Threat actors are using Amazon Web Services to create phishing pages that bypass security scanners and scam victims into handing over credentials. The scammers send their targets what appears to be a standard password expiration email or other emails meant to create a sense of urgency. The emails come from legitimate AWS domains, but a […]
Two trojanized Python and PHP packages have been uncovered in what’s yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is “ctx,” a Python module available in the PyPi repository. The other involves “phpass,” a PHP package that’s been forked on GitHub to distribute […]
SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like Amazon Workspaces, NoMachine and Accops to allow users to connect and share local devices over network. “These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite […]
Latest Comments