Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it’s almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other
ServiceNow Data Exposure: A Wake-Up Call for Companies
Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in “unintended access” to sensitive data. For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of sensitive corporate data. ServiceNow has since taken steps to fix this issue.
This article fully analyzes
This article fully analyzes
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities.
“As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and
“As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster.
The vulnerabilities are as follows –
The vulnerabilities are as follows –
CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller
CVE-2023-5043 (
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware
A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE.
“MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users,” Elastic
“MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users,” Elastic
New Hunters International ransomware possible rebrand of Hive
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag. […]
Pirate IPTV network in Austria dismantled and $1.74 million seized
The Austrian police have arrested 20 people across the country linked to an illegal IPTV network that, between 2016 and 2023, decrypted copyright-protected broadcasts and redistributed them to thousands of customers. […]
Windows 11 adds support for 11 file archives, including 7-Zip and RAR
Microsoft says Windows 11 22H2 now natively supports almost a dozen additional archive formats, including RAR, 7-Zip, Tar, and GZ archives. […]
Hackers email stolen student data to parents of Nevada school district
The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children’s’ data that was allegedly stolen during a recent cyberattack. […]
HackerOne paid ethical hackers over $300 million in bug bounties
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform’s inception. […]