Bing search results hijacked via misconfigured Microsoft app
A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the…
Category: Bleeping Computer
New AlienFox toolkit steals credentials for 18 cloud services
A new modular toolkit called ‘AlienFox’ allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services. The…
Google finds more Android, iOS zero-days used to install spyware
Google’s Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps…
Hackers compromise 3CX desktop app in a supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company’s customers…
SafeMoon ‘burn’ bug abused to drain $8.9 million from liquidity pool
The SafeMoon token liquidity pool lost $8.9 million after a hacker exploited a newly created ‘burn’ smart contract function that artificially inflated the price, allowing…
Steam will drop support for Windows 7 and 8 in January 2024
Valve announced that its Steam online game platform will officially drop support for the Windows 7, Windows 8, and Windows 8.1 platforms starting January 1st,…
QNAP warns customers to patch Linux Sudo flaw in NAS devices
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability. The flaw (tracked as…
Microsoft Defender mistakenly tagging URLs as malicious
Microsoft Defender is mistakenly flagging legitimate links as malicious, and some customers have already received dozens of alert emails since the issues began over five…
Experts call for pause on AI training citing risks to humanity
Over a thousand people, including professors and AI developers, have co-signed an open letter to all artificial intelligence labs, calling them to pause the development…
Newly exposed APT43 hacking group targeting US orgs since 2018
A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and…
Microsoft brings GPT-4-powered Security Copilot to incident response
Microsoft today announced Security Copilot, a new ChatGPT-like assistant powered by artificial intelligence that takes advantage of Microsoft’s threat intelligence footprint to make faster decisions…
WiFi protocol flaw allows attackers to hijack network traffic
Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking…