Cyber Attack

The web development community was affected by a supply chain attack on the popular Polyfill.io JavaScript library last week. Polyfill.js supports modern tools on older web browsers for cross-compatibility. In February 2024, the Polyfill.io domain and GitHub account were acquired by Funnull, a Chinese CDN company. This raised concerns about …

“A critical vulnerability has been identified in the Google Authentication mechanism of the application. By manipulating the ID and email parameters in the authentication request, an attacker can obtain an access token for any user. This allows the attacker to take over any account without any user interaction, leading to …

An executive from National Australia Bank reveals that the four major banks in the country face continuous attacks, as threat actors launch numerous attacks every minute, around the clock. According to Chris Sheehan, National Australia Bank’s executive for group investigations, all banks are constantly being targeted by attacks. The purpose …

There is a security flaw (CVE-2024-20399) in Cisco NX-OS Software that lets an attacker with local access execute commands as root on the affected device. The vulnerability is caused by not properly checking the arguments used in certain configuration CLI commands. An attacker can take advantage of this vulnerability by …

Indonesia’s temporary National Data Center (PDN) was attacked by ransomware last Thursday, leading to delays in airport immigration services and new student registration. The hackers are asking for an $8 million ransom, about Rp 131 billion, to give back the stolen data. The ransomware used in this incident is “Brain …

Evolve Bank & Trust experienced a cybersecurity incident. The bank confirmed that cybercriminals obtained and shared customers’ personal information on the dark web. This data breach affected both retail bank customers and customers of Evolve’s financial technology partners. Evolve Bank was hacked by a cybercriminal group that stole and shared …

According to digital risk management firm Athenian Technology, BSNL, India’s state-owned telecom provider, suffered a significant data breach. A cybercriminal named “kiberphant0m” performed the attack, resulting in the exposure of a large amount of sensitive data. This puts millions of users at risk. Zee news reported, Kanishk Gaur, CEO of …

Over 100,000 websites were compromised in a recent supply chain attack. The attack injected malware into the popular Polyfill JS project. It was discovered by the Sansec Forensics Team and shows the increased risks of using open-source software. The Polyfill JS library, which helps older web browsers, has been targeted …

A hacker changed the code of five plugins on WordPress.org to add harmful PHP scripts that make new admin accounts on websites using the plugins. The Wordfence Threat Intelligence team found the attack yesterday, but the injections happened between June 21 and June 22, last week. Wordfence found a breach …

LockBit claimed that it breached Federal Reserve Board (Federalreserve.gov), the central banking system of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” “The group announced to release the stolen data on 25 June, 2024 20:27:10 UTC.” According to the post by the LockBit ransomware …