A warning was chosen preferable to a patch and added to the Python documentation. Security experts estimate that a 15-year-old path traversal vulnerability in Python’s tarfile module affects 350,000 open source repositories. They “discovered” the unpatched issue while looking into…
Latest posts - Page 35
Cyberattack Targets Optus, Breach Affects Nearly 10 million Clients
Singapore Telecommunications Optus’ Australian division earlier stated that it was now looking into the unauthorized access of client information. Because they had a cyberattack. Optus breach affects nearly 10 million clients. The company acknowledged that it swiftly stopped the attempt…
The FDA warns that Medtronic’s MiniMed 600 series insulin pumps may be compromised.
Users of Medtronic’s MiniMed 600 Series Insulin Pump System, specifically models for MiniMed 630G and MiniMed 670G, have been alerted by the US FDA (Food and Drug Administration) that their medical devices have a cybersecurity problem with its communication protocol.…
Making response queue poisoning crucial for HTTP header injection
A recent study on HTTP header injection was published by PortSwigger’s director of research, James Kettle. Host Header Injection is frequently underrated and incorrectly categorized as an Open Redirection or XSS-level mild severity issue. He revealed a straightforward method in…
Online Exploitation of Over 39,000 Unauthenticated Redis Instances
An unknown attacker tried to install a bitcoin miner on tens of thousands of unauthenticated Redis servers that were accessible via the internet. If all of these hosts were successfully compromised is not yet known. However, it was made feasible…
Chromium’s prototype pollution bug disregarded the Sanitizer API
The problem illustrates difficulties in blocking client-side assaults. An attack-bypassing Sanitizer API, a built-in browser library for eliminating potentially harmful code from user-controlled input sources. This was made possible by a prototype pollution problem in the Chromium project. A specific…
Reward points: Scam mobile banking incentives apps tempt users to download RATs that steal personal information on Android smartphones.
Our examination of a fresh iteration of previously disclosed Android malware that steals user information through Reward points scam. They are also distributed through an ongoing SMS campaign that shows how mobile threats are always evolving. This latest version poses…
Use of LinkedIn Smart Links in cunning email phishing scams
Phishing actors are successfully rerouting targeted users to phishing pages that collect payment information by leveraging LinkedIn’s Smart Link function to get beyond email security measures. Users of LinkedIn Sales Navigator and Enterprise are entitled to the Smart Link function,…
From the cryptocurrency market creator Wintermute, hackers steal $162 million.
Evgeny Gaevoy, the CEO of Wintermute, said that the company had been hacked and had lost $162.2 million in DeFi operations. Over 50 cryptocurrency exchanges and trading platforms, such as Binance, Coinbase, Kraken, and Bitfinex, receive liquidity via Wintermute. With…
Phishing attacks using Microsoft 365 pose as US government agencies.
A continuous phishing attacks that targets U.S. government contractors has grown in scope and is now pushing more effective lures and documents. These phishing emails entice victims by offering them the chance to submit bids for lucrative government projects. This…