Security News
Bitwarden and 1Password are two of the top password managers. Find out which password manager is the best for you using this comprehensive comparison.
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the...
OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under certain conditions. Security researcher Johann Rehberger discovered a technique to exfiltrate data from ChatGPT and reported it to OpenAI in April 2023.
Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a...
The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals. BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling credit and debit cards that were stolen through phishing or skimmers on e-commerce sites.
Third-party supply chain risk is a key concern from Australian cyber security professionals. ASIC reveals third-party supply chain risk as key gap in Australia.
Security vendor Sonatype believes developers are failing to address the critical remote code execution vulnerability in the Apache Struts 2 framework, based on recent downloads of the code. It is a logic bug in the framework's file upload feature: if an application uses Struts 2 to allow users to upload files to a server, those folks can abuse the vulnerability to save documents where they shouldn't be allowed to on that remote machine.
A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across...
The Solntsepek group has taken credit for the attack. They're linked to the Russian military, so it's unclear whether the attack was government directed or freelance.
Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser. Trusted Types addresses the risk of unsafe input by limiting the attack surface via Content Security Policy and a content filtering mechanism.