Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

Summary: This week’s cybersecurity insights highlight vulnerabilities in widely used systems like Chrome and Kubernetes, as well as emerging threats from phishing-as-a-service operations. The coverage includes data leaks, ransomware trends, and the importance of vigilance against common oversights that can lead to security breaches. Additionally, the impact of recent legal cases and developments in AI-driven cyber threats are discussed.

Affected: Google Chrome, Kubernetes Ingress NGINX Controller, various organizations targeted by ransomware and phishing operations

Keypoints :

• Google patched a high-severity exploit in Chrome, which had been actively exploited against Russian entities.
• Critical vulnerabilities in Kubernetes’ Ingress NGINX Controller allow unauthenticated remote code execution, posing severe risks.
• The BlackLock ransomware group’s data leak highlights their use of local file inclusion vulnerabilities for operational insights.
• New phishing operations like Morphing Meerkat are leveraging dynamic techniques to evade detection and capture credentials.
• 23andMe’s bankruptcy raises concerns about the potential sale of sensitive genetic data after a major data breach.