Malicious Chrome extensions with 75M installs removed from Web Store
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come…
Category: Bleeping Computer
New Horabot campaign takes over victim’s Gmail, Outlook accounts
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a…
Windows 11 will let you view phone photos in File Explorer
Microsoft is now rolling out a new Windows 11 dev build allowing Insiders to view their phone’s camera roll in the File Explorer Gallery. Once…
Harvard Pilgrim Health Care ransomware attack hits 2.5 million people
Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing…
Google triples rewards for Chrome sandbox escape chain exploits
Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now eligible for triple the standard…
Russia says US hacked thousands of iPhones in iOS zero-click attacks
Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. The delivery…
New MOVEit Transfer zero-day mass-exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations. MOVEit Transfer is a managed file…
Exploit released for RCE flaw in popular ReportLab PDF library
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab Toolkit, a popular Python library used by numerous projects…
Amazon faces $30 million fine over Ring, Alexa privacy violations
Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual…
Kali Linux 2023.2 released with 13 new tools, pre-built HyperV image
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for…
Terminator antivirus killer is a vulnerable Windows driver in disguise
A threat actor known as Spyboy is promoting a tool called “Terminator” on a Russian-speaking hacking forum that can allegedly terminate any antivirus, XDR, and…
Hackers exploit critical Zyxel firewall flaw in ongoing attacks
Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. The flaw, which is…