tokens
-
Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters
Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with…
Read More » -
NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers
Cybersecurity researchers have discovered a new Java-based “sophisticated” information stealer that uses a Discord bot to exfiltrate sensitive data from…
Read More » -
Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims
The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year…
Read More » -
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its…
Read More » -
There is a Ransomware Armageddon Coming for Us All
Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising…
Read More » -
Mandiant’s X Account Was Hacked Using Brute-Force Attack
The compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a “brute-force password attack,” attributing…
Read More » -
Why Public Links Expose Your SaaS Attack Surface
Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their…
Read More » -
Exposed Secrets are Everywhere. Here’s How to Tackle Them
Picture this: you stumble upon a concealed secret within your company’s source code. Instantly, a wave of panic hits as…
Read More » -
Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours…
Read More » -
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and…
Read More »