A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels. […]
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.
The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026
The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.
“To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure Web and Networking Team said.
“
“To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure Web and Networking Team said.
“
UK warns of Iranian cyberattack risks amid Middle-East conflict
The United Kingdom’s National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East. […]
Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant
Malicious extensions could hijack the Gemini Live in Chrome feature to spy on users and steal their files.
The post Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant appeared first on SecurityWeek.
How Deepfakes and Injection Attacks Are Breaking Identity Verification
Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session—media, device integrity, and behavior—to stop synthetic and injected attacks in real time. […]
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Malicious websites could open a WebSocket connection to localhost on the OpenClaw gateway port, brute force passwords, and take control of the agent.
The post OpenClaw Vulnerability Allowed Websites to Hijack AI Agents appeared first on SecurityWeek.
Madison Square Garden Data Breach Confirmed Months After Hacker Attack
The company is one of the many victims of the 2025 Oracle E-Business Suite (EBS) hacking campaign.
The post Madison Square Garden Data Breach Confirmed Months After Hacker Attack appeared first on SecurityWeek.
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points.
The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady
The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady
Nick Andersen Appointed Acting Director of CISA
Madhu Gottumukkala has been assigned to a new role within the Department of Homeland Security.
The post Nick Andersen Appointed Acting Director of CISA appeared first on SecurityWeek.