Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

Malvertisers Fool Google With AI-Generated Decoy Content

Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites.

DARKReading
#web#mac#google#microsoft#amazon#git#intel#backdoor#auth
Pallet liquidation scams and how to recognize them

Pallet liquidation is an attractive playing field for online scammers. Will you receive goods or get your credit card details stolen?

GHSA-m56h-5xx3-2jc2: Prototype pollution in jsii.configureCategories

## Summary `jsii` is a TypeScript to JavaScript compiler that also extracts an interface definition manifest to generate RPC stubs in various programming languages. jsii is typically used as a command-line tool, but it can also be loaded as a library. When loaded as a library into a larger application, prototype pollution may happen if untrusted user input is passed to the library. When used as a command line-tool, this pollution cannot occur. ## Impact You may be impacted if you have written an application that loads jsii as a library, and passes untrusted user input into the `jsii.configureCategories()` function. In that case, a user can craft input in such a way that, following the invocation, a field named "category" with a user-controlled value is added to the JavaScript Object prototype. This will cause every object in the program (both new and existing) to have a field named "category", even if it shouldn't. **This will not affect jsii itself, but it might affect the applic...

5 million payment card details stolen in painful reminder to monitor Christmas spending

An online repository of screenshots where victims filled out their payment card details online was publicly accessible.

Drug Dealers Have Moved Onto Social Media

The marketing of illegal drugs on open platforms is “gaining prominence,” authorities note, while the number of drug transactions on the darkweb has decreased in recent years.

Task scams surge by 400%, but what are they?

Task scams are a new type of scams where victims are slowly tricked into paying to get paid for repetitive simple tasks

4.8 million healthcare records left freely accessible

Care1, a Canadian healthcare solutions provider left a cloud storage instance freely accessible and unencrypted for anyone to find.

The Role of Blockchain and Smart Contracts in Securing Digital Transactions

Learn how blockchain and smart contracts improve cybersecurity factors in online transactions, remove the element of fraud, and…

336K Prometheus Instances Exposed to DoS, 'Repojacking'

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

Symmetrical Cryptography Pioneer Targets the Post-Quantum Era

Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.