Club Penguin Fans Hack Disney Server, Steal 2.5GB of Corporate Data
A group of Club Penguin fans hacked into a Disney Confluence server, intending to access information about the defunct online game, but instead made off with 2.5GB of internal corporate data. The stolen data includes documents on Disney's corporate strategies, advertising plans, Disney+, internal developer tools, business projects, and internal infrastructure, some of which dates back to 2022. The breach was reportedly carried out using previously exposed credentials, and the data was shared on Discord and 4Chan message boards. Disney has yet to comment on the incident.
Microsoft Makes Changes to Controversial Screenshot Feature After Privacy Concerns
Microsoft has announced changes to its "Recall" feature, a screenshot tool announced for its new AI-powered PCs, after privacy concerns were raised. The feature, which captures and stores screenshots of desktop activity, will now be opt-in instead of default, and users will need to use Windows' "Hello" authentication process to enable it. The changes come after critics warned that hackers could misuse the tool and its saved screenshots. The UK's data watchdog, the Information Commissioner's Office (ICO), had also expressed concerns about the feature. Microsoft's updates will be implemented before the launch of Copilot+ PCs on June 18.
Critical PHP Vulnerability Exploited in the Wild
A critical vulnerability in PHP (CVE-2024-4577) has been discovered, allowing attackers to execute malicious code on Windows devices. The bug is easily exploitable and has been observed being exploited in the wild, with proof-of-concept code available. The vulnerability affects PHP versions 8.3-5 and is caused by errors in Unicode character conversion. Patching is recommended immediately, especially for servers using PHP in CGI mode. Mitigation measures, such as rewrite rules, are available for unsupported versions. XAMPP for Windows is vulnerable by default, but disabling PHP CGI can temporarily mitigate the issue.
New York Times Investigates Source Code Leak
The New York Times is investigating a leak of its source code, which was posted on 4chan. The leak includes 270 GB of data, reportedly containing 5,000 repositories and 3.6 million files, including code for games like Wordle. The exposed data also allegedly includes user information, authentication URLs, API tokens, and secret keys. The Times confirmed the breach occurred in January 2024 due to a exposed credential on a cloud-based platform, but stated that there is no evidence of unauthorized access to their systems or impact on operations. The incident is under investigation.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
New Heights with Jason & Travis Kelce
Football’s funniest family duo — Jason Kelce of the Philadelphia Eagles and Travis Kelce of the Kansas City Chiefs — team up to provide next-level access to life in the league as it unfolds. The two brothers and Super Bowl champions drop weekly insights about the weekly slate of games and share their INSIDE perspectives on trending NFL news and sports headlines. They also endlessly rag on each other as brothers do, chat the latest in pop culture and welcome some very popular and well-known friends to chat with them. Check out new episodes every Wednesday. Follow New Heights on the Wondery App, YouTube or wherever you get your podcasts. You can listen to new episodes early and ad-free, and get exclusive content on Wondery+. Join Wondery+ in the Wondery App, Apple Podcasts or Spotify. And join our new membership for a unique fan experience by going to the New Heights YouTube channel now!
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.