Hot Topic

In early 2021, a hacker infiltrated OpenAI’s internal messaging systems and obtained information about the design of the company’s AI technologies. The hacker stole information from an online forum where OpenAI employees discussed their latest technologies. However, the hacker was unable to access the systems where the company stores and …

The Brain Cipher ransomware group to release the decryption keys for Indonesia Terkoneksi on Wednesday. They said their attack aims to highlight the need for funding the industry and hiring skilled experts. They clarified that the attack is not politically motivated, but rather a penetration test that requires payment afterwards. …

“A critical vulnerability has been identified in the Google Authentication mechanism of the application. By manipulating the ID and email parameters in the authentication request, an attacker can obtain an access token for any user. This allows the attacker to take over any account without any user interaction, leading to …

A hacker changed the code of five plugins on WordPress.org to add harmful PHP scripts that make new admin accounts on websites using the plugins. The Wordfence Threat Intelligence team found the attack yesterday, but the injections happened between June 21 and June 22, last week. Wordfence found a breach …

A threat offer to sell a zero-day exploit for Atlassian’s Jira in a underground forum. This exploit can be used on the latest version of Jira desktop app and Jira integrated with Confluence.  According to the offer, It does not require any login credentials and can also work with Okta …

A group believed to be linked to China has hacked multiple telecom operators in an Asian country since 2021, according to the Symantec Threat Hunter Team. The attackers used tools linked to Chinese spying groups. They installed several backdoors on targeted companies’ networks to steal passwords. “The attacks have been …

A threat actor has announced selling a 0day vulnerability for Dahua cameras. The bad actor claimed this vulnerability supposedly works with all versions of the device. The threat actor announced the vulnerability allowed unrestricted access and control of the camera and describing it as a Remote Code Execution (RCE) exploit. …

Proofpoint found a fake website selling tickets for the Paris 2024 Summer Olympic Games. The website, “paris24tickets[.]com,” claimed to be a secondary marketplace for sports and live event tickets. It appeared as the second sponsored search result on Google, right after the official website, when searching for “Paris 2024 tickets” …

Researchers found criminal SMS phishing scam campaigns that exploit cloud storage services like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage. These campaigns, run by unknown threat actors, aim to send SMS messages to redirect users to malicious websites in order to steal their information. According …

Fluent Bit, a widely used logging utility, has a critical vulnerability. This vulnerability can lead to denial-of-service attacks, information disclosure, and potentially remote code execution (RCE). Tenable, a cybersecurity firm, discovered this vulnerability. Fluent Bit is an open source tool that collects and processes large amounts of log data from …