Safari, Microsoft Edge, & DuckDuckGo Spoofing Flaws Impacting Millions of Users
RedSecLabs security researchers Rafay Baloch and Muhammad Samaak have uncovered address bar spoofing vulnerabilities in widely used mobile browsers such as Safari, Microsoft Edge, and DuckDuckGo. These vulnerabilities have a significant impact, affecting millions of users worldwide. The Severity of Address Bar
Chrome Introduced Shared Memory Versioning to Enhance Browser Performance
Google Chrome recently implemented Shared Memory Versioning, improving its speed through more effective cookie handling. This upgrade improves Chrome and other Chromium-powered browsers like Microsoft Edge and Vivaldi. Resource contention arises as more people rely on the Internet to do their daily
Kiosk Mode Bypass Flaw On Hotel Check-in Terminal Leaks Guests Personal Data
A new vulnerability has been discovered in Ariane Allegro Scenario Player in a Kiosk mode that could allow threat actors to bypass the Kiosk mode and access the underlying Windows Desktop. The CVE for this vulnerability is yet to be
Hackers Employ JavaScript Framework To Trick Users Copy, Paste And Command Execution
Hackers use JavaScript frameworks since they offer a wide range of functionalities and tools that could be used to bypass detection, hide code, and carry out harmful acts. In addition, they take advantage of the people’s trust in such popular
Hackers Actively Exploiting Checkpoint 0-Day Flaw
Cybersecurity experts have identified a critical zero-day vulnerability in Checkpoint’s security software that hackers are actively exploiting. The flaw assigned to the identifier CVE-2024-24919 poses a significant threat to organizations relying on Checkpoint’s solutions for their cybersecurity needs. Details of
Microsoft Observed Huge-Surge In Attacks Targeting Internet-Exposed OT Devices In WWS
Microsoft has reported a significant increase in cyberattacks targeting internet-exposed, poorly secured operational technology (OT) devices. These attacks have particularly focused on the United States’ water and wastewater systems (WWS). Various nation-backed actors, including the IRGC-affiliated “CyberAv3ngers” and pro-Russian hacktivists,
Indian Stock Exchange BSE Starts Encrypting Messages to Traders
The Bombay Stock Exchange (BSE) has begun encrypting messages sent to traders, becoming the first exchange in the world to implement such a system. The move aims to enhance security and protect sensitive information in the face of growing cyber
Russian Hackers Charged For Selling Unauthorized Access To Computer Networks
A Russian citizen has been indicted for working as an “access broker” and selling unauthorized access to computer networks, including a victim company in New Jersey, U.S. Attorney Philip R. Sellinger, District of New Jersey, announced. Details of the Indictment Evgeniy Doroshenko,
Notorious Data Leak Site Breachforums is back From the Seizure
The notorious data breach forum, Breachforums, has re-emerged after being confiscated by authorities in a surprising development. According to the recent tweet from Dark Web Informer, the news has sent shockwaves through the cybersecurity community and raised concerns about the
Hackers Advertising Pulse Connect Secure VPN RCE 0-Day
Cybersecurity experts have identified a critical zero-day vulnerability in Pulse Connect Secure VPN, a widely used virtual private network solution. The vulnerability, which allows for remote code execution (RCE), has been actively exploited by hackers, raising significant concerns among organizations relying on