brangberg – Page 272

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens.
One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome

White House Scraps ‘Burdensome’ Software Security Rules

Two Biden-era memorandums have been revoked, but some of the resources they provide can still be used by government organizations.

The post White House Scraps ‘Burdensome’ Software Security Rules appeared first on SecurityWeek.

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.
The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently

Windows 11 KB5074105 update fixes boot, sign-in, and activation issues

Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. […]

Badges, Bytes and Blackmail

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape?

Introduction: One view on the scattered fight against cybercrime
The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly

Hugging Face Abused to Deploy Android RAT

Android users were lured to applications that served a malicious payload hosted in a Hugging Face repository.

The post Hugging Face Abused to Deploy Android RAT appeared first on SecurityWeek.

ICS Devices Bricked in Russia-Linked Strike on Polish Power Grid

Sandworm/Electrum hackers targeted communication and control systems at 30 sites.

The post ICS Devices Bricked in Russia-Linked Strike on Polish Power Grid appeared first on SecurityWeek.

Ivanti Patches Exploited EPMM Zero-Days

The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely.

The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday.
Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secrets for taking over 2,000 documents containing

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0.
“SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API

Author: brangberg