Chrome Extensions Vulnerability Leaks API Keys, Secrets, and Tokens
A new wave of security concerns has emerged within the Chrome Web Store after researchers uncovered widespread leakage of API keys, secrets, and tokens...
Cybercriminals Exploit Paste.ee to Unleash XWorm and AsyncRAT Malware Campaigns
Threat actors have been observed abusing the Paste.ee pastebin service to orchestrate the delivery of sophisticated remote access trojans (RATs) including XWorm and AsyncRAT.
Security...
Unauthenticated API Endpoint Exposes Access Tokens of 50,000+ Azure AD Users
CloudSEK's BeVigil platform has uncovered a critical security vulnerability affecting an aviation industry giant, where an exposed JavaScript file containing an unauthenticated API endpoint...
Woodpecker: Red Teaming for AI, Kubernetes, and API Security Testing
A new open-source security tool called Woodpecker has emerged as a specialized solution for red teaming artificial intelligence and cloud applications.
Developed by OperantAI,...
Docker Zombie Malware Spreads Through Containers to Mine Cryptocurrency and Self-Replicate
A sophisticated malware campaign targeting Docker container environments has been detected, leveraging insecurely exposed Docker APIs to launch a rapidly spreading “zombie” outbreak within...
