Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,"

The Hacker News
Open in Source
#windows#google#java#backdoor#chrome#The Hacker News
Cyberattackers Use HR Targets to Lay More_Eggs Backdoor

The FIN6 group is the likely culprit behind a spear-phishing campaign that demonstrates a shift in tactics, from targeting job seekers to going after those who hire.

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in

Nitro PDF Pro Local Privilege Escalation

The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached MSI installer's custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITY\SYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected.

Mozilla Faces GDPR Complaint Over New Firefox Tracking Feature

NOYB, a European privacy group has filed a complaint with Austrian authorities, alleging that Mozilla breached GDPR by…

Debian Security Advisory 5775-1

Debian Linux Security Advisory 5775-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print

Transport, Logistics Orgs Hit by Stealthy Phishing Gambit

Companies in this industry vertical tend toward large financial transactions with partners, suppliers, and customers.

Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution

Mozilla has introduced a feature called Privacy Preserving Attribution and turned it on by default, much to the chagrin of a privacy watchdog.

CVE-2024-9123: Chromium: CVE-2024-9123 Integer overflow in Skia

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/2024