Ionut Arghire

Truffle Security has discovered thousands of popular websites leaking their secrets, including .git directories and AWS and GitHub keys.

Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore.

Android’s September 2023 security update resolves a high-severity elevation of privilege vulnerability exploited in malicious attacks.

Google has released another weekly Chrome update, to address four high-severity vulnerabilities reported by external researchers.

MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems.

Freecycle.org is prompting millions of users to reset their passwords after their credentials were compromised in a data breach.

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

British mesh fencing systems maker Zaun discloses LockBit ransomware attack potentially impacting data related to UK military and intelligence sites.

EclecticIQ has released a free decryption tool to help victims of the Key Group ransomware recover their data without paying a ransom.

Cisco has observed multiple threat actors adopting the SapphireStealer information stealer after its source code was released on GitHub.

Sourcegraph says customer information was breached after an engineer accidentally leaked an admin access token.

ZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo.

A vulnerability in the All-in-One WP Migration plugin’s extensions exposes WordPress websites to attacks leading to sensitive information disclosure.

Apple is inviting security researchers to apply for the 2024 iPhone Security Research Device Program (SRDP) to receive hackable iPhones.

Splunk has released patches for multiple high-severity vulnerabilities impacting Splunk Enterprise and IT Service Intelligence.

Fashion retailer Forever 21 says that the personal information of more than 500,000 individuals was compromised in a data breach.

Roughly 78% of the healthcare organizations in North America, South America, the APAC region, and Europe experienced a cyberattack over the past year, according...

Four recent vulnerabilities in the J-Web component of Junos OS have started being chained in malicious attacks after PoC exploit code was published.

GitHub Enterprise Server 3.10 released with additional security capabilities, including support for custom deployment rules.

Mozilla and Google have released stable updates for the Firefox and Chrome browsers to address several memory corruption vulnerabilities.