Hackers target FCC, crypto firms in advanced Okta phishing attacks
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on…
GitHub enables push protection by default to stop secrets leak
GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access…
Malicious code in Tornado Cash governance proposal puts user funds at risk
Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private…
Like Seat Belts and Airbags, 2FA Must Be Mandatory ASAP
One of the worst hacks in history demonstrated that any online service must force its users to adopt at least…
A mishandled GitHub token exposed Mercedes-Benz source code
A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. [...]
Microsoft Teams phishing pushes DarkGate malware via group chats
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims'…
Docker hosts hacked in ongoing website traffic theft scheme
A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing…
CISA Adds 9.8 ‘Critical’ Microsoft SharePoint Bug to its KEV Catalog
It's a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.
Over 150k WordPress sites at takeover risk via vulnerable plugin
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take…
Mandiant’s X account hacked by crypto Drainer-as-a-Service gang
Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it…