BROWSER Archives - Page 2 of 104 - Cybersecurity News Everyday

Vivaldi integrates Proton VPN into the browser to fight web tracking

Summary: Vivaldi has integrated Proton VPN directly into its browser, enhancing user privacy by masking IP addresses and encrypting browsing activity. This partnership aims to provide a European alternative to major tech companies’ data practices, ensuring users can browse without fear of surveillance. The integration is free, but users should note that it only protects browser traffic, not other network applications.…

Cyber Security News

SnapCenter Security Flaw Rated Critical—NetApp Urges Immediate Patch

March 27, 2025 CybersecurityNews

Summary: A critical security vulnerability (CVE-2025-26512) has been discovered in NetApp’s SnapCenter software, allowing authenticated users to escalate privileges and gain unauthorized administrative access. This flaw affects SnapCenter versions prior to 6.0.1P1 and 6.1P1, with a CVSS score of 9.9. While no public exploitation has been detected, organizations are urged to update to the latest versions to mitigate risks.…

Cyber Security News

Multiple CVEs Found in Ingress-NGINX—Patch Now to Prevent Cluster Compromise

March 27, 2025 CybersecurityNews

Summary: A set of vulnerabilities in Ingress-NGINX Controller for Kubernetes poses significant security risks, including unauthorized remote code execution and potential full cluster takeover for versions prior to 1.12.1 and 1.11.5. The Australian Cyber Security Centre has outlined specific vulnerabilities that could allow attackers to manipulate configurations and access sensitive credentials.…

Cyber Attack

634 Targets, 6 Million Records at Stake—Inside the UAE’s Cybersecurity Showdown

March 27, 2025 LeakNews

Summary: The UAE government successfully thwarted a major cyberattack aimed at 634 government and private entities, attributed to a hacker known as “rose87168.” The breach, potentially exposing around six million customer records, raises significant concerns about ongoing cyber threats to the UAE, highlighting the necessity for robust cybersecurity measures.…

Threat Research

Shifting the sands of RansomHub’s EDRKillShifter

March 27, 2025 ESET-welivesecurity

ESET researchers examine the ransomware landscape in 2024, highlighting the emergence of RansomHub, a prominent ransomware-as-a-service (RaaS) group linked to established gangs like Play, Medusa, and BianLian. The article discusses the rise of EDR killers, particularly EDRKillShifter, developed by RansomHub, and reflects on the shifting dynamics of ransomware payments and victim statistics.…

Threat Research

New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players

March 27, 2025 admin

A new phishing campaign targets Counter-Strike 2 players through complex browser-in-the-browser (BitB) phishing attacks using fake pop-up windows that impersonate legitimate sites. The campaign aims to steal Steam credentials, especially affecting fans of the esports team Navi, with potential resale of compromised accounts on various platforms.…

Defense Contractor Morse Corp Settles Cybersecurity Fraud Allegations for .6M

Cyber Security News

Defense Contractor Morse Corp Settles Cybersecurity Fraud Allegations for $4.6M

March 27, 2025 CybersecurityNews

Summary: Morse Corp Inc., a Massachusetts defense contractor, will pay .6 million to settle allegations of cybersecurity fraud after misrepresenting compliance with federal cybersecurity standards. The lawsuit was initiated by whistleblower Kevin Berich, with the U.S. Department of Justice supporting the case, revealing that the company failed to implement essential cybersecurity controls.…

Cyber Security News

RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment

March 26, 2025 CybersecurityNews

Summary: The Russian-speaking hacking group RedCurl has been identified for the first time as launching a ransomware campaign using a new strain named QWCrypt. Historically known for corporate espionage attacks, RedCurl’s latest activities include sophisticated social engineering tactics to deploy malware and encrypt virtual machines, severely disrupting their targets.…

Cyber Security News

Chrome Releases Critical Update to Address CVE-2025-2783 Vulnerability

March 26, 2025 CybersecurityNews

Summary: Google has released a critical security update for Chrome to address the high-severity vulnerability CVE-2025-2783 affecting the Windows version of the browser. The update, made available on March 25, 2025, fixes an issue within the Mojo component that could lead to potential system compromises. Users are advised to manually check for updates and exercise caution while browsing to avoid falling victim to exploits.…

Interesting Stuff

Next.js CVE-2025-29927: Tryhackme Writeup

March 26, 2025March 27, 2025 Infosecwriteups

A critical vulnerability identified as CVE-2025-29927 has been discovered in Next.js, a widely-used web framework. This flaw enables attackers to bypass middleware-based authorization, posing significant security risks for applications built on Next.js, including e-commerce sites and SaaS platforms. Developers are urged to upgrade to the latest versions to prevent unauthorized access.…

Cyber Attack

Abracadabra Cyberattack: How Hackers Drained $13M from DeFi Platform

March 26, 2025 LeakNews

Summary: Abracadabra, a decentralized finance (DeFi) platform, suffered a cyberattack resulting in the theft of nearly million in cryptocurrency from its gmCauldrons. The incident has raised concerns across the cryptocurrency market, particularly affecting entities relying on liquidity tokens from decentralized exchanges. Abracadabra is actively working to mitigate the impact and has even offered a bug bounty to the hacker for the return of the stolen funds.…

Cyber Attack

AI-Powered Productivity or Security Nightmare? The Risks of Enterprise AI

March 26, 2025 LeakNews

Summary: The integration of Generative AI (GenAI) in enterprise environments has surged, paving the way for significant security worries, particularly concerning the sharing of sensitive data. A recent report emphasizes the implications of “shadow AI,” where employees utilize personal accounts for GenAI applications, heightening the risk of data exfiltration.…

Cyber Security News

Google Fixed the First Actively Exploited Chrome Zero-Day Since the Start of the Year

March 26, 2025 Cyware

Summary: Google has issued urgent patches for a high-severity vulnerability (CVE-2025-2783) affecting its Chrome browser on Windows, which has been exploited in attacks, particularly against Russian organizations. The flaw is linked to Mojo, Google’s IPC library, and poses risks such as sandbox escapes and privilege escalation.…

Threat Research

Beyond the Scanner: How Phishers Outsmart Traditional Detection Mechanisms

March 26, 2025March 26, 2025 CloudSek

The article discusses the evolving tactics used by phishers to evade detection by traditional URL scanning techniques. It highlights various methods, including geo-fenced filtering, user-agent filtering, and parameter-based filtering, that cybercriminals use to keep their phishing attacks active. The CloudSEK XVigil platform plays a crucial role in detecting these sophisticated phishing attempts.…

Threat Research

SnakeKeylogger: A Multistage Info Stealer Malware Campaign

March 26, 2025 Seqrite

The SnakeKeylogger campaign illustrates a sophisticated credential-stealing threat targeting both individuals and businesses. Utilizing multi-stage infection techniques, it cleverly evades detection while harvesting sensitive data from various platforms. Attackers employ malicious spam emails containing disguised executable files to initiate the infection. Affected: Individuals, Businesses, Email Clients, Web Browsers, FTP Clients.…

Threat Research

Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads

March 26, 2025 K7computing

Kimsuky, a North Korean APT group, has been identified as engaging in sophisticated cyber espionage techniques targeting various nations, including South Korea, Japan, and the U.S. Their attack methods involve a series of malware payloads delivered via a ZIP file, leading to data exfiltration and sensitive information theft.…

Cyber Security News

Google fixes Chrome zero-day exploited in espionage campaign

March 26, 2025 BleepingComputer

Summary: Google has addressed a high-severity zero-day vulnerability, CVE-2025-2783, in Chrome that was being exploited to escape the browser’s sandbox for espionage attacks targeting Russian organizations. The flaw allows attackers to deploy sophisticated malware through phishing campaigns. The patch is being rolled out for users globally, with further details on the attacks yet to be fully disclosed by Google.…

Cyber Security News

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

March 26, 2025 CybersecurityNews

Summary: Google has released urgent fixes for a high-severity vulnerability in Chrome for Windows, known as CVE-2025-2783, which has been actively exploited to target organizations in Russia. The flaw involves an incorrect handle in Mojo, allowing attackers to bypass browser protections through phishing emails. This marks the first actively exploited Chrome zero-day of the year, with attacks linked to a sophisticated APT campaign called Operation ForumTroll.…

Cyber Attack

Malaysia Braces for Cyberattacks During Hari Raya: Cyber999 Issues Warning

March 26, 2025 LeakNews

Summary: A significant rise in cybersecurity incidents has been reported in Malaysia since early 2025, prompting Cyber999 to issue an advisory for heightened vigilance and preventive measures. The ongoing threats include ransomware, data breaches, and various scams, especially during the festive season. Key recommendations for system administrators, financial institutions, and home users are provided to mitigate these risks.…

Tag: BROWSER