Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.
"Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and ResponseView the full article
The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the Indian government.
That's according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis.
"Their diverse toolset shows consistent coding patterns across malware families, particularly inView the full article
Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss.
TheView the full article
An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024.
The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It's said to be active since September 2017, when it targetedView the full article
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash.
"The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information," the DoJ said. "BidenCashView the full article
Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems.
The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability.
"AView the full article
Google has disclosed details of a financially motivated threat cluster that it said "specialises" in voice phishing (aka vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion.
The tech giant's threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align withView the full article
Threat hunters are calling attention to a new variant of a remote access ******* (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems.
According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments.
"Chaos RAT is an open-source RAT written inView the full article
Traditional data leakage prevention (DLP) tools aren't keeping pace with the realities of how modern businesses use SaaS applications.
Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networksView the full article
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.
The findings come from multiple reports published by Checkmarx,View the full article
Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution.
"These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass,View the full article
Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware.
The DomainTools Investigations (DTI) team said it identified "malicious multi-stage downloader Powershell scripts" hosted on lure websites that masquerade as Gitcode and DocuSign.
"View the full article
Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code.
The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case of post-authenticated remote code execution viaView the full article
In the wake of high-profile attacks on *** retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alone.
This coverage is extremely valuable for the cybersecurity community as it raisesView the full article
A growing number of malicious campaigns have leveraged a recently discovered Android banking ******* called Crocodilus to target users in Europe and South America.
The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim's contacts list.
"RecentView the full article
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year."
The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.
The update will affect all Transport Layer Security (TLS)View the full article
Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.
"By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at MicrosoftView the full article
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.
The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.
"Out of bounds read and write in V8 in GoogleView the full article
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies.
Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations andView the full article
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application.
A brief description of the three flaws is as follows -
CVE-2024-13915 (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone andView the full article
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.
The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below -
CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the GraphicsView the full article
If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late.
This is how attacks happen now—quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore—they’re struggling to trust what their systems are telling them.
The problem isn’t tooView the full article
The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it canView the full article
Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia.
"In what appears to be a multi-stage phishing operation, the attackersView the full article
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).
Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools likeView the full article
Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.
