ARS Technica

GitHub Besieged by Millions of Malicious Repositories in Ongoing Attack

The attack involves the automated forking of legitimate repositories, resulting in millions of malicious forks with names identical to the original ones, making detection and removal challenging for GitHub.

OpenAI Says Mysterious Chat Histories Resulted From Account Takeover

ChatGPT users' private conversations were leaked due to unauthorized logins from a different location, highlighting the need for better security measures such as 2FA and IP tracking.

Update: In Major Lapse, Hacked Microsoft Test Account was Assigned Admin Privileges

The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major lapse on the company's part, a researcher said.

Researcher Uncovers Massive Password Dump Containing 71 Million Unique Credentials

A massive data tranch containing nearly 71 million unique credentials, including 25 million previously unseen passwords, has been circulating on the internet for at least four months.

Actively Exploited Zero-Days in Ivanti VPN are Letting Hackers Backdoor Networks

The vulnerabilities, tracked as CVE-2023-846805 and CVE-2024-21887, were used in an attack last month to steal configuration data, modify files, and gain unauthorized access to systems.

Four-Year Campaign Backdoored Iphones Using Undocumented Hardware Function

The secret hardware function targeted by the attackers allowed them to bypass advanced memory protections, enabling post-exploitation techniques and compromising system integrity.

Hackers Spent Over Two Years Stealing Secrets of Chipmaker NXP

The breach wasn’t uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

1Password Detects “Suspicious Activity” in its Internal Okta Account

The breach occurred in Okta's customer support management system, allowing an unknown attacker to access files uploaded by some Okta customers. 1Password is the second known Okta customer to be targeted in a follow-on attack.

Okta Says Hackers Breached its Support System and Viewed Customer Files

Hackers gained access to Okta's customer support management system, allowing them to view private customer information, including sensitive data such as cookies and session tokens.

Dead Grandma Locket Request Tricks Bing Chat’s AI Into Solving Security Puzzle

This incident highlights a new type of vulnerability, similar to prompt injection, where users can bypass the constraints of the AI model. Microsoft is likely to address this issue in future versions of Bing Chat.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags