North Korea’s fake IT worker scam hauled in at least $88 million over six years

December 12, 2024 at 07:35PM North Korean scammers have reportedly earned $88 million over six years by posing as IT workers in remote jobs. The U.S. Department of Justice identified two companies employing these operatives, revealing a network that included fraudulent identities and extortion. A $5 million reward has been offered for disrupting these activities. … Read more

‘Almost every Apple device’ vulnerable to CocoaPods supply chain attack

July 2, 2024 at 03:39AM CocoaPods, a widely used open-source dependency manager for Swift and Objective-C apps, was found to have left thousands of packages exposed to takeover for nearly a decade. Security researchers from EVA Information Security identified multiple vulnerabilities, including supply chain attack opportunities, and potential remote code execution. The CocoaPods team has … Read more

Trello API abused to link email addresses to 15 million accounts

January 23, 2024 at 04:37PM An exposed Trello API allowed the creation of millions of data profiles, linking public and private information. A threat actor attempted to sell the data of 15,115,516 Trello members containing emails, usernames, and full names. The leaked email addresses were accessed through a publicly exposed API, elevating the severity of … Read more