🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
8 JunNew PHP Vulnerability Exposes Windows Servers to Remote Code ExecutionDetails have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all vers…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 4[−]
8 JunGoldPickaxe iOS Malware Harvests Facial Recognition Data & Bank AccountsDue to the growing popularity of Apple devices, cybercriminals are increasingly targeting iOS and macOS with malware. The App Store is no longer secure, and iCloud is a new target, as Apple’s allowance of third-party app stores in Europe is expected to be exploited. E…GBHACKERS.COM
8 JunCritical PHP Vulnerability Threatens Windows ServersRemote Code Execution Exploit Found; Patch Now Available A critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x, requires immediate action from server administrators. The flaw enables attackers to execute arbitrary code on remo…DATABREACHTODAY.CO.UK
8 JunNew York Times source code stolen using exposed GitHub tokenInternal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. [...]BLEEPINGCOMPUTER.COM
8 Jun'New York Times source code' leaks online via 4chansubmitted by c0mmando to netsec 1 points | 0 comments https://web.archive.org/web/20240608093812/https://www.theregister.com/2024/06/07/4chan_nyt_code/ A 4chan user claims to have leaked 270GB of internal New York Times data, including source code, via the notorious image board. …WEB.ARCHIVE.ORG
🔥 INCIDENT REPORTING 1[−]
8 JunWhat Snowflake isn’t saying about its customer data breachesAs another Snowflake customer confirms a data breach, the cloud data company says its position "remains unchanged." © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 2[−]
8 JunMicrosoft Revamps Controversial AI-Powered Recall Feature Amid Privacy ConcernsMicrosoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by…THEHACKERNEWS.COM
8 JunSticky Werewolf Weaponizing LNK Files Group Attacking To Attack OrganizationsSticky Werewolf, a cyber threat group, has shifted its targeting strategy from sending phishing emails with download links to malicious files to using archive attachments containing LNK files, which act as shortcuts to malicious executables hosted on WebDAV servers. When a …GBHACKERS.COM
📡 INFOSEC NEWS 1[−]
8 JunDDoS attacks target EU political parties as elections beginHacktivists are conducting DDoS attacks on European political parties that represent and promote strategies opposing their interests, according to a report by Cloudflare. [...]BLEEPINGCOMPUTER.COM