Web Application
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. The attack leverages Progressive Web App (PWA) features and social engineering to deceive users into believing they are interacting with a legitimate Google […]
Hackers exploit security testing apps to breach Fortune 500 firms
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. An investigation from automated penetration testing company Pentera found evidence that hackers are leveraging this attack vector to compromise systems and […]
American Archive of Public Broadcasting fixes bug exposing restricted media
A vulnerability in the American Archive of Public Broadcasting’s website allowed downloading of protected and private media for years, with the flaw quietly patched this month. GeekFeed was tipped about the flaw by a cybersecurity researcher who asked to remain anonymous, stating that the flaw has been exploited since at least 2021, even after the researcher […]