Category: Uncategorized
-

Python’s PyPI Reveals Its Secrets [email protected] (The Hacker News)
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI. PyPI,Read…
-

TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer [email protected] (The Hacker News)
A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. “This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors,” Proofpoint said. “Additionally, the actor appeared toRead More
-
Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption Eduard Kovacs
Palo Alto Networks patches several high-severity vulnerabilities, including ones that allow DoS attacks against its firewalls. The post Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption appeared first on SecurityWeek. Read More
-
Google Cloud Unveils New AI-Powered Security Capabilities Ionut Arghire
Google adds AI to cloud security features and announces other security capabilities for cloud customers. The post Google Cloud Unveils New AI-Powered Security Capabilities appeared first on SecurityWeek. Read More
-
Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution Eduard Kovacs
Alethea has raised $20 million in Series B funding for its technology designed to detect and mitigate disinformation. The post Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution appeared first on SecurityWeek. Read More
-

Apple Expands Spyware Alert System to Warn Users of Mercenary Attacks [email protected] (The Hacker News)
Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off “individually…
-

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability [email protected] (The Hacker News)
Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. “An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated…
-
CISA Releases Malware Next-Gen Analysis System for Public Use Ryan Naraine
CISA’s Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. The post CISA Releases Malware Next-Gen Analysis System for Public Use appeared first on SecurityWeek. Read More
-
AT&T Data Breach Update: 51 Million Customers Impacted Eduard Kovacs
The recent AT&T data breach impacts 51 million customers, the company tells Maine’s attorney general. The post AT&T Data Breach Update: 51 Million Customers Impacted appeared first on SecurityWeek. Read More
-

‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan [email protected] (The Hacker News)
An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It’s tracking the…
