NodeBB prototype pollution flaw could lead to account takeover
27
Dec
2022

NodeBB prototype pollution flaw could lead to account takeover

‘Not a prototype pollution vulnerability as you might normally understand it’ NodeBB, a Node.js platform for creating forum applications, has…

27
Dec
2022

Lensa AI and ‘Magic Avatars’: What to Know Before Using the App

Has the stale selfie that’s served as your profile picture gone a little too long without a refresh? You’ve likely seen friends…

agenda ransomware
27
Dec
2022

New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure

Dec 19, 2022Ravie LakshmananData Security / Endpoint Security A Rust variant of a ransomware strain known as Agenda has been…

Microsoft Exchange logo with a lock behind it
27
Dec
2022

The Week in Ransomware – December 23rd 2022

Reports this week illustrate how threat actors consider Microsoft Exchange as a prime target for gaining initial access to corporate…

JSON syntax hack allowed SQL injection payloads to get smuggled past web application firewalls
27
Dec
2022

JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs

John Leyden 09 December 2022 at 13:17 UTC Updated: 15 December 2022 at 17:06 UTC Five vendors act to thwart…

27
Dec
2022

Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking

Apache had to scramble at the beginning of December 2021 to be ready to release patches for Log4Shell when it…

2023 Cybersecurity Predictions
27
Dec
2022

Cybercrime (and Security) Predictions for 2023

Dec 19, 2022The Hacker NewsPassword Policy / Data Security Threat actors continue to adapt to the latest technologies, practices, and…

Stealer
27
Dec
2022

New info-stealer malware infects software pirates via fake cracks sites

A new information-stealing malware named ‘RisePro’ is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware…

ChatGPT bid for bogus crypto bug bounty is thwarted
27
Dec
2022

ChatGPT bid for bogus bug bounty is thwarted

Improving large language models offer ‘just one more way to attack code, and one more way to defend code’ A…

27
Dec
2022

Attackers Keep Targeting the US Electric Grid

We at WIRED have written plenty about the threat that cyberattacks pose to power grids worldwide. But lately, the most…

Glupteba Botnet
26
Dec
2022

Glupteba Botnet Continues to Thrive Despite Google’s Attempts to Disrupt It

Dec 19, 2022Ravie LakshmananBlockchain / Botnet The operators of the Glupteba botnet resurfaced in June 2022 as part of a…

Twitter on a red background
26
Dec
2022

Hacker claims to be selling Twitter data of 400 million users

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using…