Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SW-URL header in the MCP server. An attacker can access internal resources and potentially exfiltrate sensitive information by sending crafted requests that are processed by the server. Remediati...

World Leaks Claims Dell Data Breach, Leaks 1.3 TB of Files

Former Hunters International ransomware gang, now World Leaks, claims 1.3 TB Dell data breach, leaking over 400K files with internal tools and user data...

IntelBroker Hacker Claims Apple Breach, Steals Source Code for Internal Tools

Notorious hacker IntelBroker claims to have breached Apple, stealing source code for internal tools. Learn about the alleged breach and IntelBroker's history of targeting major companies and government entities...

Location Tracker Firm Tile Hit by Data Breach, Hackers Access Internal Tools

Millions of Tile users' data potentially exposed in a data breach. Hackers accessed internal tools, but no financial info or location data compromised. Be cautious of phishing attempts...

CVE-2023-29010

CVE-2023-29010 affects Budibase: versions prior to 2.4.3 are vulnerable to Server-Side Request Forgery (SSRF) that can lead to exposure of an AWS secret key. The advisory notes that Budibase cloud users need to take no action, while self-hosted deployments on public internet with metadata-accessi...

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the...

Facebook Blames Outage on Faulty Router Configuration

As of Monday night, Facebook had crawled back from what may have been its longest blackout ever and apologized for the mass outage that left billions of users locked out of Facebook, Instagram, WhatsApp, Messenger and Oculus VR for about six hours. \Sincere\ apologies to everyone impacted by...

Hackers used phone phishing on Twitter employee to access internal tools

By Waqas Twitter was hit by a phone spear-phishing attack on July 15th, 2020. This is a post from HackRead.com Read the original post: Hackers used phone phishing on Twitter employee to access internal tools...

Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time

Social media platform Twitter, earlier today on Wednesday, was on fire after it suffered one of the biggest cyberattacks in its history. A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple...

Sprint Exposed Customer Support Site to Web

Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company...