Dev rejects CVE severity, makes his GitHub repo read-only
The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of…
Polyfill claims it has been ‘defamed’, returns after domain shut down
The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as…
Cloudflare: We never authorized polyfill.io to use our name
Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized…
Plugins on WordPress.org backdoored in supply chain attack
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that…
New attack uses MSC files and Windows XSS flaw to breach networks
A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform…
‘ONNX’ MFA Bypass Targets Microsoft 365 Accounts
The service, likely a rebrand of a previous operation called 'Caffeine,' mainly targets financial institutions in the Americas and EMEA…
ONNX phishing service targets Microsoft 365 accounts at financial firms
A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR…
Fake Google Chrome errors trick you into running malicious PowerShell scripts
A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell…
New ARM ‘TIKTAG’ attack impacts Google Chrome, Linux systems
A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance…
New V3B phishing kit targets customers of 54 European banks
Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland,…