Like Seat Belts and Airbags, 2FA Must Be Mandatory ASAP
One of the worst hacks in history demonstrated that any online service must force its users to adopt at least…
A mishandled GitHub token exposed Mercedes-Benz source code
A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. [...]
Microsoft Teams phishing pushes DarkGate malware via group chats
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims'…
Docker hosts hacked in ongoing website traffic theft scheme
A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing…
CISA Adds 9.8 ‘Critical’ Microsoft SharePoint Bug to its KEV Catalog
It's a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.
Over 150k WordPress sites at takeover risk via vulnerable plugin
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take…
Mandiant’s X account hacked by crypto Drainer-as-a-Service gang
Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it…
Here’s Some Bitcoin: Oh, and You’ve Been Served!
A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet…
Twilio will ditch its Authy desktop 2FA app in August, goes mobile only
The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users…
Securing helpdesks from hackers: What we can learn from the MGM breach
In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to…