Italian security researcher, Carlo Di Dato discovered that the hidden URL API routes as those shown below can allow a web scraper or bot to enumerate every single Gravatar profile and collect its public data.... Read More
Ax Sharma
Ax Sharma is a Security Researcher, Engineer, and Tech Columnist. His works and expert analyses have frequently been featured by leading media outlets like Fortune, BleepingComputer, The Register, TechRepublic, CIO, etc.
Ax's expertise lies in vulnerability research, reverse engineering, software development, and web app security. He's an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).
News tips welcome via Twitter DM (@Ax_Sharma) or email (ax@hey.ax).
Telegram is being actively used by malware authors targeting e-commerce websites built on Prestashop, Magento and WooCommerce.... Read More
Multiple NodeJS packages laden with malicious code have been spotted on npm registry. These “typosquatting” packages served no purpose other than collecting data from the... Read More
This month security researcher bohops demonstrated a credential harvesting trick that uses Windows theme files. Setting a Windows wallpaper location to a file present at a remote... Read More
Hundreds of Bank of America customers had trouble accessing their bank accounts yesterday due to Avast and AVG antivirus engines flagging the site as "malware."... Read More
A privacy bug lurking around in Apple Mac OS X since at least 2018 continues to remain unpatched and exploited at large.... Read More
Airplanes are a luxury for most people to own, let alone toy with—given all the national security regulations. This year’s DEF CON, however, revealed a... Read More
Update Aug-13-2020: Hacker Noon has fixed the issue and a reply via a tweet provided more information: “URL removal request went through https://google.com/search?q=site%3Aapp.hackernoon.com%2Fdrafts%2F… . all... Read More
A new report published this week sheds light on a vulnerability in smart lock models that hackers could exploit to crack them open remotely. Not... Read More
Rushing an SDK integration cost a crypto business $2 million! In February 2020, we learned of IOTA’s Trinity wallet hack which cost the company a fortune.IOTA, which... Read More