Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Manpower Data Breach Hits 144K, Workday Confirms 3rd-Party CRM Hack

A cyberattack on Manpower’s Michigan office compromised data for 144,000 people. Meanwhile, Workday reveals a data breach in…

HackRead
Open in Source
#google#intel#auth
Scammers Compromised by Own Malware, Expose $4.67M Operation

CloudSEK uncovered a Pakistan-based family cybercrime network that spread infostealers via pirated software, netting $4.67M and millions of…

Russia Is Cracking Down on End-to-End Encrypted Calls

Plus: ICE agents accidentally add a random person to a sensitive group chat, Norwegian intelligence blames the Kremlin for hacking a dam, and new facial recognition vans roam the UK.

GHSA-3x3q-ghcp-whf7: Template Secret leakage in logs in Scaffolder when using `fetch:template`

### Impact Duplicate logging of the input values in the `fetch:template` action in the Scaffolder meant that some of the secrets were not properly redacted. If you're not passing through `${{ secrets.x }}` to `fetch:template` there is no impact. ### Patches This issue has been resolved in `2.1.1` of the `scaffolder-backend` plugin. ### Workarounds Template Authors can remove the use of `${{ secrets }}` being used as an argument to `fetch:template`. ### References If you have any questions or comments about this advisory: Open an issue in the [Backstage repository](https://github.com/backstage/backstage) Visit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)

Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks.

New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework

NIST has released a concept paper for new control overlays to secure AI systems, built on the SP…

Police & Government Email Access for Sale on Dark Web

Cybercriminals are auctioning off live email credentials, giving other criminals access to sensitive systems, confidential intelligence, and, potentially, a higher success rate than ever.

Netflix Job Phishing Scam Steals Facebook Login Data

Beware of fake Netflix job offers! A new phishing campaign is targeting job seekers, using fraudulent interviews to…

Norway Blames Pro-Russian Hackers for Dam Cyberattack

Norway says pro-Russian hackers breached a dam in Bremanger in April, opening a water valve for 4 hours…

Netflix scammers target jobseekers to trick them into handing over their Facebook logins

Scammers are sending out fake Netflix job offers to get control of Facebook accounts.