Tag: security

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. An authenticated attacker could use it to access sensitive files, such as wp-config.php, which includes database credentials, keys, and salt data, creating the risk for user data theft […]

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix technique, presenting a fake CAPTCHA that mimics Cloudflare’s human verification check to trick users into executing malicious code. Researchers at Malwarebytes say this is the first […]

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. The supply-chain attack was observed by modern application security Aikido, Socket, and Endor Labs, and was attributed to TeamPCP based on the same exfiltration pattern and RSA key seen in previous incidents […]

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. The spammy posts are crafted as vulnerability advisories and use realistic titles like “Severe Vulnerability – Immediate Update Required,” often including fake CVE IDs and […]

By Yair Kuznitsov, Co-Founder & CEO, Anecdotes Every week I talk to enterprise GRC teams who understand exactly what agentic AI can do for their profession. They’ve read the articles, seen the demos, and can articulate the difference between AI that makes a workflow go a little, or even a lot faster, and an agent […]

The European Commission, the European Union’s main executive body, is investigating a security breach after a threat actor gained access to the Commission’s Amazon cloud environment. Although the EU’s executive cabinet has yet to disclose the incident publicly, BleepingComputer has learned that the breach affected at least one of the Commission’s AWS (Amazon Web Services) accounts. […]

The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. Backed by more than 50 major television networks and film studios, including Disney, Paramount, Sony Pictures, Warner Bros, Netflix, and Universal Pictures, ACE focuses on taking down illegal streaming services through civil litigation, […]

The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn’t affected citizens’ data. It also stated that the incident is still under investigation by the agency’s security experts and that the attackers’ access to compromised systems has been blocked. “The police have been […]

Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. The security issues also allowed transferring purchased tickets to others and enabled modifications to stadium bans imposed to certain individuals. The club learned about the security issues and […]