A high-severity vulnerability (CVE-2024-38810) has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications. The vulnerability impacts Spring Security versions 6.3.0 and 6.3.1.
Styx Stealer is based on the Phemedrone Stealer and is available for purchase online. It has the ability to steal passwords, cookies, crypto wallet data, and messenger sessions, as well as gather system information.
x64dbg is an open-source binary debugger for Windows, perfect for malware analysis and reverse engineering executables. It has a user-friendly UI that simplifies navigation and provides context on the process.
Xeon Senderallows attackers to conduct large-scale SMS spam and phishing campaigns using legitimate SaaS providers. Distributed through Telegram and hacking forums, it requires API credentials from popular providers like Amazon SNS and Twilio.
Google is testing a feature in Chrome on Android to redact credit card details, passwords, and sensitive information when sharing your screen. Google aims to prevent leaks of sensitive data while recording or sharing screens.
The Cyberint Research Team discovered that the malware, believed to be the work of a Chinese speaker, contains core files in a Microsoft Cabinet archive, with executables vulnerable to DLL side-loading.
House members John Moolenaar and Raja Krishnamoorthi expressed worries about TP-Link Technologies, the world’s top Wi-Fi product provider, being vulnerable to compromised by state-sponsored hackers from China.
Microsoft has classified the issue as low-severity and has not issued any fixes, except for Teams and OneNote apps. Excel, Outlook, PowerPoint, and Word apps remain vulnerable.
Authentik is known for its adaptability and flexibility. It seamlessly integrates into existing environments, offering support for various protocols. It simplifies tasks like sign-up and account recovery in applications.
A recent ransomware attack on Indian payment systems has been traced back to a vulnerability in the widely used Jenkins automation system. The attack targeted a digital payment system used by many Indian banks.