Security
Code trust crisis: Is it safe to update your system during an active supply chain attack?
Running a routine Python pip update command on March 24 could’ve pulled malware that stole passwords and crypto savings. Running npm update a week later could've dropped a trojan. Critical LiteLLM and axios attacks expose just how vulnerable dependency trees are. But can you get infected just by running OS update commands like “apt update,” “dnf upgrade,” or “brew upgrade?”
Read more about Code trust crisis: Is it safe to update your system during an active supply chain attack?
Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware
Axios, a hugely popular JavaScript library with 100 million weekly downloads, has been hit by a critical supply chain attack. In a recurring open-source security crisis, developers unknowingly pulled a remote-access trojan from compromised releases.
Read more about Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware
CareCloud hit by breach, patient health records at risk
Healthcare software provider CareCloud has experienced a “temporary network disruption,” partially impacting the functionality and data access to one of its electronic health environments.
Read more about CareCloud hit by breach, patient health records at risk
Hackers exploit LinkedIn message alerts to hijack your login credentials
Hackers are sending fake LinkedIn emails touting supposed job opportunities, but unsuspecting users who click through are redirected to a malicious login page designed to steal their credentials instead.
Read more about Hackers exploit LinkedIn message alerts to hijack your login credentials
This ChatGPT flaw could send confidential info to attackers with just one prompt
A vulnerability in OpenAI’s ChatGPT could have allowed attackers to steal sensitive data by tricking users into pasting a single malicious prompt into conversations.
Read more about This ChatGPT flaw could send confidential info to attackers with just one prompt
Zero-click vulnerability afflicts Telegram, allows full device takeover through animated stickers
A critical zero-click vulnerability on Telegram for both Android and Linux allows remote code execution (RCE) through simple animated stickers. Importantly, no user interaction is required.
Read more about Zero-click vulnerability afflicts Telegram, allows full device takeover through animated stickers
Researchers warn that macOS users face browser credential-stealing attack
A newly identified macOS malware campaign is showing how techniques that worked on Windows – like ClickFix – are now being adapted to target Mac users.
Read more about Researchers warn that macOS users face browser credential-stealing attack
It looks bad: inside ShinyHunters’ European Commission data breach
The European Commission is attempting to manage the fallout of last week’s massive data breach. It’s already admitted the data theft, but now, the notorious ShinyHunters gang has posted more than 350GB of it on the dark web. Quite a few cyber pros are calling the attack “catastrophic.”
Read more about It looks bad: inside ShinyHunters’ European Commission data breach
Ajax silenced hacker who found 2017 data breach
Ajax also faced a data breach in 2017, but tried to hide the incident from the public. For years, the Dutch soccer club was successful, but recently the truth has come to light.
Read more about Ajax silenced hacker who found 2017 data breach
Handala claims hack of FBI Director Kash Patel’s personal email
Handala is now claiming it hacked FBI Director Kash Patel’s personal email account — just one week after FBI agents seized website infrastructure tied to the group.
Read more about Handala claims hack of FBI Director Kash Patel’s personal email
Lloyds exposed nearly half a million customers' data in banking app glitch
Lloyds Banking Group exposed the personal data of up to 447,936 customers during an IT glitch earlier this month. The glitch allowed users to see other customers' transactions, including account details and national insurance numbers, Britain's Treasury Committee said on Friday.
Read more about Lloyds exposed nearly half a million customers' data in banking app glitch
Critical Citrix NetScaler bug: nearly 40,000 instances exposed to unauthenticated attackers
Nearly 40,000 NetScaler ADC and NetScaler Gateway instances, hosting 173,000 web services, were found exposed online after the vendor Citrix disclosed a critical vulnerability. The flaw allows attackers to compromise systems without login or user interaction.
Read more about Critical Citrix NetScaler bug: nearly 40,000 instances exposed to unauthenticated attackers
Chinese hackers are hiding deep inside telecom networks to spy on entire populations
A covert campaign is targeting global telecommunications networks, with links to the China-affiliated threat actor Red Menshen. The activity has raised alarms over potential espionage, as the attackers appear capable of monitoring and possibly disrupting critical communications infrastructure.
Read more about Chinese hackers are hiding deep inside telecom networks to spy on entire populations
Researchers find hundreds of exposed API keys providing access to AWS, GitHub, Stripe, and OpenAI
Clearly, developers will have a lot on their plates – security researchers from Stanford University analyzed 10 million websites and found almost 2,000 API credentials across 10,000 of them. The keys are valid and provide access to services such as AWS, GitHub, and OpenAI.
Read more about Researchers find hundreds of exposed API keys providing access to AWS, GitHub, Stripe, and OpenAI
Hackers are hijacking TikTok business accounts to steal credentials in real time
Hackers are hijacking TikTok business accounts using phishing kits that bypass 2FA and steal credentials in real time. Researchers say Google logins make the attacks even more dangerous.
Read more about Hackers are hijacking TikTok business accounts to steal credentials in real time
EU investigates Snapchat for exposing children to grooming, drugs, and illegal product sales
The European Commission has formally opened an inquiry into Snapchat to determine whether the photo-sharing platform provides adequate safeguards for children's safety, privacy, and security online.
Read more about EU investigates Snapchat for exposing children to grooming, drugs, and illegal product sales
LiteLLM breach spawning the largest cybercrime operation the world has ever seen
Hackers are planning to equip over 300,000 dark web forum users with ransomware, inviting them to exploit stolen data from recent supply chain attacks. This follows the LiteLLM hack, which compromised a massively popular Python library integrated across thousands of AI projects.
Read more about LiteLLM breach spawning the largest cybercrime operation the world has ever seen
Iranian group behind Stryker breach threatens Lockheed Martin staff in Israel
Days after the FBI seized four websites tied to Handala, an Iranian hacking group masquerading as a hacktivist organization, the gang has demonstrated it’s alive and kicking, leaking sensitive data of Lockheed Martin engineers allegedly working on military projects in Israel.
Read more about Iranian group behind Stryker breach threatens Lockheed Martin staff in Israel
Unusually, LeakBase admin gets nabbed in Russia, his home base
It’s very rare for Russian law enforcement to go after a Russia-based cybercriminal forum that doesn’t trade in local data – but that’s what just happened. The alleged administrator of LeakBase has been arrested in the city of Taganrog.
Read more about Unusually, LeakBase admin gets nabbed in Russia, his home base
Hackers threaten Mark Cuban-backed ZenBusiness with data leak of "several terabytes" of data
The ShinyHunters group – lately on a hacking spree – has threatened to release “several terabytes” of data stolen from ZenBusiness, an online LLC formation and compliance platform, unless the company pays a ransom.
Read more about Hackers threaten Mark Cuban-backed ZenBusiness with data leak of "several terabytes" of data
