Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

Fabrice Malware on PyPI Has Been Stealing AWS Credentials for 3 Years

The malicious Python package “Fabrice” on PyPI mimics the “Fabric” library to steal AWS credentials, affecting thousands. Learn how…

HackRead
Open in Source
#web#windows#amazon#linux#js#git#intel#backdoor#aws#auth#ssh
Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers' Amazon Web Services (AWS) credentials. The package in question is "fabrice," which typosquats a popular Python library known as "fabric," which is designed to execute shell commands remotely over

Nokia: No Evidence So Far That Hackers Breached Company Data

The mobile device maker continues to investigate IntelBroker's claims of another high-profile data breach, with the cybercriminal group posting on BreachForums internal data allegedly stolen from Nokia through a third-party contractor.

Attacker Hides Malicious Activity in Emulated Linux Environment

The CRON#TRAP campaign involves a novel technique for executing malicious commands on a compromised system.

GHSA-wvv7-wm5v-w2gv: Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

### Summary XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. ### Details When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template. ``` <p align="center"> <a href="https://www.osmedeus.org"><img alt="Osmedeus" src="https://raw.githubusercontent.com/osmedeus/assets/main/logo-transparent.png" height="140" /></a> <br /> <br /> <strong>Execute Summary Generated by Osmedeus {{Version}} at <em>{{CurrentDay}}</em></strong> <p align="center"> <a href="https://docs.osmedeus.org/"><img src="https://img.shields.io/badge/Documentation-0078D4?style=for-the-badge&logo=GitBook&logoColor=39ff14&labelColor=black&color=black"></a> <a href="https://docs.osmedeus.org/donation/"><img src="https://img.shields.io/badge/Donation-0078D4?style=for-the-badge&logo=GitHub-Sponsors&logoColor=39ff14&labelColor=...

Dark Reading Confidential: Quantum Has Landed, So Now What?

Episode #4: NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs into the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.

Hackers Deploy CRON#TRAP for Persistent Linux System Backdoors

CRON#TRAP is a new phishing attack using emulated Linux environments to bypass security and establish persistent backdoors. Leveraging…

Leveraging Wazuh for Zero Trust security

Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after

Hackers Leak 300,000 MIT Technology Review Magazine User Records

Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records…

Sysax Multi Server 6.99 SSH Denial Of Service

Sysax Multi Server version 6.9.9 suffers from an SSH related denial of service vulnerability.