Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named “Specula,” released today by cybersecurity firm TrustedSec. […]
Category Archives: Security
Auto Added by WPeMatico
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. […]
A massive phishing campaign dubbed “EchoSpoofing” exploited a security gap in Proofpoint’s email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. […]
Threat actors are exploiting a misconfiguration in Selenium Grid, a popular web app testing framework, to deploy a modified XMRig tool for mining Monero cryptocurrency. […]
X has quietly begun training its Grok AI chat platform using members’ public posts without first alerting anyone that it is doing it by default. Here’s how to block Grok from using your data. […]
A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. […]
26
Jul
Jul
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a […]
Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. […]
Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. […]
Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials. […]