Автор: Nate Nelson, Contributing Writer

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn’t enforced them. It’s unclear if they will help.

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there’s a workaround.

Parasitic advanced persistent threat Secret Blizzard accesses another APT’s infrastructure and steals what it has stolen from South Asian government and military targets.

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe’s GDPR-mandated data portability rules.

The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.

The APT, aka Earth Estries, is one of China’s most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.

Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.

In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.