Security News

BadgerDAO, maker of a decentralized finance protocol, said on Wednesday that it is investigating reports that millions in user funds have been stolen. The DAO in BadgerDAO stands for Decentralized Autonomous Organization, which means the company is "Run by our users - not VCs, whales, or institutions".

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible disclosure by DevOps firm JFrog -.

A surge in spearphishing emails designed to steal Office 365 credentials were rigged to look like they came from a Kaspersky email address. Office 365 credentials are a common target for phishing attacks.

Kaspersky said today that a legitimate Amazon Simple Email Service token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. Amazon SES is a scalable email service designed to allow developers to send emails from any app for various use cases, including marketing and mass email communications.

The Python Package Index registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers. Malware steals credit card numbers, browser files, Discord tokens.

The NitroRansomware malware strain is shaking up the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money. According to an analysis by Bleeping Computer, the ransomware verifies that the provided Discord gift codes are valid, and decrypts the files using an embedded static decryption key.

Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.

Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.

Singapore will bin the physical tokens used to provide two-factor authentication for some digital government services. The city-state operates "SingPass", a government service that connects Singapore's residents with 200 government services.

Whisper, a mobile app for sharing those thoughts you'd rather not make public, turns out to be better at sharing secrets than keeping them, spilling a whopping 90 metadata fields associated with users in an exposed database. In a phone interview with The Register, Dan Ehrlich, security consultant with Twelve Security, said colleague Matt Porter had spotted the unprotected Whisper ElasticSearch database.