browser
-
New Starkiller Phishing Framework Uses Real Login Pages to Bypass MFA Security
A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker…
Read More » -
Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks
Google Chrome’s Secure Web and Networking Team has announced a new effort to protect HTTPS traffic from upcoming quantum‑computing attacks.…
Read More » -
AuraStealer Infostealer Targeting Users with 48 C2 Domains in Ongoing Campaigns
Threat actors are actively deploying a new infostealer dubbed “AuraStealer,” backed by a growing customer base, 48 identified command‑and‑control (C2)…
Read More » -
Beware of Malicious Scripts in Weaponized PDF Purchase Orders
A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate…
Read More » -
SantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet Data
Cybersecurity researchers at Rapid7 Labs have discovered a new and sophisticated threat: SantaStealer, a malware-as-a-service information stealer that is being…
Read More » -
Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users
Apple has recently released critical security patches to address two zero-day vulnerabilities that are being actively exploited on iPhone and…
Read More » -
High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking
A critical stored cross-site scripting (XSS) vulnerability has been discovered in Ivanti Endpoint Manager (EPM), allowing unauthenticated attackers to hijack…
Read More » -
Hackers Exploit Multiple Ad Networks to Distribute Triada Malware to Android Users
Adex, a leading anti-fraud and traffic-quality platform under AdTech Holding, has successfully identified and neutralized a complex, multi-year malware operation…
Read More » -
DevilsTongue Spyware Targets Windows Users Across Multiple Countries
Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing…
Read More » -
Microsoft Blocks External Scripts in Entra ID Logins to Boost Security
Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from…
Read More » -
Advanced Features Bypass AI Detection and Steal Password Manager Data
The Python-based information-stealing tool Xillen Stealer has reached versions 4 and 5, significantly expanding its targeting capabilities and functionality across…
Read More » -
How Spam Filters Can Steal Your Email Logins in an Instant
Cybercriminals have launched a sophisticated phishing campaign that exploits trust in internal security systems by spoofing email delivery notifications to…
Read More » -
AI-Powered Cyber Threats Rise: Attackers Target Manufacturing Sector
A comprehensive new report reveals that manufacturing organizations are grappling with a dual challenge: rapidly adopting generative AI technologies while…
Read More » -
AI Browsers That Beat Paywalls by Imitating Humans
The emergence of AI-powered browsers represents a significant shift in how artificial intelligence interacts with web content. However, it has…
Read More » -
Tactics Targeting M365 and Gmail
The Tycoon 2FA phishing kit represents one of the most sophisticated threats targeting enterprise environments today. This Phishing-as-a-Service (PhaaS) platform,…
Read More »