Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach

2022-05-31 - Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of its integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information. "Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure,"

Source:, Ravie Lakshmanan

EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities

2022-05-31 - A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week. "Services

Source:, Ravie Lakshmanan

Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild

2022-05-30 - Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document ("05-2022-0438.doc") that was uploaded to VirusTotal from an IP address in Belarus. "It uses Word's

Source:, Ravie Lakshmanan

Is 3rd Party App Access the New Executable File?

2022-05-30 - It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes.  An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecting an app they need with their Google workspace or M365 environment, etc. Simple actions that users

Source:, The Hacker News

New 'GoodWill' Ransomware Forces Victims to Donate Money and Clothes to the Poor

2022-05-30 - Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need. "The ransomware group propagates very unusual demands in exchange for the decryption key," researchers from CloudSEK said in a report published last week. "The Robin Hood-like group claims to be interested in

Source:, Ravie Lakshmanan

Ett stort företag börjar från små.
Grundades 2015
let's talk about your project

Innehållet i detta e-postmeddelande är konfidentiellt och avsett endast för den mottagare som anges i meddelandet.