Threat Post

Vulnerabilities Leave iTunes, App Store Open to Script Injection

Researchers say iTunes and Apple’s App Store suffer from a persistent input validation and mail encoding web vulnerability. If exploited, it could allow an attacker to inject their own malicious ...
Searchenginejournal.com

Google Tag Manager Contains Hidden Data Leaks & Vulnerabilities

Researchers uncover data leaks in Google Tag Manager (GTM) as well as security vulnerabilities, arbitrary script injections and instances of consent for data collection enabled by default. A legal ...
Infosecurity-magazine.com

Compromised AI Library Delivers Cryptocurrency Miner via PyPI

A compromised version of the popular ultralytics AI library has been found to deliver a cryptocurrency mining payload. ReversingLabs researchers traced the issue to a breach of the library’s build ...
heise online

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary advises an immediate update. An attacker uploaded a manipulated version 0.23.3 ...