phpBB forum fixes auth bypass bug lurking for a decade
…It impacts phpBB versions 4.0.0-a2 or 3.3.16 and below. Researchers at application security company Aikido found the bug on June 2nd and reported it through the developer…
Search
Top stories
TeamPCP hackers advertise Mistral AI code repos for sale
…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…
WhatsApp says it disrupted new NSO spyware phishing attacks
…Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and…
Funnel Builder WordPress plugin bug exploited to steal credit cards
…E-commerce security company Sansec detected the malicious activity and noticed that the payload (analytics-reports[.]com/wss/jquery-lib.js) is disguised as a fake Google Tag Manager/Google Analytics script…
Chinese hackers hijack auth flow, spy on isolated network for a decade
…Sygnia recommends that defenders treat authentication components such as PAM, OpenSSH, and Windows LSASS as critical security assets and protect them with EDR, file integrity monitoring, hardened privileged access, multi-factor authentication…
California AG sues 23andMe over 2023 breach exposing health data
…In addition to the data protection failures, Bonta also underlines the misleading public statements 23andMe made before and after the incident. Specifically, the firm claimed before the incident that its security met…
Malicious JetBrains Marketplace plugins steal AI API keys from developers
…Security, includes plugins that act as AI coding assistants, code-review tools, and Git utilities powered by popular AI services such as OpenAI, DeepSeek, and SiliconFlow. "We detected a coordinated malware campaign…
Hola Browser for Windows compromised to deliver cryptominer
…Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and…
SimpleHelp bug lets hackers create rogue remote support accounts
…Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and…
Critical Everest Forms Pro flaw exploited to take over WordPress sites
…The security issue affects versions 1.9.12 and earlier of the plugin and can be leveraged without authentication to execute arbitrary code on the server. Everest Forms Pro is a commercial…