…
New EvilProxy service lets all hackers use advanced phishing tactics
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on…
Malware dev open-sources CodeRAT after being exposed
The source code of a remote access trojan (RAT) dubbed 'CodeRAT' has been leaked on GitHub after malware analysts confronted the…
Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious…
The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks
While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud…
Google launches open-source software bug bounty program
Google will now pay security researchers to find and report bugs in the latest versions of Google-released open-source software (Google…
Twilio breach let hackers see Okta’s one-time MFA passwords
The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS to from…
‘Sliver’ Emerges as Cobalt Strike Alternative for Malicious C2
Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting to an open source attack-emulation…
Capital One Joins Open Source Security Foundation
OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.