Blog – Page 127 – Cyber Mike

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions.
A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn’t on anyone’s

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000

The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers.

The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek.

Google rolls out Gmail end-to-end encryption on mobile devices

Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. […]

MITRE Releases Fight Fraud Framework

The document provides a behavior-based model of the tactics and techniques employed by fraudsters.

The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek.

Critical Marimo Flaw Exploited Hours After Public Disclosure

Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild.

The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek.

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta.
The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release.
“This project represents a significant

Google Rolls Out Cookie Theft Protections in Chrome

New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication.

The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek.

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users

The security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago.

The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek.

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor.
The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro

New ‘LucidRook’ malware used in targeted attacks on NGOs, universities

A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. […]

Cyber News