Information-stealing malware is actively leveraging an undocumented Google OAuth endpoint called MultiLogin to hijack user sessions, allowing continuous access to Google services even after a password reset. CloudSEK reports that this critical exploit facilitates session persistence and cookie generation, empowering ...

Google has issued updates to address four security vulnerabilities in its Chrome browser, including a zero-day flaw currently being actively exploited. The identified issue, designated as CVE-2024-0519, revolves around an out-of-bounds memory access within the V8 JavaScript and WebAssembly engine. ...

A recent study by Cloudsek reveals that verified X accounts adorned with gold checkmarks are being peddled on the dark web, with prices ranging from $1200 to $2000, depending on their brand recognition and outreach. The surge in the availability ...

Microsoft has launched an aggressive crackdown on Storm-1152, a group offering “cybercrime-as-a-service,” taking significant legal actions to dismantle its network. This initiative includes seizing the group’s infrastructure in the US, shutting down critical websites, and conducting thorough investigations to identify ...

A bipartisan bill put forth by two US Senators seeks to enhance the cybersecurity measures within the food and agriculture sector, potentially resulting in the enactment of the Farm and Food Cybersecurity Act. The primary objective of this proposed legislation ...

Recently, security researchers have identified a supply-chain vulnerability present in Bazel, one of Google’s key open-source projects. This vulnerability revolves around a command injection flaw found in a GitHub Actions workflow that Bazel depends on, potentially enabling malicious actors to ...

Microsoft’s Threat Intelligence has issued a warning regarding the active exploitation of the CVE-2023-23397 Outlook flaw by the Russia-associated APT28 group to seize control of Microsoft Exchange accounts. The APT28 group, also known as “Forest Blizzard,” “Fancybear,” or “Strontium,” has ...

A discovery by experts has revealed that Operation Triangulation, which targets Apple iOS devices, made use of an undocumented hardware feature. Researchers from Kaspersky, a Russian cybersecurity firm, uncovered that the perpetrators behind Operation Triangulation capitalized on an undocumented hardware ...

In the expansive digital domain, where interactions are abundant and diverse, discerning the origins and authenticity of these interactions poses considerable challenges. This is precisely where the concept of non-repudiation becomes invaluable. By amalgamating various security facets such as delivery ...

The rapid evolution of Artificial Intelligence (AI) is reshaping not just the technological realm but various facets of human endeavors at an unprecedented pace. However, alongside the benefits of technological progress, there exists a darker side where AI is harnessed ...