LastPass extensions can be made to cough up passwords, deliver malware
LastPass Chrome and Firefox extensions contain flaws that could allow malicious websites to steal victims’ passwords or execute commands on their computer. The flaws …
Chrome users on macOS to see more dangerous site warnings
MacOS users who use Chrome to surf the web are likely to see more security warnings in the coming days, as Google’s Safe Browsing service will start flagging sites …
Cyber crooks’ latest tricks for targeting Chrome users
Chrome users have lately been targeted with a few unusual malware delivery and scam attempts. The “font wasn’t found” trick The first one comes from compromised WordPress …
Google is winding up Gmail support for older Chrome versions
Chrome users that, for whatever reason, can’t or don’t want to update to the latest version of the browser will soon start seeing warnings when they access Gmail. …
The latest on the critical RCE Cisco WebEx extension vulnerability
Since Google bug hunter Tavis Ormandy revealed the existence of a remotely exploitable code execution flaw in the Cisco WebEx extension for Google Chrome last week, Cisco has …
Cisco WebEx extension opens Chrome users to drive-by malware attacks
Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website. The vulnerability, …
Adobe quietly bundles data-collecting Chrome extension with latest Reader update
Chrome users who have installed the latest Adobe security updates have also been unknowingly saddled with a browser extension (“Adobe Acrobat”) that can collect some of their …
Malvertising campaign compromises routers instead of computers
The DNSChanger exploit kit is back and more effective than ever, and is being used in a widespread malvertising attack whose goal is to compromise small/home office routers. …
Final warning: Popular browsers will soon stop accepting SHA-1 certificates
Starting with Chrome 56, planned to be released to the wider public at the end of January 2017, Google will remove support for SHA-1 certificates. Other browser makers plan to …
Bug in Chrome for mobile exploited for drive-by Android malware downloads
Users of the mobile version of Google Chrome should be extra careful when faced with unsolicited offers to install a popular app, Kaspersky Lab researchers warn. Cyber crooks …
Tech support scammers use old bug to freeze browsers
Tech support scammers are exploiting a bug that maxes out users’ CPU and memory capability and effectively freezes the browser and possibly the computer, in an attempt …
Google warns of actively exploited Windows zero-day
Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7255) that is being actively exploited in the wild. According to Neel Mehta and …
Featured news
Resources
Don't miss
- Threat actors are scanning your environment, even if you’re not
- GoSearch: Open-source OSINT tool for uncovering digital footprints
- Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
- Top must-visit companies at RSAC 2025
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)