Bleeping Computer

Telegram fixes Windows app zero-day used to launch Python scripts

Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts. Over the past few days, rumors have ...
腾讯网

开源供应链攻击持续发酵,多个软件包仓库惊现恶意组件

近期在npm、Python和Ruby软件包仓库中相继发现多组恶意组件,这些组件能够清空加密货币钱包资金、安装后删除整个代码库并窃取Telegram API令牌,再次印证了开源生态系统中潜伏的多样化供应链威胁。 多平台恶意组件集中曝光 Checkmarx、ReversingLabs、Safety和Socket等 ...
ZDNet

Telegram zero-day let hackers spread backdoor and cryptocurrency-mining malware

A zero-day vulnerability in Telegram Messenger allowed attackers to spread a new form of malware with abilities ranging from creating a backdoor trojan to mining cryptocurrency. The attacks take ...
CSOonline

Supply chain attack hits RubyGems to steal Telegram API data

Threat actor exploits Fastlane plugin trust to redirect Telegram traffic via C2 server after Vietnam’s ban, targeting mobile app CI/CD pipelines. An ongoing supply chain attack is targeting the ...
Dark Reading

Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data

Attackers are exploiting a popular code package for the Ruby programming language in a supply chain attack aimed at stealing sensitive data from Telegram chats. The attack demonstrates how threat ...
TechRadar

A simple trick lets you turn Telegram into a free unlimited cloud storage service

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. In addition to offering unlimited file sharing and encryption, Telegram also has an API that ...