Tag: web security
6 articles

Polyfill Compromise Targets Major Websites with Rogue Login Prompts
Major websites, including Toshiba and Muji, have been compromised by a rogue login prompt scam through polyfill.io, tricking visitors into entering sensitive information. If you encountered the fake sign-in screen, be sure to cancel and change your password to protect your account.

Google Chrome Bolsters Defenses with Cookie Theft Protection Rollout
Google's new Cookie Theft Protection is a game-changer, tying session cookies to device hardware to prevent hackers from using stolen cookies to access your accounts. This cutting-edge tech binds user sessions to a machine's security chip, making it virtually impossible for thieves to get in.

Shadow AI Exposes 2,000 Vibe-Coded Apps with Sensitive Data
A shocking discovery by Red Access revealed over 2,000 apps with sensitive corporate, operational, or personal data exposed online, leaving countless organizations vulnerable to risk. These apps, found on popular vibe-coding platforms, were often deployed without basic security controls, granting open access to sensitive information.

cPanel Vulnerability Exposes Millions of Domains to Root Access Attacks
A critical cPanel vulnerability, rated 9.8 under CVSS, has been discovered, allowing attackers to craft a simple sequence of requests to bypass authentication and gain root access to servers, putting millions of domains at risk. Emergency patches are available to fix this gaping security flaw.

Google Chrome Fails to Thwart Browser Fingerprinting
If a browser claims to be safe but fails to block one of the easiest ways for advertisers to track you online, can it really be considered safe? Google Chrome, despite its reputation for security, surprisingly leaves users vulnerable to browser fingerprinting, a pervasive tracking method that can uniquely identify and follow you around the web.

Malicious Chrome Extensions Infiltrate Web Store, Compromise User Data
Malicious Chrome extensions, masquerading as harmless tools, have infiltrated the official Web Store, putting millions of users' data at risk by stealing sensitive tokens, planting backdoors, and running ad fraud. Over 100 of these rogue add-ons have been identified, highlighting a growing threat in a marketplace we thought was safe.