Tag: security
Critical security flaw in Next.js could spell big trouble for JavaScript users
Researchers spot critical vulnerability in Next.js If authorizations happen in middleware, they could be bypassed in older versions A patch, and a temporary workaround, are both available, so update now Experts have warned there is a critical severity flaw in the Next.js open source web development framework which allows threat…
Read More
Fake file converters are stealing info, pushing ransomware, FBI warns
The FBI warns about web-based file conversion projects being malicious Some are dropping malware, others stealing sensitive data FBI urges victims to report the attacks Free online file converters, joiners, and similar productivity tools are actually covers for data scraping and malware/ransomware distribution campaigns, the FBI is warning. The Bureau’s…
Read More
Coinbase targeted after recent Github attacks
Researchers claim primary target of a recent cascading supply chain attack was Coinbase The cryptocurrency exchange was not compromised, but hundreds of other projects might suffer The attack went through a GitHub Action tool The endgame of the recent cascading supply chain attack on GitHub was to breach Coinbase, one…
Read More
North Korea unveils new military unit targeting AI attacks
North Korea has established a new AI hacking department The new group will be called ‘Research Center 227’ North Korea carried out many cyber offensives in 2024, including a fake interview campaign The Democratic People’s Republic of Korea (North Korea) has established “Research Center 227” according to reports from Daily…
Read More
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
WP Ghost, a popular security plugin, carried a 9.6-severity flaw It allows threat actors to execute malicious code, remotely The developers released a patch, and users should update now WP Ghost, a popular security WordPress plugin, was carrying a vulnerability that allowed threat actors to launch Remote Code Execution (RCE)…
Read More
Cisco smart licensing system sees critical security flaws exploited
Security researchers claim two Cisco Smart Licensing Utility bugs are being abused in the wild One of the bugs is a hardcoded admin account Both bugs were fixed in 2024, so users should update now Cybercriminals are abusing two vulnerabilities found in Cisco Smart Licensing Utility (CSLU) to unknown ends.…
Read More