WordPress security plugin AIOS saved passwords as plain text
The WordPress security plugin All-In-One Security (AIOS) created a security flaw of its own accord. Because of a bug, the tool collected passwords and stored them as plain text in a database.
AIOS for WordPress is installed on more than 1 million websites and provides security for WordPress webs... Read more
‘ChatGPT creates mostly insecure code’
Moreover, the chatbot fails to alert users to its coding defects - even though it could do so.
This week The Register reported on research that shows ChatGPT not only produces mostly insecure code but also fails to alert users to its inadequacies. The striking thing is that it is perfectly capab... Read more
Hacking campaign uses infected James Webb Telescope image
Investigators discovered a new malware campaign that uses gigapixel images from the James Web Project to distribute malware on target computers.
The James Web Telescope (JWST) was launched after more than two decades of planning and development. It's a turning point for astronomy, but sadly also... Read more
PyPI packages under attack after phishers target developers
Developers and maintainers of PyPI are under attack by digital scammers through email phishing.
Several PyPI developers and maintainers have fallen for phishing scams conducted by digital scammers. The malicious campaign was disclosed by Adam Johnson, a project board member at Django, who receiv... Read more
New phishing scam targets Microsoft 365 accounts of executives
Mitiga finds the Microsoft 365 accounts of business executives under attack by malicious attackers who use a combined strategy of spear phishing and man-in-the-middle methods.
Cybersecurity firm Mitiga disclosed that a dubious Business Email Compromise (BEC) campaign is continuously targeting Mi... Read more
GitHub proposal for Sigstore adoption faces backlash from developers
Developers object to GitHub's suggestion to use Sigstore to enhance network security by connecting npm packages to their inputs.
GitHub, which runs the npm package management system, is offering to incorporate new security features to npm because npm is regularly used by many JavaScript and Typ... Read more
Microsoft advises Mac users to patch
An exploit in macOS could allow hackers to bypass sandbox securities and execute code. Microsoft urges users to patch as soon as possible.
Microsoft researchers identified a flaw in macOS. The flaw allows hackers to bypass macOS' Sandbox App and execute code on targeted systems. According to Ap... Read more
Adobe urges customers to upgrade to Adobe Commerce after a massive Magento 1 breach
Adobe is beseeching its Magento 1 eCommerce platform user to upgrade to the latest version of Adobe Commerce after a massive breach of over 500 stores built on the platform. Security company Sansec discovered the breach.
Speaking with tech publication ZDNet, Adobe said that it ended support for ... Read more
White hats reported Kaseya VSA flaw in April
One of the vulnerabilities found in Kaseya's IT management software was reported to the vendor earlier this year in April. However, there was not enough time to get a patch ready, and subsequently, the bug ended up being exploited by attackers who managed to affect up to 1,500 businesses.
As man... Read more
Vulnerability in Microsoft Teams could have compromised accounts
Microsoft recently released a patch for a severe flaw found in Teams, that could have allowed bad actors to breach a user’s account. The vulnerability was discovered by Evan Grant, who works at Tenable, and is related to a feature in Microsoft Teams that allows users to launch apps as tabs within... Read more