Security News
A cross-tenant vulnerability in Amazon Web Services (AWS) could have allowed attackers to abuse AWS AppSync to gain access to resources in an organization's account.
Microsoft is warning organizations about the risks associated with the discontinued Boa web server after vulnerabilities affecting the software were apparently exploited by threat actors in an operation aimed at the energy sector.
Aurora, a multi-purpose botnet being advertised on underground forums since April, has been adopted by multiple cybercriminals over the past few months, cybersecurity firm Sekoia.io reports.
Researchers at industrial cybersecurity firm Nozomi Networks have discovered more than a dozen vulnerabilities in baseboard management controller (BMC) firmware.
The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).
Threat detection firm CloudSEK has identified thousands of applications leaking Algolia API keys, and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users.
