The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories ...
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via ...
InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
FinanceFeeds

Fintechs Brace for Bot Attacks as Fraud Attempts Surge

Bot attacks are soaring as part of an overall increase in fraud attempts. With fintechs among attackers’ favorite targets, ...
Infosecurity Magazine

Global Magecart Campaign Targets Six Card Networks

Silent Push has discovered a new Magecart campaign targeting six major payment network providers that has been running since ...

Russia uses its new ballistic missile in a major attack on Ukraine and a warning to West

Russia has launched a massive overnight attack on Ukraine, using hundreds of drones and dozens of missiles. Officials say at ...
Security Boulevard

Fingerprints beyond device IDs: engineered representations for fraud detection

In fraud and bot detection, people usually think of fingerprinting as the classic browser or device fingerprint. This comes ...

Bunge facility in Ukraine damaged by Russian bombing, leaking 300 metric tons of sunflower oil

A Russian bombing attack on Monday damaged a facility owned by Chesterfield-based Bunge Global SA in Ukraine, causing a ...
SecurityWeek

Russia’s APT28 Targeting Energy Research, Defense Collaboration Entities

Russian state-sponsored group APT28 has targeted energy research, defense collaboration, and government communication ...

Fake error popups are spreading malware fast

Cybercriminals use ErrTraffic tool to automate malware distribution through fake browser error messages, with attacks ...
Security Boulevard

Silent Push Exposes Magecart Network Operating Since Early 2022

Silent Push reveals a sophisticated Magecart network using web skimmers to steal credit card data from online shoppers, highlighting the need for enhanced cybersecurity measures.

Browser extension malware infected 8.8M users in DarkSpectre attack

Browser extensions turned malicious after years of legitimate operation in DarkSpectre campaign affecting millions. The ...