Amazon confirmed a data breach involving employee information due to a “security event” at a third-party property management vendor. The breach included work contact details but not sensitive information like Social Security or financial data. The culprit is said to be a prominent threat actor, who also claims responsibility for more widespread data breaches. The confirmation followed claims of Amazon employee data being published on hacking site BreachForums.
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for “LDAPNightmare” on GitHub lures users into downloading infostealer malware. The malicious repository project tricks users into infecting their systems
