brangberg – Page 280

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera.
“Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,”

Over 6,000 SmarterMail servers exposed to automated hijacking attacks

Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. […]

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

The protections against NPM supply chain attacks could be bypassed, leading to arbitrary code execution.

The post ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks appeared first on SecurityWeek.

Cyber Insights 2026: Quantum Computing and the Potential Synergy With Advanced AI

SecurityWeek’s Cyber Insights 2026 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we explore quantum computing and its threat to current encryption, where the use of AI might shorten […]

The post Cyber Insights 2026: Quantum Computing and the Potential Synergy With Advanced AI appeared first on SecurityWeek.

Chrome, Edge Extensions Caught Stealing ChatGPT Sessions

Marketed as ChatGPT enhancement and productivity tools, the extensions allow the threat actor to access the victim’s ChatGPT data.

The post Chrome, Edge Extensions Caught Stealing ChatGPT Sessions appeared first on SecurityWeek.

Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts

Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform’s systems. […]

CTEM in Practice: Prioritization, Validation, and Outcomes That Matter

Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure.
Which exposures truly matter? Can attackers exploit them? Are our defenses effective?
Continuous Threat Exposure

Organizations Warned of Exploited Linux Vulnerabilities

The flaws allow threat actors to obtain root privileges or bypass authentication via Telnet and gain shell access as root.

The post Organizations Warned of Exploited Linux Vulnerabilities appeared first on SecurityWeek.

Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks

The vulnerability is tracked as CVE-2026-21509 and it can be exploited to bypass security features.

The post Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks appeared first on SecurityWeek.

Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks.
The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office.
“Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized

Author: brangberg