VS Code zero-day lets hackers steal GitHub tokens in one click
…local site data for github.dev in their browser by clicking the Settings icon in the URL bar, and then going into Cookies and site data > Manage on-device site data. This…
Search
Top stories
Funnel Builder WordPress plugin bug exploited to steal credit cards
…Avada Builder WordPress plugin flaws allow site credential theft Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin Popular WordPress redirect plugin hid dormant backdoor for years Hackers exploit file upload…
Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
…The affected factories are currently resuming normal production." Nitrogen also says on their dark web leak site that the stolen Foxconn files contain "confidential instructions, projects and drawings" from Apple, Intel, Google…
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
…flaw and 11 medium-severity issues, including command injection, missing authorization checks, cross-site scripting (XSS), cross-site request forgery (CSRF), and denial-of-service. While SAP hasn't found evidence that…
Instructure confirms hackers used Canvas flaw to deface portals
…BleepingComputer has learned that both the breach and defacements involved multiple cross-site scripting (XSS) vulnerabilities that enabled the attacker to obtain authenticated admin sessions. The second hack was to draw attention…
Maine disables data breach notification portal after fake disclosures
…BleepingComputer also contacted Discord about the fraudulent notice submitted to the site but did not receive a response. It is unclear how many additional fraudulent breach notices may have been submitted through…
Grafana says stolen GitHub token let hackers steal codebase
…A relatively new extortion gang known as CoinbaseCartel has claimed the attack by adding Grafana to their data leak site (DLS), although no data has been leaked yet. Grafana Labs is the…
Over 116,000 Mincraft systems infected in WeedHack malware campaign
…In one case highlighted in the report, the malicious website displays a security notice warning visitors that they should only download ‘Skytils’ from the official site. It is even linking to the…
Over 116,000 Minecraft systems infected in WeedHack malware campaign
…In one case highlighted in the report, the malicious website displays a security notice warning visitors that they should only download ‘Skytils’ from the official site. It is even linking to the…
WordPress malware campaign hides payloads in Steam profiles
…WordPress plugin suite hacked to push malware to thousands of sites Chinese hackers target telcos with new Linux, Windows malware Australia warns of ClickFix attacks pushing Vidar Stealer malware Fake Claude AI…