Auth0 Glitch Allows Attackers to Launch Phishing Attacks
A glitch in Auth0 could allow attackers to spoof a legitimate website and collect sensitive information from visitors. Go to Source
World Cup, Vacation Scams Lead in Phishing Trips this Summer
Scammers recently targeted Booking.com customers via WhatsApp messages and texts asking them for full payment for holidays. Go to Source
DNA Testing Service MyHeritage Leaks User Data of 92 Million Customers
An unspecified “private” server was found with the account data of users who signed up for the service, in the largest breach since Equifax last year. Go to Source
WARDroid Uncovers Mobile Threats to Millions of Users Worldwide
An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – thanks to inconsistencies between app and server logic in web APIs. Go to Source
Drupalgeddon 2.0 Still Haunting 115K+ Sites
More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago. Go to Source
Google Patches 11 Critical Android Bugs in June Update
Remote code execution vulnerabilities dominate this month’s critical Android patches. Go to Source
Social Media Privacy Dominates Apple iOS 12, macOS Launches
Social media data privacy controls were the top security topic at Apple’s WWDC on Monday. Go to Source
Researchers Warn of Microsoft Zero-Day RCE Bug
A Microsoft Windows vulnerability enables remote attackers to execute arbitrary code – and there’s no patch yet. Go to Source
Browser Side-Channel Flaw De-Anonymizes Facebook Data
An attacker can pick up the profile picture, username and the “likes” of unsuspecting visitors who find themselves landing on a malicious website. Go to Source
Public Google Groups Leaking Sensitive Data at Thousands of Orgs
The exposed information includes accounts payable and invoice data, customer support emails, password-recovery mails, links to employee manuals, staffing schedules and other internal resources. Go to Source