Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. "The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as

The Hacker News
#web#windows#google#ddos#dos#c++#backdoor#chrome#The Hacker News
Cut & Paste Tactics Import Malware to Unwitting Victims

"ClearFake" and "ClickFix" attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and infostealers.

SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw

SPA-CART CMS version 1.9.0.6 suffers from business logic and user enumeration flaws.

Debian Security Advisory 5710-1

Debian Linux Security Advisory 5710-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German

AEGON LIFE 1.0 Cross Site Scripting

AEGON LIFE version 1.0 suffers from a persistent cross site scripting vulnerability.

AEGON LIFE 1.0 Remote Code Execution

AEGON LIFE version 1.0 suffers from an unauthenticated remote code execution vulnerability.

Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised as an improvement over extremely invasive third-party tracking, the tracking is now simply done

AEGON LIFE 1.0 SQL Injection

AEGON LIFE version 1.0 suffers from a remote SQL injection vulnerability.

CVE-2024-5845: Chromium: CVE-2024-5845 Use after free in Audio

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**