OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover
An attack flow that combines API flaws within “log in with” implementations and Web injection bugs could affect millions of…
7 Sessions Not to Miss at Black Hat USA 2024
This year’s conference will be a treasure trove of insights for cybersecurity professionals. This year’s conference will be a treasure…
Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails
An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email…
How Searchable Encryption Changes the Data Security Game
Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere. Organizations know they must…
New Research in Detecting AI-Generated Videos
The latest in what will be a continuing arms race between creating and detecting videos: The new tool the research…
‘Stargazer Goblin’ Creates 3,000 Fake GitHub Accounts for Malware Spread
A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service…
Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site
The remote access trojan known as Gh0st RAT has been observed being delivered by an “evasive dropper” called Gh0stGambit as…
French Authorities Launch Operation to Remove PlugX Malware from Infected Systems
French judicial authorities, in collaboration with Europol, have launched a so-called “disinfection operation” to rid compromised hosts of a known…
Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with…
China-Backed Phishing Attack Targets India Postal System Users
A large text-message phishing attack campaign attributed to the China-based Smishing Triad employs malicious iMessages. A large text-message phishing attack…
