GitLab rolled out security patches to address a critical flaw (CVE-2023-5009) that can be exploited to run pipelines as another user.
I recently found an integer overflow in the Linux kernel, which leads
to the kernel allocating skb_shared_info in the userspace, which is
exploitable in systems without SMAP protection since skb_shared_info
contains references to function pointers.
A phony proof-of-concept (PoC) code for CVE-2023-40477 delivered a payload of VenomRAT. We detail our findings, including an analysis of the malicious code.
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
Bethesda's roadmap for the fiscal years starting in 2020 and ending in 2024 has made its way online as part of the documents leaked from the FTC v. Microsoft case.
A software repository on GitHub dedicated to supplying open-source code and AI models for image recognition was left open to manipulation by bad actors thanks to an insecure URL.
Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology sectors.
The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage.
The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.
According to the Manchester Evening News the stolen data included the names and pictures of police officers held by the supplier for use on thousands of ID badges.
The Irish Data Protection Commission (DPC) fined TikTok €345 million ($368 million) for violating the privacy of children.
Due to a recent Google change, MFA isn't truly MFA.
Google's app for generating MFA codes syncs to user accounts by default. Who knew?
Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.
Adobe's September 2023 update addresses a new zero-day vulnerability (CVE-2023-26369) in Acrobat and Reader that attackers are exploiting in the wild.
Un ancien ministre de Vladimir Poutine et la famille du patron d'une entreprise publique russe, impliquée dans l'effort de guerre, se retrouvent dans les données inédites repérées par la RTS. Des liens avec la place financière suisse sont mis en lumière.
Ces révélations proviennent des documents confidentiels de la société de gestion de fortune zurichoise Finaport. Tout commence en janvier 2023 lorsque l'entreprise, sponsor officiel de l'Open de tennis de Zoug, est victime d'un piratage, comme le révélait le site Watson.
The rise of macOS infostealers continues with the latest entrant aiming to compromise business environments with targeted social engineering lures.
This is a fun bug I found while poking around at weird Windows file formats. It's a kind of classic Windows style vulnerability featuring broken signing, sketchy DLL loads, file races, cab files, and Mark-of-the-Web silliness. It was also my first experience submitting to the MSRC Windows bug bounty since leaving Microsoft in April of 2022.
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.
The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company.
The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the company’s vendors to the dark web.
