Vulnerable U
Infosec's favorite weekly newsletter for news, tools, and tips with 19,000+ CISOs, founders, change-makers, and straight up hackers.
Connect
Malware campaign abusing GTM to inject credit card skimmers into e-commerce sites. Obfuscated JavaScript stealing payment data, along with a hidden PHP backdoor for persistent access.
Eric Council Jr., 25, who was arrested in October 2024, pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud
The dark web leak site of the 8base, a ransomware group that deploys a variant of the Phobos ransomware, has been seized.
The flaw can lead to remote code execution
Musk's DOGE agents accessing sensitive info, Medical device backdoors, North Korean MacOS malware, Cisco and Zyxel vulnerabilities, and much more!
Security experts warn that the DeepSeek AI app exposes users to serious risks, including unencrypted data transmission, hardcoded encryption keys, and advanced device fingerprinting.
Microsoft warns that over 3,000 publicly disclosed ASP.NET machine keys could enable ViewState code injection attacks, leading to remote code execution.
The move is a result of an increase in complaints about romance and financial fraud scams
Discover how attackers exploit Google Cloud Build to execute malicious actions, and learn which log events security teams should monitor to detect and prevent cloud-based threats.
Zyxel is urging customers to replace legacy DSL CPE routers impacted by a previously disclosed and targeted vulnerability.
A new malware sample is one of many macOS variants that are attributed to a DPRK campaign using a job interview lure
The bug results from the use of an insecure hash function
