New Golang malware runs Monero miner on servers
The Golang malware breaches Windows, Linux servers and exploits popular vulnerabilities such as a critical RCE in Oracle WebLogic. ... Read More
Ax Sharma
Ax Sharma is a Security Researcher, Engineer, and Tech Columnist. His works and expert analyses have frequently been featured by leading media outlets like Fortune, BleepingComputer, The Register, TechRepublic, CIO, etc.
Ax's expertise lies in vulnerability research, reverse engineering, software development, and web app security. He's an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).
News tips welcome via Twitter DM (@Ax_Sharma) or email (ax@hey.ax).
Kaggle fixes vulnerability that disclosed private leaderboard data via API
Kaggle, an online community of data scientists and machine learning practitioners had been exposing private competition data due to a misconfigured API. This could potentially give an unfair competitive advantage to participants.... Read More
The database contains ICCID that can be used in SIM swapping attacks. Other information in the leaked dump includes mobile number, customer PII, SIM PUK, IMSI and security hashes.... Read More
Joomla fixes ACL violation vulnerability after 2 years
Joomla! CMS project has fixed an access control violation flaw, CVE-2020-35616 nearly after 2 years of its reporting.... Read More
Google Docs "Send Feedback" feature vulnerability which could expose your sensitive files to attackers earns researcher a $3,134 bounty.... Read More
A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from... Read More
UK energy provider E.ON has apologised for mistakenly debiting customer bank accounts earlier than expected for their energy bill payments.... Read More
Medical labs appointed by governments to test incoming international passengers for COVID-19 contain insecure QR code implementations that may lead to data exposure.... Read More
Facebook has fixed an Instagram bug which leaked users' private email address and date of birth. The company awarded the researcher a $13,125 bug bounty for the report.... Read More
American Bank Systems slapped with class-action lawsuit for not timely disclosing ransomware data breach
American Bank Systems (ABS) has been sued by a class of plaintiffs for their failure to protect customer data and for delaying the disclosure of ransomware attack.... Read More
A spreadsheet hosted on Intel.com is flagged as malware—but is it? 
NS trains halted for hours after IT system ‘failure’ 
Beware of zero-click attacks, you may already be infected 
Movie studios sue TorGuard after $10 million legal battle with LiquidVPN