A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts – TechCrunch

A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise. The plugin, Social Network Tabs, was storing so-called account access tokens in the source code of the WordPress website. Anyone who viewed the source code could see the linked Twitter…

Fortnite Flaws Allowed Hackers to Takeover Gamers’ Accounts

Check Point researchers have discovered multiple security vulnerabilities in Fortnite, a massively popular online battle game, one of which could have allowed remote attackers to completely takeover player accounts just by tricking users into clicking an unsuspectable link. The reported Fortnite flaws include a SQL injection, cross-site scripting (XSS) bug, a web application firewall bypass…

US will reportedly seek criminal case against Huawei for stealing tech secrets – TechCrunch

According to a new report from The Wall Street Journal, U.S. federal prosecutors are preparing a criminal indictment against Huawei for stealing trade secrets. The report, which cites sources with knowledge of the indictment, specifically mentions Huawei’s actions surrounding a T-Mobile smartphone testing tool known as “Tappy.” The report notes that the current investigation is far…

Hackers infect e-commerce sites by compromising their advertising partner

Magecart strikes again, one of the most notorious hacking groups specializes in stealing credit card details from poorly-secured e-commerce websites. According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as “Magecart Group 12,” recently successfully compromised nearly 277 e-commerce websites by using supply-chain attacks. Magecart is the…