Tag: emerging threats
3129 articles
Malicious Chrome Extensions Infiltrate Web Store, Compromise User Data
Malicious Chrome extensions, masquerading as harmless tools, have infiltrated the official Web Store, putting millions of users' data at risk by stealing sensitive tokens, planting backdoors, and running ad fraud. Over 100 of these rogue add-ons have been identified, highlighting a growing threat in a marketplace we thought was safe.
Microsoft Patch Tuesday Addresses 167 Vulnerabilities, Fixes 2 Zero-Day Flaws
Microsoft's April Patch Tuesday update is a doozy, tackling a whopping 167 vulnerabilities, including two zero-day flaws that demand immediate attention. The question is, can you afford to wait - or do you need to act fast to safeguard your organization?
Microsoft Bolsters Windows 11 Defenses with Latest Cumulative Updates
Microsoft just dropped two new cumulative updates, KB5083769 and KB5082052, for Windows 11, packing security fixes, bug solutions, and fresh features to keep your system safe and running smoothly. These updates cover various builds, including 25H2, 24H2, and 23H2, giving you more reasons to hit install and breathe easy.
McGraw-Hill Breach Exposes Internal Data After Salesforce Hack
McGraw-Hill recently confirmed a data breach after hackers exploited a Salesforce misconfiguration, exposing internal data and highlighting the risks of cloud security gaps. The breach followed an extortion threat, serving as a stark reminder of the importance of robust digital defenses.
Microsoft Fixes Zero-Days with Windows 10 Extended Security Update
Microsoft just dropped a critical Windows 10 update, KB5082200, that bundles essential fixes, including two zero-day vulnerabilities, ahead of the April 2026 Patch Tuesday cycle. This extended security update is a must-have for Windows 10 users, addressing urgent security gaps that need immediate attention.
PHP Composer Flaws Expose Code Execution Risk, Prompting Patches
Critical flaws in PHP Composer, a popular package manager, leave countless websites vulnerable to code execution attacks - but fortunately, patches have been released to swiftly mitigate this risk. If exploited, these high-severity vulnerabilities could allow hackers to execute arbitrary commands, putting entire systems at risk.
Goldman Sachs Bolsters Defenses with Anthropic's Mythos Model
Goldman Sachs is taking a proactive approach to harnessing AI's potential while safeguarding against risks, partnering with Anthropic and security vendors to deploy controls around powerful models like Mythos. CEO David Solomon emphasizes the bank's hyper-aware stance, balancing innovation with robust risk management to mitigate threats like accelerated cyberattacks.
Malicious Ledger Live App Drains $9.5M in Crypto from Apple Users
A malicious Ledger Live app on Apple's App Store siphoned off a staggering $9.5 million in cryptocurrency from 50 unsuspecting users in just a few days. This shocking incident raises serious concerns about app security and the safety of our digital assets.
AI-Driven Scam Exploits Google Discover with AI-Generated Pushpaganda
Beware of a cunning AI-driven scam that's invading Google Discover with fake news stories engineered to follow you around the web and beg for money. Cybersecurity researchers have uncovered this sinister scheme, which uses AI-generated content and search engine manipulation to deliver scareware and drain your wallet.
Venice Flood Defenses Breached by Hackers
Imagine a city's defenses against its greatest threat - water - being breached not by a natural disaster, but by an unknown cyber attacker. In a chilling turn of events, hackers have infiltrated Venice's hydraulic pump system, claiming they can wield the power to create floods at will.
Microsoft Expedites Reinstation for Suspended Windows Hardware Dev Accounts
Microsoft has introduced a fast-track process to help hardware developers regain access to their suspended Windows Hardware Program accounts, following an outpouring of complaints from developers who were unexpectedly locked out. This swift response aims to get developers back on track, quickly and easily.
Malicious Chrome Extensions Uncover Massive User Data Theft
Over 100 malicious Chrome extensions were secretly working together to steal user data, hijack online sessions, and inject ads into browsing experiences, all controlled by a single hidden command center. This massive data theft operation highlights the alarming risks of unchecked access to our online lives.
Triad Nexus Evades Sanctions, Bolsters Global Fraud Network
Meet Triad Nexus, a cunning organized fraud operation that has not only evaded US sanctions but has actually expanded its global reach, now running scams worth a staggering $200 million. Despite efforts to choke off its activities, the group continues to thrive using clever tactics like infrastructure laundering and localized fraud.
Cybersecurity Chiefs Face Talent Exodus Amid Declining Job Satisfaction
With fewer than four in ten cybersecurity professionals planning to stay in their current roles, chief information security officers face a pressing dilemma: how to retain top talent in an industry plagued by declining job satisfaction. A recent IANS report reveals a stark reality, with only 34% of cybersecurity pros intending to remain in their positions over the next 12 months.
Iranian Operative Behind L.A. Metro Cyberattack
New intelligence suggests a pro-Iranian operative is behind the L.A. Metro cyberattack, shifting the focus from the disruption caused to the motivations and strategic intentions of the attacker. This development elevates the incident from a local service outage to a complex geopolitical issue.
Google Bolsters Pixel Security with Rust-Based DNS Parser Integration
Google is taking a significant step to supercharge Pixel device security by integrating a Rust-based DNS parser into the modem firmware of the Pixel 10, leveraging the power of memory-safe code to fortify its software stack. This strategic move underscores the company's commitment to bolstering device security from the ground up.
CISA Awaits Senate Confirmation of Director Plankey Amid Rising Cyber Threats
As cyber threats escalate and budget cuts loom, the Cybersecurity and Infrastructure Security Agency is in urgent need of a Senate-confirmed director - will Secretary Mullin help get the job done by urging the Senate to confirm Sean Plankey? Time is of the essence, with the nation's cyber security hanging in the balance.
Indian Navy Scales Back Ambitious Fleet Expansion Plan
The Indian Navy's ambitious plan to expand its fleet to 200 warships by 2027 has been scaled back to 170 vessels due to financial constraints, marking a 15% reduction in its naval aspirations. This adjustment reflects the harsh realities of balancing strategic ambitions with budgetary limitations.
Rheinmetall Forges Missile Alliance with Destinus to Bolster European Defence Industry
Rheinmetall and Destinus are joining forces to create a game-changing missile systems joint venture, set to supercharge Europe's defence industry with cutting-edge capabilities. This powerful alliance aims to strengthen the continent's industrial base, drive innovation, and safeguard strategic autonomy.
Zero Trust Fortifies Identity Security Against Credential Exploits
Stolen credentials are a hacker's dream come true, leading to easy privilege escalation and full network compromise - but what if you could lock down your identities and shut the door on these threats? An identity-first Zero Trust approach is the powerful solution you need to fortify your security.
Ransomware Gang 0APT Targets Rival Krybit with Exposure Threat
Ransomware gangs are turning on each other, and the gloves are off - 0APT has publicly threatened to expose individuals tied to rival gang Krybit, escalating their rivalry to a whole new level of personal and public. This shocking move reveals the cutthroat world of cybercrime, where even thieves don't always agree.
Quantum Security Faces Three Looming Realities
As World Quantum Day dawns, security leaders are facing a pressing question: what three looming realities will redefine how organizations safeguard their data, assets, and missions? The answer will be crucial in determining where they focus their attention, budget, and talent in the years to come.
Mirax RAT Exploits Meta Ads to Hijack 220,000 Devices
Meet Mirax RAT, a sneaky Android malware that's hijacked over 220,000 devices by exploiting Meta Ads, giving strangers full control over unsuspecting users' phones. This malicious code has rapidly spread to hundreds of thousands of social accounts, showcasing the alarming power of mainstream ad platforms in the wrong hands.
Vulnerabilities Surge as Velocity Gap Widens in AI-Driven Development
The alarming truth: while alert volume grew by 52% year-over-year, prioritized critical risks exploded by nearly 400% in just 90 days, leaving defenders scrambling to keep up with a tsunami of high-impact problems. A new dataset from OX Security reveals this velocity gap in AI-driven development, where the noise is rising - but it's the critical risks that should give defenders pause.