Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

DARKReading
Open in Source
#vulnerability#web#ios#mac#apple#google#git#perl#samba#auth#ssl
15 SpyLoan Apps Found on Play Store Targeting Millions

SUMMARY Cybercriminals are exploiting SpyLoan, or predatory loan apps, to target unsuspecting users globally. McAfee cybersecurity researchers report…

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

AI chatbot provider WotNot left a cloud storage bucket exposed that contained almost 350,000 files, including personally identifiable information.

Repeat offenders drive bulk of tech support scams via Google Ads

Consumers are getting caught in a web of scams facilitated by online ads often originating from the same perpetrators.

'White FAANG' Data Export Attack: A Gold Mine for PII Threats

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.

Why Phishers Love New TLDs Like .shop, .top and .xyz

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

The Ultimate Guide to Designing a Logo Online: Tools, Tips, and Tricks

A logo is more than just a visual element—it’s the cornerstone of your brand identity. It communicates your…

GHSA-q9rr-h3hx-m87g: BunkerWeb has Open Redirect Vulnerability in Loading Page

### Summary: A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. ### Details: The loading endpoint accepts and uses an unvalidated "next" parameter for redirects: ### PoC: Visit: `/loading?next=https://google.com` while authenticated. The page will redirect to google.com. ### Impact: This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites.

Russian FSB Cross Site Scripting

The Russian FSB appears to suffer from a cross site scripting vulnerability. The researchers who discovered it have reported it multiple times to them.