Microsoft disabled macros by default in Office products but immediately rolled back the decision because of community feedback. More
Researchers discovered NPM supply chain attack containing malicious modules designed to steal data entered in forms by users on websites that include them. More
The Axie-Infinity $540 million dollar March hack was the consequence of one of its former employees getting hacked via a fraudulent job offer on LinkedIn. After a few rounds of interviews, the engineer was offered a job with an extremely generous compensation package. The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded, allowing spyware to infiltrate Ronin’s systems. More
Attackers are abusing the CI/CD tools known as GitHub Actions to run cryptocurrency mining software in Azure Virtual Machines. More
Honda cars from the last 10 years are vulnerable to an attack that allows anyone to permanently open the car door or even start the car engine from a long distance, using a SDR such as HackRF. More
According to Microsoft, a massive phishing campaign targeted more than 10,000 organizations since September 2021 and used the gained access to victims’ mailboxes in follow-on business email compromise (BEC) attacks. Threat actors used Evilginx2 to proxy requests to Office365 and steal authentication cookies, thus also compromising accounts protected with multi-factor authentication. More
Bandai Namco confirmed that its servers have been hacked and confidential information has been acquired by the BlackCat/AlphV ransomware group. More
ESET discovered and reported three buffer overflow vulnerabilities in UEFI firmware of several Lenovo notebooks, affecting more than 70 various models. Attackers can obtain arbitrary code execution in the early phases of the platform boot, hijack the OS execution flow and disable important security features. More
North Korean ransomware group targets small and midsize businesses with H0lyGh0st ransomware, asking between 1 and 5 bitcoin in ransom. More
Latest version of Tor Browser (11.5) introduced a mechanism for automatic censorship detection and circumvention. More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.
OSCE3, OSEP, OSED, OSWE, OSCP certified. Over 10 years of experience in the IT industry, now working in Product Security and leading a Red Team. Huge Offensive Security and CTF nerd. I enjoy music, teaching and hiking.