Tag JavaScript

Serious Vulnerability in Grammarly’s Spell Checker May Allow Data Theft by Attackers

A significant vulnerability has been identified in the Chrome and Firefox extensions of Grammarly, a widely utilized grammar-checking service. This flaw potentially exposed the accounts and personal documents of approximately 22 million users to remote hacking threats. Discovered by Tavis Ormandy from Google’s Project Zero on February 2, the vulnerability…

Read MoreSerious Vulnerability in Grammarly’s Spell Checker May Allow Data Theft by Attackers

GLitch: New ‘Rowhammer’ Attack Can Remotely Take Control of Android Devices

Recent developments in cybersecurity highlight a significant advancement in exploiting an established vulnerability known as Rowhammer. Security researchers have successfully demonstrated a novel technique, referred to as GLitch, which can remotely compromise Android devices. This finding reveals how a four-year-old hacking technique can be leveraged to exert unauthorized control over…

Read MoreGLitch: New ‘Rowhammer’ Attack Can Remotely Take Control of Android Devices

Critical Vulnerability in Signal Desktop App Exposes Chats to Hackers in Plaintext

Recent developments have raised significant alarm for users of the Signal messaging application, known for its strong end-to-end encryption. For the second time in less than a week, the app’s desktop users are urged to update their software to mitigate yet another critical vulnerability, this time identified as a code…

Read MoreCritical Vulnerability in Signal Desktop App Exposes Chats to Hackers in Plaintext

Zero-Day Exploit for Tor Browser Discovered – Update Immediately

Zero-Day Vulnerability Discovered in Tor Browser Zerodium, a notable player in the exploits market, has publicly disclosed a significant zero-day vulnerability in the Tor Browser that jeopardizes user anonymity. This flaw, linked to the NoScript browser plugin included with the Mozilla Firefox component of Tor, could potentially expose the identities…

Read MoreZero-Day Exploit for Tor Browser Discovered – Update Immediately

Caution: Unpatched Safari Vulnerability Allows URL Spoofing by Attackers

Major URL Spoofing Vulnerability Discovered in Microsoft Edge and Apple Safari A significant security vulnerability has emerged that allows attackers to spoof URLs in the Microsoft Edge browser on Windows and Apple Safari on iOS. This flaw underscores escalating concerns over online security, particularly for users of these popular web…

Read MoreCaution: Unpatched Safari Vulnerability Allows URL Spoofing by Attackers

Exploiting Funnel Builder Vulnerabilities for WooCommerce Checkout Skimming

Critical Vulnerability Discovered in WordPress Funnel Builder Plugin A significant security vulnerability affecting the Funnel Builder plugin for WordPress has been actively exploited, allowing malicious actors to inject harmful JavaScript code into WooCommerce checkout pages. This alarming situation has raised concerns over the potential theft of sensitive payment information from…

Read MoreExploiting Funnel Builder Vulnerabilities for WooCommerce Checkout Skimming

Unfixed MS Word Vulnerability Might Enable Hackers to Compromise Your Computer

Recent investigations by cybersecurity specialists have uncovered a significant security vulnerability affecting Microsoft Office 2016 and earlier versions. This unpatched logical flaw enables cybercriminals to integrate malicious code into document files, effectively deceiving users into executing malware on their systems. The researchers at Cymulate identified that the vulnerability exploits the…

Read MoreUnfixed MS Word Vulnerability Might Enable Hackers to Compromise Your Computer

Zero-Day Vulnerabilities Discovered in iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 Smartphones

Pwn2Own 2018: A Showcase of Mobile Vulnerabilities The Pwn2Own 2018 mobile hacking competition, held in Tokyo on November 13-14, demonstrated the ongoing vulnerability of even well-secured smartphones. White hat hackers successfully exploited fully patched devices, including flagship models from renowned manufacturers, revealing concerning security gaps. Key targets included the iPhone…

Read MoreZero-Day Vulnerabilities Discovered in iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 Smartphones

Lazarus Group Launches npm Brandjacking Campaign to Target Developers

A recent npm campaign, attributed to North Korea’s Lazarus Group, has highlighted a new strategy in which attackers employ deceptive package names to infiltrate developers’ systems and software build environments. This tactic poses significant risks for organizations reliant on JavaScript tools, as many developers may unwittingly install these malicious packages.…

Read MoreLazarus Group Launches npm Brandjacking Campaign to Target Developers