Blog – Page 67 – Cyber Mike

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.
The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.
“To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure Web and Networking Team said.
“

UK warns of Iranian cyberattack risks amid Middle-East conflict

The United Kingdom’s National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East. […]

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

Malicious extensions could hijack the Gemini Live in Chrome feature to spy on users and steal their files.

The post Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant appeared first on SecurityWeek.

How Deepfakes and Injection Attacks Are Breaking Identity Verification

Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session—media, device integrity, and behavior—to stop synthetic and injected attacks in real time. […]

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

Malicious websites could open a WebSocket connection to localhost on the OpenClaw gateway port, brute force passwords, and take control of the agent.

The post OpenClaw Vulnerability Allowed Websites to Hijack AI Agents appeared first on SecurityWeek.

Madison Square Garden Data Breach Confirmed Months After Hacker Attack

The company is one of the many victims of the 2025 Oracle E-Business Suite (EBS) hacking campaign.

The post Madison Square Garden Data Breach Confirmed Months After Hacker Attack appeared first on SecurityWeek.

⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More

This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points.
The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady

Nick Andersen Appointed Acting Director of CISA

Madhu Gottumukkala has been assigned to a new role within the Department of Homeland Security.

The post Nick Andersen Appointed Acting Director of CISA appeared first on SecurityWeek.

AWS Expands Security Hub Into a Cross-Domain Security Platform

The AWS Security Hub Extended plan aims to reduce security tool sprawl by correlating findings across multiple security domains.

The post AWS Expands Security Hub Into a Cross-Domain Security Platform appeared first on SecurityWeek.

Cyber News