News
Amey suffers cyber attack from ransomware
UK's prominent infrastructure management company Amey has been hit by Mount Locker ransomware group in what the company has called…
Backdoor master password for thousands of Zyxel firewalls revealed
Thousands of Zyxel firewalls and access point controllers contain a secret, undocumented hardcoded password giving anyone admin access through this…
New Golang malware runs Monero miner on servers
The Golang malware breaches Windows, Linux servers and exploits popular vulnerabilities such as a critical RCE in Oracle WebLogic.
Kaggle fixes vulnerability that disclosed private leaderboard data via API
Kaggle, an online community of data scientists and machine learning practitioners had been exposing private competition data due to a…
Hacker selling Vodafone’s Ho Mobile database of 2.5M users
The database contains ICCID that can be used in SIM swapping attacks. Other information in the leaked dump includes mobile…
Joomla fixes ACL violation vulnerability after 2 years
Joomla! CMS project has fixed an access control violation flaw, CVE-2020-35616 nearly after 2 years of its reporting.
Google ‘Send Feedback’ bug could expose your sensitive data to attackers
Google Docs "Send Feedback" feature vulnerability which could expose your sensitive files to attackers earns researcher a $3,134 bounty.
Word malware uses GitHub and Imgur pic to run Cobalt Strike script
A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads…
UK energy supplier E.ON erroneously takes out Direct Debit payments early
UK energy provider E.ON has apologised for mistakenly debiting customer bank accounts earlier than expected for their energy bill payments.
Insecure QR codes on COVID-19 test results come with data exposure risks
Medical labs appointed by governments to test incoming international passengers for COVID-19 contain insecure QR code implementations that may lead…