… "I made a Lovable account today and was able to access another user's source code, database credentials, AI chat histories, and customer data are all readable by any free account." The researcher said they reported the flaw 48 days ago, and that HackerOne labeled it a "duplicate submission," and le… …
… CodeWall’s researchers claim that within two hours of starting their red team raid, they achieved full read and write access to the entire production database and were able to access 46.5 million chat messages about strategy, mergers and acquisitions, and client engagements, all in plaintext, along… …
… MORE CONTEXT Russian cybercrims phish their way into officials' Signal and WhatsApp accounts Paranoid WhatsApp users rejoice: Encrypted app gets one-click privacy toggle Researchers claim 'largest leak ever' after uncovering WhatsApp enumeration flaw WhatsApp warns of 'attack against specific targe… …
… In a public update following the incident, Guillermo Rauch reckons the intrusion began with a compromised employee account linked to Context.ai. An attacker used that access to hijack the employee's Vercel Google Workspace account to drill into the company's systems. …
… "I've looked in every inbox in every spam folder in every mail log, and zero, nothing, zilch." The appeals process directed Donenfeld to an AI support ticket tool, but this didn't allow him to select the workplace to which the appeal pertained because his account was deactivated. …
… "We have always seen threat actors stand up the infrastructure, whether that means compromising existing legitimate infrastructure and using it for malicious purposes, or purchasing accounts and setting up their own infrastructure to launch threat campaigns," she said. …
… MORE CONTEXT Smooth criminals talking their way into cloud environments, Google says Months-old Adobe Reader zero-day uses PDFs to size up targets Hundreds of orgs compromised daily in Microsoft device code phishing attacks AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supp… …
… Phishing messages also came from spoofed or compromised accounts 75 percent of the time last year, making it much harder to tell a sloppy attempt from a good one. The rising tide of AI, meanwhile, lifts all boats - including pirate ships. …
… On March 31, Axios, one of npm's most widely used HTTP client libraries, became a malware delivery vehicle for about three hours after attackers hijacked a maintainer's account and slipped a remote-access trojan RAT into two seemingly legitimate releases. …