admin

admin

  • Joined: September 10, 2024
  • Articles: 8528

Important: Update Your Chrome Browser to Fix New Zero-Day Vulnerability

Jul 16, 2021

Google has released a critical security update for the Chrome browser on Windows, Mac, and Linux, addressing several vulnerabilities, including a zero-day being actively exploited. This latest patch resolves eight issues, notably a type confusion vulnerability in the V8 open-source and JavaScript engine (CVE-2021-30563). An anonymous researcher reported this flaw on July 12.

In light of the ongoing threat, Google issued a brief statement confirming that “an exploit for CVE-2021-30563 exists in the wild,” but refrained from providing specific details about the vulnerability to prevent further misuse. This marks the ninth zero-day flaw addressed by Google this year, highlighting the ongoing risks to Chrome users.

Update Your Chrome Browser to Address Critical Zero-Day Vulnerability On July 16, 2021, Google released an urgent security update for its Chrome browser, impacting users on Windows, Mac, and Linux systems. This update addresses multiple vulnerabilities, including a significant zero-day…

Anonymous Hackers Initiate #OpUSA Targeting US Banking and Government Entities

May 08, 2013

The #OpUSA campaign has officially launched, as announced by Anonymous. On May 7, a coordinated online assault aimed at banking and government websites took place. This announcement by the well-known hacktivist group has raised significant concerns among US security experts tasked with safeguarding potential targets. The message conveyed by Anonymous to US authorities is clear: “We Will Wipe You Off the Cyber Map.”

A new wave of attacks, likely characterized by distributed denial-of-service (DDoS), is anticipated to strike major US financial institutions, mirroring incidents from the previous months. Participants in the OpUSA campaign are protesting against US governmental policies, which they accuse of perpetrating war crimes both abroad and at home. “Anonymous is committed to making May 7 a day to remember. On this day, we will commence Phase One of Operation USA. America, you have committed numerous war crimes in Iraq, Afghanistan…”

Anonymous Activists Initiate #OpUSA Targeting U.S. Financial and Government Institutions May 8, 2013 The hacktivist collective known as Anonymous formally launched #OpUSA on May 7, initiating a series of coordinated cyberattacks against U.S. banking and governmental websites. This highly publicized…

Webinar: Harmonize Dev, Sec, and Ops Teams with a Unified Playbook

Date: August 29, 2025
Topic: Cloud Security / Generative AI

Imagine this: your team deploys new code, confident everything is perfect. But hidden within is a minor flaw that spirals into a major crisis once it reaches the cloud. Suddenly, hackers infiltrate your system, resulting in costly damages that can amount to millions. Frightening, right? In 2025, the average data breach will set businesses back around $4.44 million globally. A significant portion of these issues arises from app security oversights, such as web attacks that compromise credentials and cause chaos.

If you’re part of the dev, ops, or security teams, you’ve likely experienced this stress—constant alerts, disputes over accountability, and slow fixes. But it doesn’t have to be this way. What if you could detect risks early, from the moment code is written to its operation in the cloud? That’s the power of code-to-cloud visibility, transforming how proactive teams manage app security.

Join our upcoming webinar, “Code-to-Cloud…

Webinar Announcement: Unifying Dev, Sec, and Ops Teams with a Comprehensive Playbook Date: August 29, 2025 Focus: Cloud Security and Generative AI In today’s rapidly evolving digital landscape, even minor coding errors can lead to significant cybersecurity breaches. Imagine deploying…

Israeli Company Aided Governments in Targeting Journalists and Activists with Zero-Day Exploits and Spyware

Two recently patched zero-day vulnerabilities in Windows, addressed in Microsoft’s Patch Tuesday update, were reportedly exploited by the Israeli firm Candiru in a series of targeted attacks on over 100 journalists, academics, activists, and political dissidents worldwide. This spyware vendor has also been identified by Google’s Threat Analysis Group (TAG) as having exploited various zero-day vulnerabilities in the Chrome browser to compromise targets in Armenia, according to a report by the University of Toronto’s Citizen Lab. Citizen Lab researchers noted that “Candiru’s widespread presence and the use of its surveillance technology against global civil society highlight the significant risks posed by the mercenary spyware industry, which is rife with potential for abuse.”

Israeli Company Utilizes Zero-Day Exploits to Target Journalists and Activists On July 16, 2021, revelations emerged regarding the actions of Candiru, an Israeli surveillance firm, which is reported to have employed two zero-day vulnerabilities in Windows. These flaws were addressed…

Internet Explorer 8 Zero-Day Attack Expands to Nine Additional Websites

May 08, 2013

A recent zero-day attack targeting Internet Explorer 8 on the U.S. Department of Labor’s website has now affected nine more global sites, including those operated by a major European aerospace, defense, and security company, alongside various non-profit organizations and institutions.

The attacks leverage a previously unknown and unpatched vulnerability in Microsoft’s Internet Explorer browser. Researchers have linked this campaign to a China-based hacking group known as “DeepPanda.” Security firm CrowdStrike reports that their investigations indicate the attack commenced in mid-March. Analysis of malicious infrastructure logs revealed visitor IP addresses from 37 different countries, with 71% based in the U.S., 11% in South/Southeast Asia, and 10% in Europe.

Internet Explorer 8 Zero-Day Exploit Expands to Nine Additional Websites May 8, 2013 A zero-day exploit targeting Internet Explorer 8 has spread beyond its initial attack, impacting nine more websites over the weekend. This includes a significant European corporation in…

Malicious Actors Exploit Velociraptor Forensic Tool to Launch Visual Studio Code for C2 Tunneling

Cybersecurity experts have highlighted a recent cyber attack involving the misuse of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident showcases the ongoing trend of leveraging legitimate software for nefarious purposes. According to a report from the Sophos Counter Threat Unit Research Team, the attackers employed Velociraptor to download and execute Visual Studio Code, likely aimed at establishing a tunnel to a command-and-control (C2) server they controlled. While the use of legitimate remote monitoring and management (RMM) tools is not new in cyber threats, the adoption of Velociraptor represents a significant shift, allowing attackers to gain a foothold without deploying their own malware. Further investigation into the attack has revealed that the perpetrators exploited Wind…

Attackers Exploit Velociraptor Forensic Tool to Deploy Visual Studio Code for Command-and-Control Tunneling On August 30, 2025, cybersecurity experts unveiled a concerning cyber attack involving the exploitation of Velociraptor, an open-source endpoint monitoring and digital forensic tool. This incident highlights…

China Enacts New Law Mandating Vendors to Report Zero-Day Vulnerabilities to Authorities

On July 17, 2021, the Cyberspace Administration of China (CAC) introduced stricter regulations regarding vulnerability disclosure. Under the new “Regulations on the Management of Network Product Security Vulnerability,” software and networking vendors are required to report critical flaws directly to government authorities within two days of identification. Set to take effect on September 1, 2021, these regulations aim to standardize the processes of discovering, reporting, and addressing security vulnerabilities while mitigating associated risks. Article 4 of the regulation prohibits any organization or individual from exploiting network security vulnerabilities for malicious activities and bans the illegal sale, collection, or publication of such information. The new rules also prevent the public disclosure of previously unknown security weaknesses.

China Enacts New Law Mandating Prompt Disclosure of Zero-Day Vulnerabilities On July 17, 2021, the Cyberspace Administration of China (CAC) introduced stringent regulations regarding the disclosure of cybersecurity vulnerabilities. Under the newly established “Regulations on the Management of Network Product…

Researchers Discover New Malware Used by Chinese Cybercriminals

May 10, 2013

Trend Micro experts have identified a new piece of backdoor malware from the Winnti family, primarily utilized by a Chinese cybercriminal group targeting Southeast Asian organizations in the gaming sector. This Winnti malware enables hackers to take control of users’ systems via a backdoor hidden within the legitimate Aheadlib analysis tool. Named “Bkdr_Tengo.A,” it masquerades as a genuine system DLL file known as winmm.dll. “We believe this was executed using the legitimate Aheadlib analysis tool,” stated Eduardo Altares from Trend Micro. “The file is not encrypted and is relatively straightforward to analyze. Its primary function involves stealing Microsoft Office, .PDF, and .TIFF files from USB drives connected to the system. These extracted files are stored in the $NtUninstallKB080515$ folder within Windows, alongside a log file named Usblog_DXM.log that tracks the activity.”

New Malware Uncovered Linked to Chinese Cybercriminals Targeting Southeast Asian Gaming Sector May 10, 2013 Recent findings by researchers at Trend Micro reveal a sophisticated form of malware associated with the Winnti group, a well-known Chinese cybercriminal organization. This backdoor…

Europe Introduces New Online Age Verification App

A new age verification application across Europe has been officially launched. This tool utilizes passports and ID cards to provide a “completely anonymous” means of age verification for users. It is designed for compatibility across all devices, including smartphones, tablets,…