Daily News Update
Audio Summary: Tuesday, March 25, 2025 (Australia/Melbourne)0:00/390.3121× Critical Flaw in Next.js Allows Authorization Bypass A critical severity vulnerability, tracked as CVE-2025-29927, has been discovered in the Next.js web development framework, potentially allowing attackers to bypass authorization checks. The flaw enables attackers to send
Daily News Update
Audio Summary: Monday, March 24, 2025 (Australia/Melbourne)0:00/107.0641× Fake File Converters Distributing Malware The FBI has warned about the increasing use of fraudulent online document converters to deploy malware and steal user data. These malicious sites often mimic legitimate URLs and are promoted through search engine
Daily News Update
Audio Summary: Sunday, March 23, 2025 (Australia/Melbourne)0:00/167.521× Coinbase the Original Target of GitHub Actions Supply Chain Attack Researchers from Palo Alto's Unit 42 and Wiz have concluded that the recent supply chain attack on the reviewdog/action-setup@v1 GitHub Action had Coinbase as
Daily News Update
Audio Summary: Saturday, March 22, 2025 (Australia/Melbourne)0:00/227.521× Oracle Denies Breach After Hacker Claims Theft of 6 Million Data Records Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from Oracle Cloud federated SSO login servers.
Daily News Update
Audio Summary: Friday, March 21, 2025 (Australia/Melbourne)0:00/508.2481× Taiwan Critical Infrastructure Targeted by Hackers Hackers with apparent ties to China-based groups like Volt Typhoon are targeting critical infrastructure in Taiwan. Cisco Talos discovered a malicious campaign, active since at least 2023, attempting to establish long-term access
Daily News Update
Arcane Infostealer Targeting YouTube and Discord Users A new information-stealing malware called Arcane is targeting users via game cheats promoted on YouTube and Discord. The malware steals extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. The Arcane campaign began in November
Daily News Update
Wiz Links GitHub Supply Chain Attack to Compromised GitHub Action Wiz security researchers have identified the root cause of the recent GitHub supply chain attack, linking it to a compromised GitHub Action, reviewdog/action-setup. This follows a separate attack where the CI/CD secrets of more than 23,000 projects
Daily News Update
Tomcat RCE Vulnerability Under Attack A critical remote code execution (RCE) vulnerability in Apache Tomcat, tracked as CVE-2025-24813, is being exploited in the wild. Attackers are using proof-of-concept (PoC) exploits - the first of which being posted just 30 hours after disclosure - to take over servers via a PUT
Daily News Update
OAuth App Exploitation Targeting Microsoft 365 and GitHub Accounts Cybercriminals are increasingly using malicious OAuth apps in attacks, with recent campaigns highlighting attempts to hijack thousands of Github and Microsoft 365 accounts. Campaigns targeting Microsoft 365 accounts typically masqueraded as legitimate services like Adobe and DocuSign to steal credentials and
Daily News Update
Coinbase Phishing Attack A large-scale phishing campaign is targeting Coinbase users with emails disguised as official communications about a mandatory wallet migration. The emails claim that due to a class action lawsuit, users must transition to self-custodial wallets and provide instructions on how to download the legitimate Coinbase Wallet. What
Daily News Update
Black Basta Credential Stuffing Tool Uncovered The Black Basta ransomware operation has developed an automated brute-forcing framework called 'BRUTED' to compromise edge networking devices such as firewalls and VPNs. EclecticIQ researcher Arda Büyükkaya discovered the tool after examining leaked internal chat logs. BRUTED is designed to conduct large-scale
Daily News Update
This post is an AI-generated summary of News Articles from a handful of publications over the last 24 hours. No credit is taken for the contents of said articles or the accuracy thereof. Audio Summary: Friday, March 14, 2025 (Australia/Melbourne)0:00/212.8561× Chinese Cyber Espionage Targeting Juniper