Microsoft has discovered that the TikTok Android app has been impacted by a high-severity vulnerability, tracked as CVE-2022-28799, which could allow quick and stealthy account takeovers through a specially crafted link, according to BleepingComputer.
"Attackers could have then accessed and modified users' TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users," said Microsoft 365 Defender Research Team's Dimitrios Valsamaras.
HackerOne has provided more insights into the flaw.
There has been no evidence indicating active exploitation of the vulnerability, which has already been patched with the release of TikTok version 23.7.3.
Hundreds of GitHub repositories have been targeted with fraudulent commits purportedly from GitHub's free automated dependency management tool Dependabot in a bid to facilitate malicious code injections and exfiltrate sensitive project data exfiltration, reports SecurityWeek.
OpenSea has confirmed being impacted by a third-party security breach, marking the third attack against the major non-fungible token marketplace following a third-party hack and phishing incident in June 2022 and February 2022, respectively, SiliconAngle reports.