A large-scale phishing campaign dubbed ‘PoisonSeed’ compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. […]
Australian pension funds hit by wave of credential stuffing attacks
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members’ accounts. […]
Call Records of Millions Exposed by Verizon App Vulnerability
A patch has been released for a serious information disclosure vulnerability affecting a Verizon call filtering application.
The post Call Records of Millions Exposed by Verizon App Vulnerability appeared first on SecurityWeek.
In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired
Noteworthy stories that might have slipped under the radar: Apple adding TCC events to Endpoint Security, cybersecurity funding report for Q1 2025, Trump fires the head of NSA and Cyber Command.
The post In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired appeared first on SecurityWeek.
Europcar GitLab breach exposes data of up to 200,000 customers
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. […]
OpenAI’s $20 ChatGPT Plus is now free for students until the end of May
ChatGPT Plus subscription is now free, but only if you’re a student based out of the United States of America and Canada. […]
State Bar of Texas Says Personal Information Stolen in Ransomware Attack
The State Bar of Texas is notifying thousands of individuals that their personal information was stolen in a February ransomware attack.
The post State Bar of Texas Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs.
“The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for
“The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for
US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations
US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations.
The post US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations appeared first on SecurityWeek.
Have We Reached a Distroless Tipping Point?
There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world’s attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the innovation’s potential. These use cases generate significant value, fueling demand for the next iteration of