Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2024-38082: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

Microsoft Security Response Center
#vulnerability#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2024-38093: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. "The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as

Cut & Paste Tactics Import Malware to Unwitting Victims

"ClearFake" and "ClickFix" attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and infostealers.

SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw

SPA-CART CMS version 1.9.0.6 suffers from business logic and user enumeration flaws.

Debian Security Advisory 5710-1

Debian Linux Security Advisory 5710-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German

AEGON LIFE 1.0 Cross Site Scripting

AEGON LIFE version 1.0 suffers from a persistent cross site scripting vulnerability.

AEGON LIFE 1.0 Remote Code Execution

AEGON LIFE version 1.0 suffers from an unauthenticated remote code execution vulnerability.

Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised as an improvement over extremely invasive third-party tracking, the tracking is now simply done