Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Anonymous Hackers Steal Flight Data from US Deportation Airline GlobalX

A hacker group claiming affiliation with Anonymous says it breached GlobalX Airlines, leaking sensitive flight and passenger data…

HackRead
Open in Source
#web#amazon#git#aws#auth#sap
GHSA-2487-9f55-2vg9: OZI-Project/ozi-publish Code Injection vulnerability

### Impact Potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. ### Patches This is patched in 1.13.6 ### Workarounds Downgrade to <1.13.2 ### References * [Understanding the Risk of Script Injections](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections)

FakeUpdates, Remcos, AgentTesla Top Malware Charts in Stealth Attack Surge

Check Point’s April 2025 malware report reveals increasingly sophisticated and hidden attacks using familiar malware like FakeUpdates, Remcos,…

⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams

What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It's not just clever—it’s

A week in security (May 4 &#8211; May 10)

A list of topics we covered in the week of May 4 to May 10 of 2025

New SEO Poisoning Campaign Targeting IT Admins With Malware

Varonis reveals attackers are using SEO poisoning to trick IT admins into downloading malware, alongside a critical root…

GHSA-7c85-87cp-mr6g: LlamaIndex Vulnerable to Denial of Service (DoS)

A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.

ICE’s Deportation Airline Hack Reveals Man ‘Disappeared’ to El Salvador

Plus: A DOGE operative’s laptop reportedly gets infected with malware, Grok AI is used to “undress” women on X, a school software company’s ransomware nightmare returns, and more.

Google Chrome will use AI to block tech support scam websites

Google announced it will equip Chrome with an AI driven method to detect and block Tech Support Scam websites

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have "actively and continuously" updated the malware, introducing versions v3 and v4 in