Social engineering techniques were used to trick developers into exposing repositories. Using the GitHub Pages build process, a security researcher discovered a way to launch code execution attacks. According to a recent blog post, Joren Vrancken received a $4,000 reward…
In a breach that could lead to further problems, 2.5 million people were affected. Over 2.5 million loanees have been notified by EdFinancial and the Oklahoma Student Loan Authority (OSLA) that their personal information was compromised in a loan data…
One of the main hubs for cybercrime has now been identified as the city of Nizams, which is also a center for IT. According to data from the National Crime Record Bureau (NCRB), Telangana was responsible for 10% of all…
Iranian state-sponsored actors are doing all in their power to target Israeli entities using unpatched Log4j systems; this shows how long the vulnerability will take to fix. The most recent operations were attributed by Microsoft to the umbrella threat group…
The Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team have recently discovered Iran-based threat actor MERCURY using SysAid applications’ exploits of Log4j 2 vulnerabilities to target enterprises that are all in Israel. The Ministry of Intelligence and…
Threat actors are switching away from the Cobalt Strike suite of penetration testing tools in favor of less similar frameworks. Sliver toolkit, an open-source, cross-platform kit, is emerging as a viable replacement for Brute Ratel. However, by examining the toolkit,…
Over 33 million users use LastPass, a password manager, worldwide. LastPass reported that a hacker recently acquired source code and confidential data. According to the inquiry, there is no proof of stolen credentials. On Thursday, in a blog post, the…
A cyberattack that enables cybercriminals to gain illegal access to a computer system or network and steal the private, delicate, or confidential personal and financial information of the clients or users contained therein results in a data breach. Today, Plex,…
All of Airtel’s subscriber data was vulnerable to theft due to a significant data breach last year. The hacking collective Red Rabbit Team published online “sample data” pertaining to up to 25 lakh (2.5 million) Airtel subscribers along with an…
In Q1 2022, Spring4Shell and Veeam RCE exploits were at the top of the list. Access control weaknesses are now connected to high-severity CVEs, and API-related security concerns are still a pain for businesses. In the first quarter of 2022,…
