The two bugs, an arbitrary file read and an SSRF bug, can be exploited without user interaction to leak credentials, databases, and other data.
The post Chainlit Vulnerabilities May Leak Sensitive Information appeared first on SecurityWeek.
Providing cyberespionage and remote code execution capabilities, the malware is executed via DLL sideloading.
The post APT-Grade PDFSider Malware Used by Ransomware Groups appeared first on SecurityWeek.
A simple payload allowed attackers to create a new event leaking summaries of the victimβs private meetings.
The post Weaponized Invite Enabled Calendar Data Theft via Google Gemini appeared first on SecurityWeek.
Operating as an access broker, the defendant sold unauthorized access to compromised networks to an undercover agent.
The post Jordanian Admits in US Court to Selling Access to 50 Enterprise Networks appeared first on SecurityWeek.
The information stealer abuses legitimate APIs and libraries to exfiltrate data to Discord webhooks.
The post βSolyxImmortalβ Information Stealer Emerges appeared first on SecurityWeek.
Posing as an ad blocker, the malicious extension crashes the browser to lure victims into installing malware.
The post Malicious Chrome Extension Crashes Browser in ClickFix Variant βCrashFixβ appeared first on SecurityWeek.
The compromised personal information includes names, dates of birth, Social Security numbers, and employment-related data.
The post 42,000 Impacted by Ingram Micro Ransomware Attack appeared first on SecurityWeek.
Accedi