Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
6abc News

Hacker accessed FBI server that included Epstein files in 2023, files suggest

A hacker in 2023 was able to access an FBI server that contained some files related to Jeffrey Epstein, according to documents released by the Department of Justice earlier this year. In a statement ...
Jezebel

Let’s Take Another Look at the Latest Epstein Files Dump

On Friday, the Justice Department released more than three million pages of the Epstein files—and newsrooms everywhere were forced to cancel their weekend plans to comb through the tranche of emails, ...
thecyberexpress

Acting CISA Chief Flagged for Uploading Sensitive Government Files Into ChatGPT

The acting head of the federal government’s top cyber defense agency triggered an internal cybersecurity warning last summer after uploading sensitive government documents into a public version of ...
tech2geek

WarpDrop: Share Files Securely Without Uploading Them to a Server

Most file-sharing services are convenient—but they come at a hidden cost. Platforms like WeTransfer, TransferNow, and similar tools store your files on their servers, sometimes for days, even after ...
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...
IEEE

Beyond the Upload Button: A 10-Year Retrospective on Security Issues Within File Upload

Abstract: File upload is a convenient feature offered by a plethora of applications and communication services in various interesting application contexts, such as IoT devices, smart home systems, and ...
ZDNet

Google just made it easier to upload files in AI Mode - try it now

Google had made it easier to upload documents in AI Mode. A new plus button allows you to upload files and images for AI analysis. The feature is only appearing on desktop mode for now. Google just ...
IEEE

URadar: Discovering Unrestricted File Upload Vulnerabilities via Adaptive Dynamic Testing

Abstract: Unrestricted file upload (UFU) vulnerabilities, especially unrestricted executable file upload (UEFU) vulnerabilities, pose severe security risks to web servers. For instance, attackers can ...
Forbes

Copy And Paste Cybersecurity Warning — 99% Of Enterprises Now At Risk

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. When it comes to enterprise-based data security, the general ...