Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Scavenger Trojan Targets Crypto Wallets via Game Mods and Browser Flaws

New Scavenger Trojan steals crypto wallet data using fake game mods and browser flaws, targeting MetaMask, Exodus, Bitwarden, and other popular apps.

HackRead
Open in Source
#vulnerability#web#mac#windows#git#perl#chrome
Phishers Target Aviation Execs to Scam Customers

KrebsOnSecurity recently heard from a reader whose boss's email account got phished and was used to trick one of the company's customers into sending a large payment to scammers. An investigation into the attacker's infrastructure points to a long-running Nigerian cybercrime group that is actively targeting established companies in the transportation and aviation industries.

Top IT Staff Augmentation Companies in USA 2025

Staff augmentation is a strategy for smart tech teams looking to launch something big. Trying to plug skill gaps or scale without the overhead? Collaborate with a trusted IT staff augmentation company.

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs). The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub repositories opened under the names of legitimate applications, Swiss cybersecurity company PRODAFT said in

GHSA-526j-mv3p-f4vv: eKuiper API endpoints handling SQL queries with user-controlled table names.

### Summary A critical SQL Injection vulnerability exists in the `getLast` API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. ### Details The root cause lies in the use of unsanitized user-controlled input when constructing SQL queries using `fmt.Sprintf`, without validating the `table` parameter. Specifically, in: ```go query := fmt.Sprintf("SELECT * FROM %s ORDER BY rowid DESC LIMIT 1", table) ``` Any value passed as the `table` parameter is directly interpolated into the SQL string, enabling injection attacks. This is reachable via API interfaces that expose time-series queries. ### PoC 1. **Deploy eKuiper instance** (default config is sufficient). 2. **Send a crafted request to the SQL query endpoint**: ```bash curl -X ...

Age verification: Child protection or privacy risk?

With more platforms and governments asking for age verification, we look at the options and the implications.

iPhone vs. Android: iPhone users more reckless, less protected online

Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.

Introducing the smarter, more sophisticated Malwarebytes Trusted Advisor, your cybersecurity personal assistant

Malwarebytes Trusted Advisor has had an update, and it's now sharper, smarter, and more helpful than ever.

Brave Browser Blocks Microsoft Recall from Tracking Online Activity

Brave browser now blocks Microsoft Recall by default, preventing screenshots and protecting users’ browsing history on Windows 11.

Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud,