News
-
"GoFetch Attack- Researchers Uncover Unfixable Vulnerability in Apple CPUs Affecting Cryptographic Security"A team of researchers has detailed a new side-channel attack method dubbed "GoFetch," that exploits an unpatchable vulnerability in Apple's M series of chips and enables threat actors to extract secret keys used in cryptography operations.
-
"Hackers Earn $1,132,500 For 29 Zero-Days at Pwn2Own Vancouver"Pwn2Own Vancouver 2024 has recently ended. Security researchers collected $1,132,500 after demoing 29 zero-days (and some bug collisions).
-
"Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds"Ian Carroll, Lennert Wouters, and other security researchers have revealed a hotel keycard hacking technique dubbed "Unsaflok." The method involves a set of security flaws that would enable a hacker to almost instantly open several models of Saflok-bra
-
"North Korean Hackers Use 'Nuclear Lure' to Trick and Run New Attack""Kimsuky," a North Korean cyber espionage group, is now using North Korea's nuclear threats to lure victims into executing malicious payloads. Researchers at Rapid7 Labs observed Kimsuky using new tactics to target victims.
-
"Tax Hackers Blitz Small Business With Phishing Emails"Threat actors are trying to compromise Social Security numbers through a tax phishing attack aimed at small business owners and self-employed filers.
-
"Security Researchers Win Second Tesla At Pwn2Own"A team of security researchers won a Tesla Model 3 and $200,000 for discovering a zero-day vulnerability in a vehicle's Electronic Control Unit (ECU).
-
"New Bipartisan Bill Would Require Online Identification, Labeling of AI-Generated Videos and Audio"Artificial Intelligence (AI)-generated deepfakes can be difficult or impossible to distinguish from the real thing.
-
"AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials"Researchers have detailed "AndroxGh0st," a tool used to target Laravel applications and steal sensitive data. It scans and extracts important information from .env files, revealing login information for Amazon Web Services (AWS) and Twilio.
-
"Fake Data Breaches: Countering the Damage"Vitaly Simonovich, a threat intelligence researcher at Cato Networks, points out that even a fake data breach can have serious consequences.
-
"House Passes Bill Barring Sale of Personal Information to Foreign Adversaries"The House of Representatives recently passed new legislation prohibiting data brokers from selling Americans' personal information to foreign adversary countries or entities under their control.
-
"Hackers Claim to Have Breached Israeli Nuclear Facility's Computer Network"An Iran-linked hacking group claims to have infiltrated a sensitive Israeli nuclear facility's computer network in an incident described by the hackers as a protest against the war in Gaza.
-
"Evasive Sign1 Malware Campaign Infects 39,000 WordPress Sites"The website security company Sucuri discovered a malware campaign dubbed "Sign1" that has infected more than 39,000 WordPress websites in the last six months, causing visitors to get unwanted redirects and popup ads.