Security
Headlines
HeadlinesLatestCVEs

Latest News

New Choicejacking Attack Steals Data from Phones via Public Chargers

Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds.

HackRead
Open in Source
#vulnerability#ios#android#pdf#auth
How the FBI got everything it wanted (re-air) (Lock and Code S06E15)

This week on the Lock and Code podcast, we revisit an interview with Joseph Cox about the largest FBI sting operation ever carried out.

How the FBI got everything it wanted (re-air) (Lock and Code S06E15)

This week on the Lock and Code podcast, we revisit an interview with Joseph Cox about the largest FBI sting operation ever carried out.

Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. "The vulnerability we discovered was remarkably simple to exploit -- by providing only a non-secret app_id value to undocumented registration and email verification endpoints, an attacker

GHSA-hfcf-79gh-f3jc: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs

The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user's IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking.

Allianz Life Data Breach Hits 1.4 Million Customers

Allianz Life Insurance confirms a July 2025 data breach impacting 1.4 million customers, financial pros and employees. Learn how social engineering exploited a third-party CRM, the hallmarks of Scattered Spider tactics, and the broader risks of supply chain vulnerabilities.

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verification" that are sent from the email address noreply@pypj[.]org (note that the domain is not "pypi[.]org"). "This is

The Hidden Threat of Rogue Access

With the right IGA tools, governance policies, and risk thresholds, enterprises can continuously detect and act on rogue access before attackers do.

Critical Flaw in Vibe-Coding Platform Base44 Exposes Apps

A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44.

SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm

Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks.