100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

/in

An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.
“The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis

The Hacker News – ​Read More

Hazy Hawk Attack Spotted Targeting Abandoned Cloud Assets Since 2023

/in

Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More

‘Hazy Hawk’ Cybercrime Gang Swoops In for Cloud Resources

/in

Since December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites.

darkreading – ​Read More

Novel Phishing Attack Combines AES With Poisoned npm Packages

/in

Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.

darkreading – ​Read More

NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch

/in

VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available. 

The post NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch appeared first on SecurityWeek.

SecurityWeek – ​Read More

A security key for every employee? Yubikey-as-a-Service goes global

/in

Yubico’s roaming authenticators can now be provisioned and delivered in 175 countries. Here’s what the service offers.

Latest stories for ZDNET in Security – ​Read More

South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware

/in

High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder.
“The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas

The Hacker News – ​Read More

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

/in

Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts.
“These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3

The Hacker News – ​Read More

Compromised RVTools Installer Spreading Bumblebee Malware

/in

RVTools installer on its official site was found delivering malware. Research shows it spread Bumblebee loader. Users urged to verify downloads.

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More

The Crowded Battle: Key Insights from the 2025 State of Pentesting Report

/in

In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex picture of progress, challenges, and a shifting mindset

The Hacker News – ​Read More