The company has temporarily disabled access to the affected accounts, a step it says it took “out of an abundance of caution” while it works with internal and external security
Category Added in a WPeMatico Campaign
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
Four of the bugs can crash a device. The other two could let an attacker who slips a malicious image in front of the bootloader run their own code, before the device
Laser Attack Resets Tangem Wallet Passwords on Cards That Can’t Be Patched
No old password. No backup card. Once it is reset, whoever did it controls the wallet and can move the coins out.
This is not an emergency for most owners. The attack needs
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws
A brief description of the high-severity vulnerabilities is as follows –
GHSA-hjr6-g723-hmfm (CVSS score: 8.8) – An operating system
New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic
Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware via counterfeit installers using SEO poisoning techniques, it belies their true organizational
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed packets: about 260 bytes of ordinary QPACK traffic takes the server
From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale
Lumen Technologies, a
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
Far fewer were actually broken into, but the exposed files showed researchers how a mass site-hacking operation runs from the inside.
The operation, now tracked as
Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking
The apps flagged with at least one problem have been installed more than 2.4 billion times.
The problems are basic, not sophisticated. 29 apps let user traffic leak outside
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that’s capable of targeting the passkey enrollment process. The
