Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Extension Poisoning Campaign Highlights Gaps in Browser Security

Evidence suggests that some of the payloads and extensions may date as far back as April 2023.

DARKReading
#web#mac#google#cisco#java#oauth#auth#chrome
North Korea's Lazarus APT Evolves Developer-Recruitment Attacks

"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.

OWASP's New LLM Top 10 Shows Emerging AI Threats

Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error.

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

An ongoing malvertising campaign steals Google advertiser accounts via fraudulent ads for Google Ads itself.

Slew of WavLink vulnerabilities

Lilith >_> of Cisco Talos discovered these vulnerabilities.  Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.   The Wavlink AC3000 wireless router is one of the

Microsoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIP

CVE-2024-44243, a critical macOS vulnerability discovered recently by Microsoft, can allow attackers to bypass Apple’s System Integrity Protection…

Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers

A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research in…

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People's Republic of China (PRC

As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks

In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.