Автор: Elizabeth Montalbano, Contributing Writer

An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.

An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.

A software engineer hired for an internal IT AI team immediately became an insider threat by loading malware onto his workstation.

CrowdStrike vows to provide customers with greater control over the delivery of future content updates by allowing granular selection of when and where these updates are deployed.

An exploit sold on an underground forum requires user action to download an unspecified malicious payload.

An exploit sold on an underground forum requires user action to download an unspecified malicious payload.

Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.

Three newly discovered SMTP smuggling attack techniques can exploit misconfigurations and design decisions made by at least 50 email-hosting providers.

Manipulated header info within files, in mobile Trojans like TeaBot and others, makes it difficult for defenders to analyze and detect them.

The threat group used CVE-2024-38112 and a "zombie" version of IE to spread Atlantida Stealer through purported PDF versions of reference books.