Jan 24, 2025 | Podcast
https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions A sophisticated supply chain attack has targeted Chrome extension developers, compromising dozens of extensions and potentially impacting millions of users. The campaign involved...
Jan 23, 2025 | Podcast
https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years A critical error in MasterCard’s domain name system (DNS) configuration went unnoticed for nearly five years. This misconfiguration could have allowed attackers to intercept or...
Jan 22, 2025 | Podcast
https://www.bleepingcomputer.com/news/security/7-zip-fixes-bug-that-bypasses-the-windows-motw-security-mechanism-patch-now 7-Zip users are urged to update to the latest version (24.09) immediately to address a critical security vulnerability (CVE-2025-0411). This flaw...
Jan 21, 2025 | Podcast
Ross Ulbricht's Xitter is being spammed with accounts which appear to be associated with him (image 1). However, the accounts are not. When you try to view the "official" Ross Ulbricht Telegram channel it asks to verify your identity (image 2). It gives...
Jan 21, 2025 | Podcast
If you’ve been in AppSec for a while, you’ve probably heard of Security Champions. Maybe you’ve even tried to implement a program. But here’s the thing – most of these programs fail within the first year. Today, we’re going to tell you...
Jan 20, 2025 | Podcast
https://blog.cloudflare.com/ddos-threat-report-for-2024-q4 Cloudflare has mitigated the largest DDoS attack ever recorded, peaking at a staggering 5.6 terabits per second (Tbps).1 This UDP-based attack, launched by a Mirai-based botnet of over 13,000 compromised...
