September 3, 2024 at 04:51AM Two Chrome browser updates, 128.0.6613.113/.114 and 128.0.6613.119/.120, addressed eight vulnerabilities last week. Four high-severity memory safety flaws, including issues in the V8 JavaScript engine, were resolved. The security patches also covered a heap buffer overflow in Skia. Google urges prompt updates, but no evidence of exploitation in the wild has … Read more
August 29, 2024 at 12:24PM Cybersecurity researchers discovered in-the-wild exploit campaigns using patched flaws in Apple Safari and Google Chrome to infect mobile users with malware, attributed to a Russian state-backed threat actor. The campaigns were observed between November 2023 and July 2024, featuring watering hole attacks on Mongolian government websites. N-day exploits were effectively … Read more
August 29, 2024 at 07:48AM Attackers are increasingly using new phishing toolkits, like adversary-in-the-middle (AitM), which lets them bypass traditional prevention controls. AitM phishing uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application, enabling attackers to steal live sessions. AitM toolkits employ reverse web proxies … Read more
August 27, 2024 at 02:27AM Google has disclosed an actively exploited security flaw in its Chrome browser, tracked as CVE-2024-7965, related to an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. The security researcher TheDog discovered the flaw and was awarded an $11,000 bug bounty. Users are advised to upgrade to Chrome version … Read more
August 16, 2024 at 05:27AM Cybersecurity researchers have discovered Banshee Stealer, a new malware targeting Apple macOS systems, being sold for $3,000 a month. It attacks various browsers, cryptocurrency wallets, and around 100 extensions, harvesting data and employing anti-detection measures. This follows the emergence of other macOS and Windows-based stealers, signaling the rise of platform-specific … Read more
August 10, 2024 at 11:21AM A widespread malware campaign installs rogue Google Chrome and Microsoft Edge extensions via a trojan distributed through fake websites. The malware, present since 2021, affects over 300,000 users and uses malvertising to trick users into downloading the trojan. The extensions hijack searches, intercept web requests, and execute various commands. From … Read more
August 9, 2024 at 01:46AM A security flaw affecting various web browsers on macOS and Linux, but not on Windows, has been identified. Dubbed the 0.0.0.0 Day by Oligo Security, it allows attackers to access local services. The browsers’ teams have committed to blocking access to 0.0.0.0. Chrome and WebKit have initiated changes, while Mozilla … Read more
August 8, 2024 at 01:57PM Open source security firm Oligo Security discovered a vulnerability called “0.0.0.0 Day” that allows attackers to remotely execute code on various web browsers, putting users at risk for data theft and other malicious activities. This flaw exploits the 0.0.0.0 IP address and bypasses browser security to interact with services within … Read more
August 8, 2024 at 10:15AM Cybersecurity researchers have found a critical “0.0.0.0 Day” vulnerability impacting major web browsers, potentially allowing malicious actors to access local network services. The flaw arises from inconsistent security mechanisms and affects Google Chrome/Chromium, Mozilla Firefox, and Apple Safari on MacOS and Linux. Web browsers are expected to block access to … Read more
August 5, 2024 at 01:24AM Evasive Panda, a sophisticated China-linked cyber espionage group, compromised an ISP to push malware updates to target companies, displaying high levels of skill. The threat actor has been active since 2012, using various malware, including a macOS strain called MACMA. The group has targeted organizations through supply chain attacks, DNS … Read more