A wave of fake email Twitter invitations carry a mass-mailing worm, Symantec researchers said Thursday. The invitations look like they've come from a Twitter account, except the URL that would ordinarily be part of the standard text is missing. What is included is an attachment named “Invitation Card.zip.” Clicking it installs a mass-mailing worm that gathers email addresses from the compromised computer and spreads via removable drives. — CAM
Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022
Despite multiple high-impact vulnerabilities and repeated warnings from Microsoft, government agencies and news media, there are likely hundreds of thousands of internet-connected servers (at least) running older, exposed versions of Exchange today.
Artificial intelligence poses a pretty scary threat to information security overall, but application-security testers should find AI to be extremely useful for finding flaws and weeding out false positives.