Author: Admin
December 30, 2025Hacker newsBrowser Security / GenAI Security The news made headlines last weekend a broad attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, more than 25 extensions with an installed base of more than two million users have been found to be compromised, and customers are currently working to determine their impact (LayerX, one of the companies involved in protection against malicious extensions, offers a free service to audit and remediate the exposure of organizations – click to register here). While this is not the first attack targeting browser extensions, the…
December 29, 2025Ravi LakshmananEndpoint Protection / Browser Security The new attack campaign targeted popular Chrome browser extensions, leading to the hacking of at least 16 extensions and exposing more than 600,000 users to data exposure and credential theft. The attack targeted browser extension publishers in the Chrome Web Store via a phishing campaign and used their access rights to inject malicious code into legitimate extensions to steal users’ cookies and access tokens. Cybersecurity firm Cyberhaven was the first company exposed. December 27 Cyberhaven opened that the threat actor compromised his browser extension and injected malicious code to communicate with an…
December 28, 2024Ravi LakshmananVulnerability / Threat Intelligence According to new VulnCheck findings, a high-severity flaw affecting select Four-Faith routers is being exploited in the wild. Vulnerability, tracked as CVE-2024-12856 (CVSS Score: 7.2), has been described as an operating system (OS) command implementation bug affecting router models F3x24 and F3x36. The vulnerability is less severe because it only works if a remote attacker can successfully authenticate. However, if the default credentials associated with the routers have not been changed, this may result in unauthenticated OS commands. In the attack detailed by VulnCheck, unknown threat actors were found to use default router…
December 27, 2024Ravi LakshmananCryptocurrency / Cyber Espionage The North Korean threat actors behind the ongoing Contagious Interview campaign have been spotted releasing a new JavaScript malware called OtterCookie. Contagious interview (aka Deceptive development) refers to an ongoing attack campaign that uses social engineering lures, with a hacking team often posing as recruiters to trick potential job seekers into downloading malware under the guise of an interview process. This involves spreading malware programs for video conferencing or Packages npm either hosted on GitHub or in the official package registry, opening the way for malware such as BeaverTail and InvisibleFerret to be…
December 27, 2024Ravi LakshmananCyber attack / data theft A threat actor known as Cloud atlas a previously undocumented malware called VBCloud was seen being used in cyberattack campaigns targeting “several dozen users” in 2024. “Victims are infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malicious code,” Kaspersky researcher Oleg Kupreev said in an analysis published this week. More than 80% of the objects were located in Russia. A smaller number of victims was reported from Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey and Vietnam. Cloud Atlas is also…
December 27, 2024Ravi LakshmananBotnet / DDoS attack Cybersecurity researchers are warning of a surge in malicious activity involving vulnerable D-Link routers in two different botnets, Mirai variant named FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. “These botnets are often propagated through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via the GetDeviceSettings action in the HNAP (Home Network Administration Protocol) interface,” Vincent Lee, researcher at Fortinet FortiGuard Labs. said in Thursday’s analysis. “This HNAP flaw was first discovered nearly a decade ago when numerous devices were affected by various CVE numbers, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056and…
December 27, 2024Ravi LakshmananFirewall Security / Vulnerability Palo Alto Networks has disclosed a high-severity vulnerability that affects the PAN-OS software and could cause a Denial of Service (DoS) condition on sensitive devices. The vulnerability, tracked as CVE-2024-3393 (CVSS score: 8.7), affects PAN-OS versions 10.X and 11.X, as well as Prisma Access with PAN-OS versions. It was addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later versions of PAN-OS. “A denial-of-service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of…
December 27, 2024Ravi LakshmananSoftware Vulnerability / Security The Apache Software Foundation (ASF) has released patches to address a maximum-level vulnerability in the MINA A Java network application framework that can lead to remote code execution under certain conditions. Tracked as CVE-2024-52046the vulnerability has a CVSS score of 10.0. This affects versions 2.0.X, 2.1.X, and 2.2.X. “The ObjectSerializationDecoder in Apache MINA uses Java’s own deserialization protocol to handle incoming serialized data, but it lacks the necessary security checks and safeguards,” project staff said in a recommendation published on December 25, 2024. “This vulnerability allows attackers to exploit the deserialization process by…
December 26, 2024Ravi LakshmananCybercrime / Ransomware A Brazilian national has been indicted in the United States for allegedly threatening to release data stolen in a March 2020 hack of a company’s network. Junior Barros de OliveiraA 29-year-old man from Curitiba, Brazil, was charged with four counts of extortion threats related to information obtained from protected computers and four counts of threatening communications, US Department of Justice (DoJ) said in an unsealed indictment earlier this week. The computers of the named victim, a Brazilian subsidiary of a New Jersey company, were hacked by the defendant, who then used the access to…
December 25, 2024Ravi LakshmananSecurity / Server Vulnerability The Apache Software Foundation (ASF) has provided security updates to address a critical security flaw in the Traffic Management System that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in a database. SQL injection vulnerability, tracked as CVE-2024-45387rated 9.9 out of 10.0 on the CVSS rating system. “Traffic Ops SQL Injection Vulnerability in Apache Traffic Control = 8.0.0 allows a privileged user with the “admin”, “federation”, “operations”, “portal” or “management” roles to execute arbitrary SQL against the database by sending a specially crafted PUT request,” project…