DentaQuest data breach exposed info of 2.6 million accounts
…The security incident came to light last month, when the infamous extortion group ShinyHunters listed the company on its data leak site and claimed to have stolen more than 234 GB of…
Search
Top stories
Drupal: Critical SQL injection flaw now targeted in attacks
…It allows specially crafted requests to trigger arbitrary SQL injection on sites using PostgreSQL. SQL injection is a flaw in which attackers inject malicious SQL commands into database queries via user input…
Trellix source code breach claimed by RansomHouse hackers
…Yesterday, the threat actor published on their data leak site screenshots indicating access to the cybersecurity company's appliance management system. However, BleepingComputer could not confirm the authenticity of the data. Trellix…
LastPass confirms data breach in Klue supply chain attack
…Klue OAuth breach victim list grows as Icarus hackers claim attack Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks ShapedPlugin update flow hacked to infect WordPress sites OptinMonster WordPress plugin…
Australia warns of ClickFix attacks pushing Vidar Stealer malware
…WordPress site administrators are also advised to apply available security updates for themes and add-ons, and to remove any unused themes/plugins from their platforms. ACSC's security bulletin provides indicators…
phpBB forum fixes auth bypass bug lurking for a decade
…the forum, create, modify, or delete content and user accounts, impersonate staff, or deface the sites. Picking targets is also straightforward, as the member list on phpBB forums is public by default…
SAP fixes critical flaws in NetWeaver and Commerce Cloud
…The German enterprise software company also addressed various SQL injection, path traversal, cross-site scripting (XSS), email spoofing, and authorization bypass issues across multiple SAP products. Details about the flaws and mitigation…
WhatsApp phishing attack uses fake business docs to hack PCs
…spreads crypto-stealing malware via Windows shortcut files Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp New Rokarolla Android malware targets 217 banking, crypto apps Malware Remote Access…
Ubiquiti patches three max severity UniFi OS vulnerabilities
…Max severity Ubiquiti UniFi flaw may allow account takeover Max severity Cisco Secure Workload flaw gives Site Admin privileges Hackers bypass SonicWall VPN MFA due to incomplete patching Drupal critical update to…
FBI: Fraudsters use couriers to steal money in crypto scams
…Such scams usually start with the fraudsters reaching out to their targets via social media, dating sites, and messaging apps, building trust, and then luring victims into fake investment schemes. However, instead…