Security News

Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack
2024-09-04 13:00

A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed...

Security Researcher Sued for Disproving Government Statements
2024-09-04 11:03

This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their...

Researchers find SQL injection to bypass airport TSA security checks
2024-08-30 19:02

Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to...

Researcher sued for sharing data stolen by ransomware with media
2024-08-30 14:44

The City of Columbus, Ohio, has filed a lawsuit against security researcher David Leroy Ross, aka Connor Goodwolf, accusing him of illegally downloading and disseminating data stolen from the...

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers
2024-08-30 13:28

Infosec hounds say they spotted vulnerability during routine travel in the US Cybersecurity researchers say they've found a vulnerability that allowed them to skip US airport security checks and...

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
2024-08-26 10:31

Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to...

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters
2024-08-20 09:36

Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and...

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
2024-08-19 05:43

Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity "indicate communications...

Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service
2024-08-13 13:00

Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data. The critical issues, now patched by Microsoft, could have allowed access to cross-tenant resources within the service, Tenable said in a new report shared with The Hacker News.

Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems
2024-08-12 10:30

Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. "If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causing blackouts," Bitdefender researchers said in an analysis published last week.