Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-95h4-w6j8-2rp8: Undertow MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

ghsa
Open in Source
#vulnerability#ddos#dos#auth
Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches

Hackers exploited the Salesloft Drift app to steal OAuth tokens and access Salesforce data, exposing customer details at…

Tax refund scam targets Californians

Californians are receiving scammy text messages that tell them they're owed a tax refund. Don't click any links or reply!

JSON Config File Leaks Azure ActiveDirectory Credentials

In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate Azure cloud environments.

Silver Fox APT Exploits Signed Windows Driver to Deliver ValleyRAT

Check Point reports Silver Fox APT using a signed WatchDog driver flaw to disable Windows security and deliver…

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware

The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts. The vulnerable driver in question is "amsdk.sys" (version 1.0.600), a 64-bit, validly signed Windows kernel device driver

Generative Engine Optimisation: What It Is and Why You Need an Agency for It

As digital marketing keeps changing, staying ahead means adopting the latest strategies that enhance online visibility and user…

WhatsApp fixes vulnerability used in zero-click attacks

WhatsApp has patched a vulnerability that was used in conjunction with an Apple vulnerability in zero-click attacks.

How to set up two-step verification on your WhatsApp account

This guide gives step-by-step instructions how how to enable two-step verification for WhatsApp on Android, iOS, and iPadOS

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large