36 matches found
Malicious code in load-nyc-config (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-5431 Malicious code in load-nyc-config (npm)
The package communicates with a domain associated with malicious activity...
holidayflowersnyc.com Cross Site Scripting vulnerability OBB-4040912
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in nyc-config (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83c7949463fd0e15f454229b42a3390cd388e5421cf90b12a13253be059b9792 Any computer that has this package install...
MAL-2025-2227 Malicious code in nyc-config (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83c7949463fd0e15f454229b42a3390cd388e5421cf90b12a13253be059b9792 Any computer that has this package install...
The FBI Still Hasn’t Cracked NYC Mayor Eric Adams’ Phone
Plus: Harvard students pack Meta’s smart glasses with privacy-invading face-recognition tech, Microsoft and the DOJ seize Russian hackers’ domains, and more...
Alleged ‘Maniac Murder Cult’ Leader Indicted Over Plot to Kill Jews
US prosecutors have charged Michail Chkhikvishvili, also known as “Commander Butcher,” with a litany of crimes, including alleged attempts to poison Jewish children in NYC...
The Mystery of AI Gunshot-Detection Accuracy Is Finally Unraveling
How accurate are gunshot detection systems, really? For years, it's been a secret, but new reports from San Jose and NYC show these systems have operated well below their advertised accuracy rates...
Internal Emails Reveal How a Controversial Gun-Detection AI System Found Its Way to NYC
NYC mayor Eric Adams wants to test Evolv’s gun-detection tech in subway stations—despite the company saying it’s not designed for that environment. Emails obtained by WIRED show how the company still found an in...
US Lawmaker Cited NYC Protests in a Defense of Warrantless Spying
A closed-door presentation for House lawmakers late last year portrayed American anti-war protesters as having possible ties to Hamas in an effort to kill privacy reforms to a major US spy program...
adnet-nyc.com Cross Site Scripting vulnerability OBB-3829764
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nycpodiatra.com Cross Site Scripting vulnerability OBB-3649060
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
newyorktrendnyc.com Cross Site Scripting vulnerability OBB-3279973
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Think Before You Share the Link: SaaS in the Real World
Collaboration sits at the essence of SaaS applications. The word, or some form of it, appears in the top two headlines on Google Workspace's homepage. It can be found six times on Microsoft 365's homepage, three times on Box, and once on Workday. Visit nearly any SaaS site, and odds are...
nyc-dentalign.com Cross Site Scripting vulnerability OBB-3218989
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nycmetrocardcalculator.com Cross Site Scripting vulnerability OBB-3086254
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nyccharterschools.org Cross Site Scripting vulnerability OBB-2699354
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
This Week in Spring - June 28th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Im writing this from the Big Apple, New York City! Im here for the SpringOne Tour 2022 NYC event. This is my first time back in New York City since before the pandemic and it has been so much fun. Ive been catching up with...
Rogue cryptocurrency billboards go phishing for wallets
Billboards and digital real world advertising has raised many questions of privacy and anonymity in recent years. Until now, the primary concern has been mostly legal, yet potentially objectionable geolocation and user profiling. Bluetooth beacons work in tandem with geofenced billboards to send...
A week in security (August 16 – August 22)
Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks. How to troubleshoot hardware problems that look like malware problems. Analysts “strongly believe” the Russian state colludes with ransomware gangs. macOS 11’s hidden security...