Viewing the profile for Ax Sharma

DoorDash hit by new data breach in October exposing user information

DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia, and New Zealand, started emailing those impacted by the newly discovered security incident.

• Ax Sharma
• November 13, 2025
• 11:38 PM

Security firms dispute credit for overlapping CVE reports

FuzzingLabs has accused the YCombinator-backed startup, Gecko Security, of replicating its vulnerability disclosures. Gecko allegedly filed for 2 CVEs based on FuzzingLabs’ reports without crediting them. Gecko denies any wrongdoing, calling the allegations a misunderstanding over disclosure process.

• Ax Sharma
• October 14, 2025
• 10:52 AM

ParkMobile pays… $1 each for 2021 data breach that hit 22 million

ParkMobile has finally wrapped up a class action lawsuit over the platform’s 2021 data breach that hit 22 million users. But there’s a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it comes with an expiration date.

• Ax Sharma
• October 05, 2025
• 08:16 AM

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package ‘fezbox’ employs QR codes to hide a second-stage payload to steal cookies from a user’s web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine.

• Ax Sharma
• September 23, 2025
• 06:42 AM

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike’s npm namespace.

• Ax Sharma
• September 16, 2025
• 12:46 PM

Booking.com phishing campaign uses sneaky ‘ん’ character to trick you

Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of the Japanese hiragana character, ん, which can, on some systems, appear as a forward slash and make a phishing URL appear realistic to a person at first.

• Ax Sharma
• August 14, 2025
• 10:23 AM

National Bank of Canada online systems down due to ‘technical issue’

National Bank of Canada (Banque Nationale du Canada), the sixth largest commercial bank of Canada is currently experiencing a widespread service outage affecting its online banking and mobile app platforms.

• Ax Sharma
• August 06, 2025
• 09:19 AM

npm ‘accidentally’ removes Stylus package, breaks builds and pipelines

npm has taken down all versions of the Stylus library and replaced them with a “security holding” page, breaking pipelines and builds worldwide that rely on the package.

• Ax Sharma
• July 23, 2025
• 09:21 AM

Popular npm linter packages hijacked via phishing to drop malware

Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft.

• Ax Sharma
• July 19, 2025
• 08:51 AM

Instagram ads mimicking BMO, EQ Bank are finance scams

Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud.

Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages.

• Ax Sharma
• June 17, 2025
• 12:52 PM

Jira Down: Atlassian users experiencing degraded performance

Atlassian users are experiencing degraded performance amid an ‘active incident’ affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products.

• Ax Sharma
• April 16, 2025
• 10:38 AM

Now BlueSky hit with crypto scams as it crosses 20 million users

As users are flocking to BlueSky from social media platforms like X/Twitter, so are threat actors. BleepingComputer has spotted cryptocurrency scams popping up on BlueSky just as the decentralized microblogging service surpassed 20 million users this week.

• Ax Sharma
• November 21, 2024
• 05:28 AM

Amazon and Audible flooded with ‘forex trading’ and warez listings

Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious “forex trading” sites, Telegram channels, and suspicious links claiming to offer pirated software.

• Ax Sharma
• November 20, 2024
• 08:47 AM

Spotify abused to promote pirated software and game cheats

Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and “warez” sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO for their dubious online properties appearing in Google.

• Ax Sharma
• November 19, 2024
• 05:34 AM

GitHub projects targeted with malicious commits to frame researcher

GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker’s true intentions.

• Ax Sharma
• November 16, 2024
• 10:30 AM