Mar 26, 2025 | Podcast
https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records Threat Actor Offers Stolen Data on Hacking Forum, Seeks Ransom or Zero-Day Exploits Oracle has firmly denied allegations of a data breach after...
Mar 25, 2025 | Podcast
https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor-how-hackers-can-weaponize-code-agents Researchers Uncover Dangerous “Rules File Backdoor” Attack Targeting GitHub Copilot and Cursor In a groundbreaking discovery,...
Mar 24, 2025 | Podcast
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware A critical vulnerability, CVE-2025-29927, has been discovered in the Next.js web development framework, enabling attackers to bypass authorization checks. This flaw allows malicious...
Mar 22, 2025 | Podcast
https://www.itnews.com.au/news/over-200000-mygov-users-disable-passwords-in-passkey-shift-615664 Over half a million myGov users have adopted passkeys as their login method since the feature launched in June 2024, with over 200,000 users exclusively relying on...
Mar 21, 2025 | Podcast
https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts A widespread phishing campaign is targeting GitHub users with fake “Security Alert” issues, attempting to trick them into authorizing a...
Mar 20, 2025 | Podcast
https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066 The widely used GitHub Action “tj-actions/changed-files” was compromised before March 14, 2025, injecting malicious code that leaked secrets from affected...
