Pi-hole discloses data breach via GiveWp WordPress plugin flaw
Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin.
AI-powered Cursor IDE vulnerable to prompt-injection attacks
A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges.
Jurassic Park & Identity and Access Management | CSA
The chaos in Jurassic Park stemmed from human failings, not dinosaur ones. Similarly, in cybersecurity, systems must be resilient against internal threats.
Employee Engagement with Vendor Email Compromise | CSA
New research reveals that employees engage with 44% of read vendor email compromise attacks. See which industries and roles are most vulnerable to this threat.
Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems
Spying on People Through Airportr Luggage Delivery Service - Schneier on Security
Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage. Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US...
Pwn2Own hacking contest pays $1 million for WhatsApp exploit
The Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest.