Browser extensions have become an integral part of employees’ daily workflows—ranging from spell checkers to AI productivity tools. However, a new report from LayerX highlights a growing blind spot in enterprise security: the vast majority of these extensions come with excessive permissions that could expose sensitive organizational data. Released today, the Enterprise Browser Extension Security […]
Google announced on Wednesday that it took significant action against harmful advertising in 2024, suspending more than 39.2 million advertiser accounts, with most being proactively identified and blocked before malicious ads could reach users. In total, the company reported that it blocked 5.1 billion bad ads, placed restrictions on 9.1 billion ads, and either blocked […]
Cybersecurity experts have identified four new privilege escalation vulnerabilities within the Windows Task Scheduler that could enable local attackers to gain elevated privileges and erase system logs, effectively concealing traces of malicious activity. The vulnerabilities are associated with a system utility called “schtasks.exe”, a command-line tool that allows administrators to manage scheduled tasks on both […]
The Google Play Store, the primary hub for Android app downloads, has once again become a playground for cybercriminals. Despite Google’s ongoing security efforts, malicious apps continue to infiltrate the platform by evolving their tactics to bypass detection. A recent report from Bitdefender, shared with Hackread.com, has identified a large-scale fraud campaign involving at least […]
A newly revealed Windows vulnerability has been exploited by at least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China since 2017, according to security researchers at Trend Micro’s Zero Day Initiative (ZDI). Despite the widespread exploitation, Microsoft decided in late September that the flaw “does not meet the bar for servicing,” choosing […]
Issues Persist Into Monday, Causing Frustration for Users Microsoft has attributed this past weekend’s widespread Outlook outage to a “problematic code change,” leaving thousands of users unable to access their email accounts. The disruption began around 2100 UTC on Saturday, with more than 30,000 users reporting issues via DownDetector. While Microsoft claims services have since […]
Hackers Leverage Privilege Escalation Flaw in Paragon Partition Manager A zero-day vulnerability in a Microsoft-signed driver from Paragon Software is being actively exploited in ransomware attacks, according to a recent security advisory from CERT Coordination Center (CERT/CC). Researchers discovered five vulnerabilities in the BioNTdrv.sys driver used by Paragon Partition Manager, a tool designed to optimize […]
Attackers Use Typosquatting to Target Developers, Particularly in Finance Cybersecurity researchers have uncovered an ongoing supply chain attack targeting the Go ecosystem, where typosquatted modules are being used to distribute loader malware on Linux and macOS systems. According to Kirill Boychenko, a researcher at Socket, at least seven malicious Go packages have been identified, with […]
Stolen Data Includes Social Security Numbers, Financial Details, and IDs A major data breach at DISA Global Solutions, a U.S.-based employee screening company, has compromised the personal information of over 3.3 million individuals, including more than 360,000 residents in Massachusetts. In a notice posted on April 22, 2024, DISA confirmed it was the victim of […]
Cybersecurity researchers have identified a new tactic used by the Rhadamanthys Infostealer to spread malware, leveraging Microsoft Management Console (MMC) files with the MSC extension. This latest discovery, confirmed by the AhnLab Security Intelligence Center (ASEC), highlights an evolving threat where attackers misuse legitimate administrative tools for malicious purposes. Methods of Exploitation The Rhadamanthys Infostealer […]