Web browsers and vulnerabilities

Stay safe online - 2022-12-09

ScarCruft hackers exploit 0-day in Internet Explorer to target South Koreans

Cybercriminals exploit the known Zero-day vulnerability in Internet Explorer. More
News Web browsers and vulnerabilities   December 08, 2022  

“Dormant Colors” malvertising campaign hijacked browsers of 1M users

Malicious extensions are used to insert affiliate links and hijack searches. More
News Web browsers and vulnerabilities   October 25, 2022  

Microsoft warns about new attacks using Exchange vulnerabilities

Microsoft had to confirm two new zero-day flaws used in active attacks. More
News Web browsers and vulnerabilities   September 30, 2022  

Steam accounts get stolen using the Browser-in-the-Browser phishing method

Hackers launch new attacks to steal Steam account credentials. More
News Web browsers and vulnerabilities   September 13, 2022  

Exploited Twitter vulnerability led to over 5 million account compromise

The vulnerability allows the attackers to link one's Twitter account by using an email or phone address. More
News Web browsers and vulnerabilities   August 08, 2022  

Microsoft pushes mac users to patch against macOS App Sandbox flaw

Microsoft reported the exploit code for a macOS vulnerability that can lead to attacks. More

HackerOne employee stole bug reports for selling them on the side

Employee stole reports from bug bounty platform to disclose them to customers and claim rewards. More

Amazon patched high-severity vulnerability in the Android Photos app

Android Photos App exploitable flaw silently fixed by Amazon. More

Sophos Firewall zero-day flaw was already exploited by hackers

Chinese hackers targeted South Asian Entity weeks before the Sophos zero-day bug got fixed. More

Microsoft Office 365 feature can be used by ransomware developers

Ransomware attacks can involve cloud files if attackers hijack the Office 365 accounts. More

A new side-channel attack Hertzbleed affects Intel and AMD CPUs

The new attack allows the remote attackers to steal full cryptographic keys. More

Zyxel issues patches for security flaws affecting APs and controllers

Zyxel addresses four security vulnerabilities affecting firewalls and AP products. More

VMware authentication bypass flaws in various products get patched

Customers are warned to immediately patch the critical vulnerabilities with critical severity scores. More

The logical flaw in the NPM registry enables to add anyone as maintainer

The bug allows attackers to distribute malware as legitimate bundles. More
News Web browsers and vulnerabilities   April 28, 2022  

CISA report: hackers exploit the Windows Print Spooler vulnerability

The security flaw in Windows Print Spooler that was patched in February is actively exploited in the wild. More
News Web browsers and vulnerabilities   April 20, 2022