Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Passwd: A walkthrough of the Google Workspace Password Manager

Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature overload, aiming to provide a reliable system for teams that already rely

The Hacker News
Open in Source
#web#ios#android#google#oauth#auth#ssh#chrome#firefox#The Hacker News
Chinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets Ever

Online black markets once lurked in the shadows of the dark web. Today, they’ve moved onto public platforms like Telegram—and are racking up historic illicit fortunes.

Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape

Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how "Anna’s Archive" bypassed security, and why experts warn against downloading the leaked files.

U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme

The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud. The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website are

The ‘Epstein’s Suicide’ Video in the Latest DOJ Release Isn’t What It Seems

Here’s how a fake clip from 2019 wound up in the latest Justice Department Epstein files dump.

GHSA-fw48-7qf9-455m: Piranha has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.

GHSA-83fp-hh9m-c2jq: Piranha has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.

GHSA-54mj-vcvj-q3v5: Umbraco CMS has an arbitrary file upload vulnerability

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account. The package, named "lotusbail," has been downloaded over 56,000 times since it was first uploaded to the registry by a user named "

Frogblight Malware Targets Android Users With Fake Court and Aid Apps

Kaspersky warns of 'Frogblight,' a new Android malware draining bank accounts in Turkiye. Learn how this 'court case' scam steals your data and how to stay safe.