Aggregator

Wiz Research has exposed that CodeBreach originated from unanchored regular expression patterns in CodeBuild webhook filters for the ACTOR_ID parameter, which should restrict builds to trusted GitHub user IDs. Without ^ and $ anchors, the filter matched any user ID containing an approved substring, allowing bypass via “eclipse” events where new, longer GitHub IDs incorporate […]

The post New AWS Console Supply Chain Attack Allows Hijack of AWS GitHub Repositories appeared first on Cyber Security News.

Fraud has become a routine part of gig work for many earners, and the ways workers respond are creating new security problems for platforms. A recent TransUnion study of U.S. gig workers shows broad exposure to fraud, inconsistent reporting, and growing participation in prohibited practices such as account renting and selling. Fraud is a common part of gig work 34% of those surveyed said they had been defrauded by a consumer while working on a … More →

The post Who’s on the other end? Rented accounts are stress-testing trust in gig platforms appeared first on Help Net Security.

Here’s a look at the most interesting products from the past week, featuring releases from Acronis, JumpCloud, Noction, and SpyCloud. Acronis Archival Storage brings compliance-ready, S3-compatible cold storage to MSPs Acronis announced the launch of Acronis Archival Storage, a long-term, compliant, and cost-efficient data storage and protection solution designed for Managed Service Providers (MSPs) and their small-to-medium business (SMBs) customers. With Acronis Archival Storage, users can retain large amounts of data securely, affordably, and with … More →

The post New infosec products of the week: January 16, 2026 appeared first on Help Net Security.

You must login to view this content

Conquest is a feature-rich, extensible and malleable command & control/post-exploitation framework developed for penetration testing and adversary simulation. Conquest’s

The post The Nim Shadow: Conquest C2 Redefines Stealth for 2026 Red Teams appeared first on Penetration Testing Tools.

This week marked the definitive conclusion of an era as Microsoft formally terminated support for Windows Server 2008,

The post The Final Sunset: Microsoft Kills Windows Server 2008 and Legacy Modem Drivers appeared first on Penetration Testing Tools.

North Korea continues to amass billions of dollars through a sophisticated synthesis of cybercrime and fraudulent remote employment,

The post The Ghost in the Machine: UN Exposes North Korea’s $2B Deepfake IT Scam appeared first on Penetration Testing Tools.

Microsoft has formally proclaimed the neutralization of RedVDS, a nefarious platform that, since 2019, provided cyber adversaries with

The post Dismantling the Phish-Factory: Microsoft Seizes RedVDS Cybercrime Network appeared first on Penetration Testing Tools.

The Node.js development team has disseminated critical security updates to mitigate a high-severity vulnerability capable of precipitating a

The post The Crash Code: Node.js Issues Critical Fix for Framework-Breaking DoS Flaw appeared first on Penetration Testing Tools.