A recent use-after-free vulnerability in Google Chrome’s WebGPU standard was found by Cisco Talos. Cross-platform web browser Google Chrome is built on the open-source Chromium code, which is used by Google and other software companies to construct their own browsers.…
At a Glance: Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group. This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary’s typical focus…
Over 3,000,000 people downloaded a new Android malware family from the Google Play Store that discreetly subscribes users to premium services. Maxime Ingrao, an Evina security researcher, found the malware, known as “Autolycos,” in at least eight Android applications, of…
The hundreds of significant health data breaches disclosed to federal regulators so far this year are dominated by ransomware incidents and breaches involving commercial partners that affect millions of people. The patterns highlight a worrying weakness for the healthcare sector,…
The information-stealing malware known as ChromeLoader has undergone recent iterations, showing how quickly its feature set has changed. ChromeLoader was discovered in January 2022 and has been disseminated as ISO or DMG file downloads promoted using QR codes on Twitter…
The ‘Lilith’ ransomware campaign has only begun, and it has already placed its first victim on a data leak website designed to facilitate double-extortion attempts. For 64-bit versions of Windows, JAMESWT discovered Lilith, a C/C++ console-based ransomware. Lilith conducts double-extortions…
Organizations across all industries have noticed a dramatic shift in the threat landscape in recent years. All types of intrusions have expanded in quantity and frequency, but ransomware has evolved especially quickly. Ransomware was a relatively remote concern for most…
According to the World Economic Forum, human error is to blame for 95% of cybersecurity issues. What if someone warned you that the modest sum you spent on the newest cybersecurity solution would not be adequately safeguarding you? Yes, even…
Even if a user has activated multifactor authentication, a large-scale phishing campaign using adversary-in-the-middle (AiTM) phishing sites managed to steal passwords, take over a user’s sign-in session, and bypass the authentication procedure (MFA). The attackers then carried out subsequent business…
A total of 542 domains, among them, permit any IP address to send emails on their behalf. Sebastian Salla conducted an experiment around six months ago in which he attempted to identify Australian domains that were susceptible to IP takeover…
