Fake Cisco Webex Google Ads abuse tracking templates to push malware
The threat actors can exploit a loophole in the Google Ad platform's tracking template that allows them to redirect at will while complying with Google's policy
Read More...
WordPress migration add-on flaw could lead to data breaches
The flaw, tracked as CVE-2023-40004, allows unauthenticated users to access and manipulate token configurations on the affected extensions
Read More...
Malicious extensions can abuse VS Code flaw to steal auth tokens
Any extension running in VS Code, even malicious ones, can gain access to the Secret Storage and abuse Keytar to retrieve any stored tokens
Read More...
Microsoft fixes flaw discovered by Tenable
This created an opportunity for attackers to exploit unsecured Azure Function hosts and intercept OAuth client IDs and secrets
Read More...
Threat actors abuse Google AMP for evasive phishing attacks
The AMP URLs trigger a redirection to a malicious phishing site, and this additional step also adds an analysis-disrupting layer
Read More...
Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
CVE-2023-2640 is a high-severity (CVSS v3 score: 7.8) vulnerability in the Ubuntu Linux kernel caused by inadequate permission checks allowing a local attacker to gain elevated privileges
Read More...
VMware fixes bug exposing CF API admin credentials in audit logs
Threat actors who exploit this vulnerability can use the stolen credentials to push malicious app versions
Read More...
GitHub warns of Lazarus hackers targeting devs with malicious projects
The hacking group has a long history of targeting cryptocurrency companies and cybersecurity researchers for cyberespionage and to steal cryptocurrency
Read More...
Microsoft expands access to cloud logging data for free after Exchange hacks
Due to these discussions, Microsoft says that they are expanding access to the premium cloud logging to all customers for free
Read More...
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices
The Fortinet advisory has clarified that FortiOS products from the 6.0, 6.2, 6.4, 2.x, and 1.x release branches are not impacted by CVE-2023-33308
Read More...