Sat.Apr 20, 2024

article thumbnail

GitHub comments abused to push malware via Microsoft repo URLs

Bleeping Computer

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.

Malware 143
article thumbnail

Critical CrushFTP zero-day exploited in attacks in the wild

Security Affairs

Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn. CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities. It supports various features such as FTP, SFTP, FTPS, HTTP, HTTPS, WebDAV, and WebDAV SSL protocols, allowing users to transfer files securely over different networks.

Software 139
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Critical Forminator plugin flaw impacts over 300k WordPress sites

Bleeping Computer

The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. [.

132
132
article thumbnail

WINELOADER: A Tool for Espionage and Disruption

Penetration Testing

A new campaign orchestrated by the notorious APT29 hacking group – widely associated with Russia’s Foreign Intelligence Service (SVR) – exposes a dangerous shift in tactics for this sophisticated threat actor. The group has... The post WINELOADER: A Tool for Espionage and Disruption appeared first on Penetration Testing.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

AI-Controlled Fighter Jets Are Dogfighting With Human Pilots Now

WIRED Threat Level

Plus: New York’s legislature suffers a cyberattack, police disrupt a global phishing operation, and Apple removes encrypted messaging apps in China.

article thumbnail

USENIX Security ’23 – PrivGraph: Differentially Private Graph Data Publication by Exploiting Community Information

Security Boulevard

Authors/Presenters: *Quan Yuan, Zhikun Zhang, Linkang Du, Min Chen, Peng Cheng, Mingyang Sun* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

69