1. Home
  2. Discover
  3. Technology
  4. The Hacker News

Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects

The Hacker News Daily Updates
Newsletter
cover

Top 5 ASM Use Cases Every Security Team Must Embrace Now

The attack surfaces of most organizations continue to expand due to the frantic rush to digital transformation.

Download Now Sponsored
LATEST NEWS Jan 10, 2023

Italian Users Warned of Malware Attack Targeting Sensitive Information

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines," Uptycs security researcher Karthickkumar Kathiresan said in a ...

Read More
Twitter Facebook LinkedIn

Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects

A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. "By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request," Palo Alto Networks Unit 42 researcher Artur ...

Read More
Twitter Facebook LinkedIn

Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report last week. Kinsing has a storied ...

Read More
Twitter Facebook LinkedIn

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks. "To better interact with users, a wide range of database applications employ AI techniques that can translate human questions into SQL queries (namely Text-to-SQL)," Xutan Peng, ...

Read More
Twitter Facebook LinkedIn

Why Do User Permissions Matter for SaaS Security?

Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp’s customers’ end users. Three months later, Mailchimp was hit with another attack. Once again, ...

Read More
Twitter Facebook LinkedIn

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as ...

Read More
Twitter Facebook LinkedIn

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles. The malicious code, as ...

Read More
Twitter Facebook LinkedIn

Top SaaS Cybersecurity Threats in 2023: Are You Ready?

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses Web applications are at the core of what SaaS companies do and how they operate, and they can store some ...

Read More
Twitter Facebook LinkedIn
cover

Top 5 ASM Use Cases Every Security Team Must Embrace Now

The attack surfaces of most organizations continue to expand due to the frantic rush to digital transformation.

Download Now Sponsored

This email was sent to you. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here.

Contact The Hacker News: info@thehackernews.com
Unsubscribe

The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

Key phrases

Top SaaS Cybersecurity Threats Uptycs security researcher Python Package Index remote code execution JSON web token successful phishing attempt severe security flaw highseverity security flaw Kinsing cryptojacking operation customers end users six malicious packages SQL Model Vulnerabilities malicious PyPI packages Kinsing Crypto Malware new malware campaign

Older messages

Beware: Hackers using these tactics to infect Macbooks with ransomware

Monday, January 9, 2023

The Hacker News Daily Updates Newsletter cover Protecting Every Edge to Make Hackers' Jobs Harder, Not Yours Brought to you by Fortinet Download Now Sponsored LATEST NEWS Jan 9, 2023 Why Do User

Beware: Hackers using these tactics to infect Macbooks with ransomware

Saturday, January 7, 2023

The Hacker News Daily Updates Newsletter cover Protecting Every Edge to Make Hackers' Jobs Harder, Not Yours Brought to you by Fortinet Download Now Sponsored LATEST NEWS Jan 7, 2023 Hackers Using

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach

Friday, January 6, 2023

The Hacker News Daily Updates Newsletter cover Psst...Secrets Security Tips for Apps and IaC January 11th at 1:00pm ET / 10:00am PT Download Now Sponsored LATEST NEWS Jan 6, 2023 Microsoft Reveals

Today's Cybersecurity Stories: SpyNote Spyware, CircleCI Breach, Fortinet and Zoho Flaws

Thursday, January 5, 2023

The Hacker News Daily Updates Newsletter cover Cybersecurity -- Attack and Defense Strategies - Third Edition ($5.00 Value) FREE for a Limited Time Cybersecurity -- Attack and Defense Strategies, Third

Zero Trust Access for Dummies

Wednesday, January 4, 2023

The Hacker News eBook Update Newsletter Zero Trust Access for Dummies. Never trust. Always verify. Download For Free Throughout this book, you will see special icons that call attention to important

You Might Also Like

SRE Weekly Issue #422

Monday, April 29, 2024

View on sreweekly.com A message from our sponsor, FireHydrant: FireHydrant is now AI-powered for faster, smarter incidents! Power up your incidents with auto-generated real-time summaries,

Quick question

Sunday, April 28, 2024

I want to learn how I can better serve you ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Kotlin Weekly #404 (NOT FOUND)

Sunday, April 28, 2024

ISSUE #404 28st of April 2024 Announcements Kotlin Multiplatform State of the Art Survey 2024 Help to shape and understand the Kotlin Multiplatform Ecosystem! It takes 4 minutes to fill this survey.

📲 Why Is It Called Bluetooth? — Check Out This AI Text to Song Generator

Sunday, April 28, 2024

Also: What to Know About Emulating Games on iPhone, and More! How-To Geek Logo April 28, 2024 📩 Get expert reviews, the hottest deals, how-to's, breaking news, and more delivered directly to your

Daily Coding Problem: Problem #1425 [Easy]

Sunday, April 28, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Microsoft. Suppose an arithmetic expression is given as a binary tree. Each leaf is an

PD#571 Software Design Principles I Learned the Hard Way

Sunday, April 28, 2024

If there's two sources of truth, one is probably wrong. And yes, please repeat yourself. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

When Procrastination is Productive & Ghost integrating with ActivityPub

Sunday, April 28, 2024

Automattic, Texts, and Beeper join forces to build world's best inbox, Reflect launches its iOS app, how to start small rituals, and a lot more in this week's issue of Creativerly. Creativerly

C#503 Building pipelines with System.Threading.Channels

Sunday, April 28, 2024

Concurrent programming challenges can be effectively addressed using channels ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

RD#453 Get your codebase ready for React 19

Sunday, April 28, 2024

Is your app ready for what's coming up in React 19's release ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

☁️ Azure Weekly #464 - 28th April 2024

Sunday, April 28, 2024

Azure Weekly Newsletter Issue #464 powered by endjin Welcome to issue 464 of the Azure Weekly Newsletter. In AI we have a good mix of high-level and deep-dive technical articles. Next-Gen Customer