The Information Highway

The Information Highway

Bill Toulas
Bill Toulas is a technology writer and infosec news reporter with over a decade of experience working on various online publications. An open source advocate and Linux enthusiast, is currently finding pleasure in following hacks, malware campaigns, and data breach incidents, as well as by exploring the intricate ways through which tech is swiftly transforming our lives.
Bill Toulas

Hackers exploited Salesforce zero-day in Facebook phishing attack

salesforce

Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts.

Continue reading
0
Tags:
zero-day vulnerability Salesforce email services SMTP servers phishing campaign
  1044 Hits
0 Comments
Bill Toulas

Amazon's AWS SSM agent can be used as post-exploitation RAT malware

hacker-looking-at-screens

Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform's System Manager (SSM) agent as an undetectable Remote Access Trojan (RAT). 

Continue reading
0
Tags:
agent SSM System Manager Amazon Web Services post-exploitation technique
  992 Hits
0 Comments
Bill Toulas

Lazarus hackers linked to $60 million Alphapo cryptocurrency heist

cryptocurrency-assorted

Blockchain analysts blame the North Korean Lazarus hacking group for a recent attack on payment processing platform Alphapo where the attackers stole almost $60 million in crypto. 

Continue reading
0
Tags:
attackers payment processing platform Alphapo Lazarus North Blockchain analysts
  934 Hits
0 Comments
Bill Toulas

WordPress Ninja Forms plugin flaw lets hackers steal submitted data

ninja-b_20230728-001805_1

Popular WordPress form-building plugin Ninja Forms contains three vulnerabilities that could allow attackers to achieve privilege escalation and steal user data.

Continue reading
0
Tags:
Patchstack user data privilege escalation vulnerabilities Popular WordPress form-building plugin Ninja Forms
  1006 Hits
0 Comments
Bill Toulas

WordPress AIOS plugin used by 1M sites logged plaintext passwords

WordPress-headpi_20230716-190455_1

The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext passwords from user login attempts to the site's database, putting account security at risk. 

Continue reading
0
Tags:
All-In-One Security AIOS WordPress security plugin WordPress sites logging plaintext passwords
  978 Hits
0 Comments

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023