by | Jan 10, 2023 | Uncategorized
A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. “By exploiting this vulnerability, attackers could achieve remote code...
by | Jan 9, 2023 | Uncategorized
A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks. “To better interact with users, a wide range of...
by | Jan 9, 2023 | Uncategorized
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images,...
by | Jan 9, 2023 | Uncategorized
Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to...
by | Jan 9, 2023 | Uncategorized
Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford,...
