Meta Ponies Up $300K Bounty for Zero-Click Mobile RCE Bugs in Facebook
Facebook parent Meta will pay up to $300,000 to security researchers who report exploitable remote code execution (RCE) vulnerabilities in the Android and iOS versions of Facebook, Messenger, Instagram,...
Stolen Data on 80K+ Members of FBI-Run InfraGard Reportedly for Sale on Dark Web...
A hacker using the handle "USDoD" has reportedly stolen contact information on more than 80,000 members of an FBI-run program called InfraGard and put the information up for sale...
Crypto users claim Gemini email leak occurred much earlier than first reported
"Not handled well." This was how one user described the revelations brought forth by Cointelegraph on Dec. 14 regarding the leak of 5.7 million Gemini customers’ email addresses and...
NSA Slices Up 5G Mobile Security Risks
A working group pulled together by the US National Security Agency (NSA) has issued a report outlining the cybersecurity threats related to mobile broadband 5G network slicing. Network slicing...
Automated Cybercampaign Creates Masses of Bogus Software Building Blocks
An automated attack within the NuGet open source ecosystem for .NET developers has resulted in a flood of malicious packages containing links to phishing campaigns.
That's according to a joint...
CSAF Is the Future of Vulnerability Management
Today, nearly every party that issues security advisories uses its own format and structure. Plus, most security advisories are only human-readable, not machine-readable.System administrators have to read each advisory,...
Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware
Malicious drivers certified by Microsoft's Windows Hardware Developer Program have been used to juice post-exploitation efforts by cybercriminals, Redmond warned this week — including being used as part of...
Wiz debuts PEACH tenant isolation framework for cloud applications
Cloud security vendor Wiz has announced PEACH, a tenant isolation framework for cloud applications designed to evaluate security posture and outline areas of improvement. The firm stated that the...
Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
Microsoft has released fixes for 48 new vulnerabilities across its products, including one that attackers are actively exploiting and another that has been publicly disclosed but is not under...
Prevent Secret Leaks: Find and Secure Secrets Across Your Repositories and Pipelines
Developers use secrets to enable their applications to securely communicate with other services. Hardcoding credentials (like usernames and passwords) simplifies development and saves time. Unfortunately, version control systems (VCS)...
