Japan Blames North Korea for PyPI Supply Chain Cyberattack
Open-source software ecosystem compromise leaves developers in Asia and around the globe at risk.
darkreading – Read More
Google Is Getting Thousands of Deepfake Porn Complaints
Content creators are using copyright laws to get nonconsensual deepfakes removed from the web. With the complaints covering nearly 30,000 URLs, experts say Google should do more to help.
Security Latest – Read More
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections.
Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It
The Hacker News – Read More
Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT
A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts.
“Threat actor group Magnet Goblin’s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting
The Hacker News – Read More
Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data
By Waqas
The teasure trove of highly sentisive data is being sold for just $3,000 in Monero (XMR) cryptocurrency on Breach Forums.
This is a post from HackRead.com Read the original post: Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over
Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.
Security Latest – Read More
Canva Warns of Three Security Vulnerabilities in Fonts
The first, CVE-2023-45139, involved a high-severity bug in the FontTools library. The second and third vulnerabilities, CVE-2024-25081 and CVE-2024-25082, were related to naming conventions and compression.
Cyware News – Latest Cyber News – Read More
Flaws in Public Records Management Tool Could Let Hackers Nab Sensitive Data Linked to Requests
The GovQA platform, used by state and local governments for public records requests, had vulnerabilities that could have allowed hackers to access sensitive personal information, edit requests, and download unsecured files.
Cyware News – Latest Cyber News – Read More
CISA Adds Apple iOS and iPadOS Memory Corruption Bugs to its Known Exploited Vulnerabilities Catalog
These memory corruption vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, were exploited in attacks against iPhone devices. Apple released emergency security updates to address these zero-day vulnerabilities.
Cyware News – Latest Cyber News – Read More
CISO Corner: NSA Guidelines; a Utility SBOM Case Study; Lava Lamps
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.
darkreading – Read More