The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta, an identity management company. The hack also let hackers gain access to Authy 2FA accounts. More
Five Chrome extensions with over 1.4 million installs inject affiliate cookies and steal browsing data. The extensions waited 15 days before performing malicious activities to bypass automated analysis. More
APT40, a China based threat actors has been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a phishing website impersonating an Australian news media outlet. More
Russian streaming platform START confirmed a data breach that impacted 7.5 millions of its users. According to the company, attackers obtained email addresses, phone numbers, and usernames. However, leaked samples also contain hashed passwords, IP addresses, login logs, and subscription details. More
Researchers identified over 1,800 publicly available apps iOS applications containing hard-coded AWS credentials. Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services.Half (47%) of those apps contained valid AWS tokens that also gave full access to numerous, often millions, of private files via the Amazon S3. More
Hackers that breached Neopets had access to its systems for 18 months. The incident exposed personal information of more than 69 million members. More
Chile’s CSIRT has announced that a ransomware attack has impacted operations of a government agency in the country. ESXi servers were affected as the hackers stopped all virtual machines and encrypted their files. More
Montenegro’s infrastructure is under cyber attack. Ransomware and denial-of-service attacks targeting water supply systems, transportation services and online government services, among many others. More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.
OSCE3, OSEP, OSED, OSWE, OSCP certified. Over 10 years of experience in the IT industry, now working in Product Security and leading a Red Team. Huge Offensive Security and CTF nerd. I enjoy music, teaching and hiking.