The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before attracting 183 downloads.

The vulnerability found by Dan McInerney is tracked as CVE-2023-1177 and is rated 10 (critical) on the CVSS scale. It is described as a local and remote file inclusion (LFI/RFI) via the API.

The Series A funding round was led by Google Ventures (GV), with participation from existing investors Boldstart Ventures and Preface. The company plans to use some of the funding to expand its engineering team in Cork.

This social media scam begins with a comment from a random account on a user’s post, which congratulates the victim saying they’re one of the 2023 lucky ones selected to receive a SHEIN gift card.

TikTok CEO Shou Zi Chew’s testimony did not seem to quell many concerns that lawmakers had about the company’s connections to China or the adequacy of its risk-mitigation plan, Project Texas.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Kroger Postal Prescription Services began to review the affected files to determine what information was compromised and which consumers were impacted.

Led by Pelion Venture Partners with participation from Liberty Global Ventures, Crosslink Capital and One Way Ventures, the new brings Britive’s total raised to $36 million.

On the second day of Pwn2Own Vancouver 2023, the bug hunters demonstrated zero-day attacks against the Oracle VirtualBox virtualization platform, Microsoft Teams, Tesla Model 3, and the Ubuntu Desktop OS.

The Pwn2Own Vancouver 2023 has begun, this hacking competition has 19 entries targeting nine different targets – including two Tesla attempts. On the first day, it awarded $375,000 (and a Tesla Model 3) for 12 zero-day vulnerabilities discovered.

Unit 42 researchers have been tracking a widespread malicious JavaScript (JS) injection campaign that redirects victims to malicious content such as adware and scam pages.