Attackers exploit a Google OAuth flaw, recycling domains to access SaaS accounts and sensitive HR data.
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data.
Researchers at webscript security company c/side discovered during an incident response engagement for one of their clients that the malicious activity uses the wp3[.]xyz domain to exfiltrate data but have yet to determine the initial infection vector.
After compromising a target, a malicious script loaded from the wp3[.]xyz domain creates the rogue admin account wpx_admin with credentials available in the code.
A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms.
The security gap was discovered by Trufflesecurity researchers and reported to Google last year on September 30.
Google initially disregarded the finding as a “fraud and abuse” issue and not an Oauth or login issue. However, after Dylan Ayrey, CEO and co-founder of Trufflesecurity, presented the issue at Shmoocon last December, the tech giant awarded a $1337 bounty to the researchers and re-opened the ticket.
The company also called for federal regulations and billions of dollars in investments.
Meta CEO Mark Zuckerberg said that the company will likely release an AI model that acts as a “midlevel engineer” this year.
New research uncovers how neuropilin2 gene mutations disrupt brain balance, linking inhibitory neuron migration to autism and epilepsy. Study offers insights for targeted therapies.
Source: UCR
The gene neuropilin2 encodes a receptor involved in cell-cell interactions in the brain and plays a key role in regulating the development of neural circuits.
Neuropilin2 controls migration of inhibitory neurons as well as the formation and maintenance of synaptic connections in excitatory neurons — two crucial components of brain activity.
Imagine you could pause your life and wake up in the future.
A new groundbreaking facility could allow humans to freeze their bodies and potentially wake up in the future.
The company behind the project, TimeShift, describes itself as the world’s first AI-powered cryopreservation facility. It combines advanced AI technology with novel cryopreservation techniques.
Experimental model’s record-breaking performance on science and maths tests wows researchers.
AI models, like ChatGPT-4, can simulate human-like reasoning by solving theory of mind tasks. This breakthrough suggests AI’s potential for advanced social interactions but raises ethical concerns about trust and misuse.
