TikTok CEO Shou Zi Chew’s testimony did not seem to quell many concerns that lawmakers had about the company’s connections to China or the adequacy of its risk-mitigation plan, Project Texas.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Kroger Postal Prescription Services began to review the affected files to determine what information was compromised and which consumers were impacted.

Led by Pelion Venture Partners with participation from Liberty Global Ventures, Crosslink Capital and One Way Ventures, the new brings Britive’s total raised to $36 million.

On the second day of Pwn2Own Vancouver 2023, the bug hunters demonstrated zero-day attacks against the Oracle VirtualBox virtualization platform, Microsoft Teams, Tesla Model 3, and the Ubuntu Desktop OS.

The Pwn2Own Vancouver 2023 has begun, this hacking competition has 19 entries targeting nine different targets – including two Tesla attempts. On the first day, it awarded $375,000 (and a Tesla Model 3) for 12 zero-day vulnerabilities discovered.

Unit 42 researchers have been tracking a widespread malicious JavaScript (JS) injection campaign that redirects victims to malicious content such as adware and scam pages.

Attack chains mounted by the group commence with a spear-phishing email to deploy a wide range of tools for backdoor access, command-and-control (C2), and data exfiltration.

In this case, Form W-9 is being used as a lure for people to download something sinister. The attachment, W-9 form.zip, is 709 KB in size. Opening the attachment reveals a Word document called W-9 form.doc that is over 500MB in size.

When a victim who is shopping at a compromised online store goes to the checkout page, there will be additional fields injected in the contact form that aren’t normally there.

The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software.