FIN7 targeted a large U.S. carmaker with phishing attacks | Law enforcement operation dismantled phishing-as-a-service platform LabHost | Previously unknown Kapeka backdoor linked to Russian Sandworm APT | Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available | Linux variant of Cerber ransomware targets Atlassian servers | Ivanti fixed two critical flaws in its Aval
![Stolen OAuth tokens used to download data from dozens of orgs, GitHub warns](https://cdn-ak-scissors.b.st-hatena.com/image/square/058f9cb7e391901ec2201241ae9a25a3968374e6/height=288;version=1;width=512/https%3A%2F%2Fi0.wp.com%2Fsecurityaffairs.com%2Fwp-content%2Fuploads%2F2015%2F03%2Fgithub-social-coding.jpg%3Ffit%3D959%252C625%26ssl%3D1)