As per the sources, on February 5, 2023, Reddit, an American social news aggregation and discussion platform, suffers a cyberattack that allowed hackers to access internal business systems and steal internal documents and source code. As per Reddit, hackers targeted the employees with a phishing landing page impersonating its intranet website via a phishing lure, and the phishing site attempted to steal employee credentials and tokens for two-factor authentication. Further, when one of the employees fell victim to the phishing attack and the threat actor was successful in obtaining the credentials, they breached internal Reddit systems and accessed some internal documents, code, dashboards, and business systems. However, as of now, their primary production systems show no indication of a security breach. Moreover, Reddit became aware of the breach after the employee self-reported the incident to the company's security team. According to Reddit, the stolen data includes limited contact information for current and former employees, company contacts, as well as the details of the company's advertisers, but credit card information, passwords, and ad performance were not accessed. Also, Reddit says it does not appear that the threat actors breached the website's production systems.
Progress Software has issued an urgent security advisory instructing customers using ShareFile Storage Zone Controllers on Windows servers to immediately shut down their systems fo...
A China-linked cybercrime group known as Silver Fox has been linked to a newly discovered Rust-based remote access trojan (RAT) called MODBEACON, according to Chinese cybersecurity...
Zimbra has warned customers to immediately patch a critical security vulnerability affecting its Classic Web Client. The flaw is a stored cross-site scripting (XSS) vulnerability t...