Security News

Windows Themes zero-day bug exposes users to NTLM credential theft
2024-10-30 21:30

Plus a free micropatch until Redmond fixes the flaw There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials.…

Hackers steal 15,000 cloud credentials from exposed Git config files
2024-10-30 14:00

A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. [...]

Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials
2024-10-28 11:10

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and...

WordPress forces user conf organizers to share social media credentials, arousing suspicions
2024-10-28 06:27

One told to take down posts that said nice things about WP Engine Organisers of WordCamps, community-organized events for WordPress users, have been ordered to take down some social media posts...

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
2024-10-22 09:21

Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have...

Hackers exploit Roundcube webmail flaw to steal email, credentials
2024-10-21 21:14

Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the...

Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
2024-10-20 07:37

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user...

Critical default credential in Kubernetes Image Builder allows SSH root access
2024-10-16 21:58

It's called leaving the door wide open – especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) thanks to default...

Critical hardcoded SolarWinds credential now exploited in the wild
2024-10-16 20:00

Another blow for IT software house and its customers A critical, hardcoded login credential in SolarWinds' Web Help Desk line has been exploited in the wild by criminals, according to the US...

CISSP and CompTIA Security+ lead as most desired security credentials
2024-10-14 03:30

33.9% of tech professionals report a shortage of AI security skills, particularly around emerging vulnerabilities like prompt injection, according to O’Reilly. This highlights the need for...