The Hacker News

iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks

Stripe iframe skimmer hit 49 merchants in Aug 2024, bypassing CSP to steal cards, driving PCI DSS 4.0.1 updates.
American Banker

New framework aims to reduce SaaS security risk

A new industry standard from the Cloud Security Alliance aims to solve major security challenges for companies that rely ...
CRM Buyer

AppOmni’s Zero Trust Bridge Closes SaaS CRM Security Blind Spots

A growing wave of attacks on SaaS CRM platforms is overwhelming outdated cybersecurity defenses. AppOmni’s Zero Trust Bridge ...
Arabian Post

Browser Domains Under Threat from Hidden Extension Injection

A newly disclosed vulnerability allows threat actors to surreptitiously install arbitrary extensions on Chromium-based browsers within Windows domain environments, circumventing typical user alerts ...

Libraseva urges users to patch now as it issues emergency fix following attacks

Libraesva Email Security Gateway (ESG) has patched a medium-severity vulnerability apparently abused by state-sponsored ...
SecurityWeek

GitHub Boosting Security in Response to NPM Supply Chain Attacks

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...

New Supermicro BMC flaws can create persistent backdoors

Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to update systems with maliciously crafted images.
The Hacker News

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

BRICKSTORM was first documented by the tech giant last year in connection with the zero-day exploitation of Ivanti Connect ...

Google: Brickstorm malware used to steal U.S. orgs' data for over a year

Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the technology and legal sectors.