Security
Headlines
HeadlinesLatestCVEs

Latest News

5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs

Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's content delivery network (CDN) to deliver the Lumma stealer malware. Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing PDF files that redirect victims to malicious websites. "The attacker uses SEO to trick victims into

The Hacker News
#web#pdf#The Hacker News
Man Jailed 24 Years for Running Dark Web CSAM Sites from Coffee Shop

Louis Donald Mendonsa, 62, was sentenced following a guilty plea for distributing child sexual abuse materials (CSAM) via…

Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content. The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft's Azure OpenAI Service. The tech giant is

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding the problem when LLMs end up suggesting insecure coding practices to their users. Truffle

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant. Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho, which it said bears a "strong resemblance" to Awaken Likho (aka Core Werewolf, GamaCopy, and

GHSA-pwhh-q4h6-w599: Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

### Summary The `CacheHandler` class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cache_handler.py#L93-L98 The file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. I think `600` is a sensible default. ![image](https://github.com/user-attachments/assets/0b7ebbc1-a27a-4528-ab6a-135c7886766a) ### Details This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. ### PoC Run an application that uses spotipy with client creation like this: ```python from pathlib import Path import spotipy from os import getenv def create_spotify_client(client_id: str, client_secret: str) -> spotipy.Spotify: """Create and return an auth...

PayPal’s “no-code checkout” abused by scammers

Malicious Google ads are redirecting PayPal users looking for assistance to fraudulent pay links embedding scammers' phone numbers.

GHOSTR Hacker Linked to 90+ Data Breaches Arrested

A hacker using the alias GHOSTR, linked to 90+ data breaches, was arrested in a joint effort by law enforcement in Thailand, Singapore, and cybersecurity firm Group-IB.

eCommerce Customer Service Tips For Online Support: The Basics

Strong eCommerce customer service builds trust, boosts loyalty, and drives sales. Learn key strategies, best practices, and tools to enhance online support.

GHSA-wfxg-v3j4-7qmj: Memos Server-Side Request Forgery (SSRF)

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.