confusion

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

Feb 14, 2025 by iHash Leave a Comment

Feb 14, 2025Ravie LakshmananVulnerability / DevOps Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of … [Read more...] about New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Apr 23, 2024 by iHash Leave a Comment

Apr 23, 2024NewsroomSupply Chain Attack / Application Security Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a … [Read more...] about Apache Cordova App Harness Targeted in Dependency Confusion Attack

Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’

Mar 21, 2024 by iHash Leave a Comment

Mar 21, 2024NewsroomSoftware Security / Open Source New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick … [Read more...] about Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’

Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack

Feb 22, 2025Ravie LakshmananFinancial Crime / Cryptocurrency Cryptocurrency exchange Bybit on Friday revealed that a “sophisticated” attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. “The incident occurred when our ETH multisig cold wallet […]

What to do if your WhatsApp is hacked: a step-by-step guide

Your messaging-app account might be of interest to more than just jealous spouses or nosy coworkers. Stolen WhatsApp accounts fuel large-scale criminal activity — ranging from spam distribution to complex scam schemes. That’s why cybercriminals are constantly on the lookout for WhatsApp accounts — using various methods to hijack them. Here are eight signs your […]

Will AI start taking cybersecurity jobs?

No, but it’s fundamentally changing them. Generative AI (GenAI) is quickly becoming an essential part of everyday security workflows. So … is it a partner or competitor? The wide-ranging implementation of GenAI technologies into virtually every aspect of the security stack has, on the whole, helped security teams work more efficiently to mitigate threats. GenAI […]

Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes

Feb 19, 2025Ravie LakshmananMobile Security / Cyber Espionage Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. “The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate ‘linked devices’ […]

Solving for Exponential Data Growth in Next-Gen SIEM

Do you ever feel overwhelmed by the number of data sources you manage with your SIEM? How do you piece together different pieces of the puzzle like SOAR, threat intelligence, and security tools for endpoint, cloud, or identity? Do you actually know which tools are strengthening your security posture, and which are just adding more […]

Major League Soccer kicks off 30th season this weekend on MLS Season Pass

February 18, 2025 UPDATE Major League Soccer kicks off 30th season this weekend on MLS Season Pass on Apple TV Major League Soccer kicks off its 30th season this Saturday on MLS Season Pass on Apple TV, with all 30 teams taking the pitch for MLS is Back weekend. Fans in more than 100 countries and regions can […]

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate. Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’