Google triples reward for Chrome full chain exploits
Google has tripled the full reward amount for the first security bug report that includes a functional full chain exploit of its popular Chrome browser. Six months of higher …
Google Chrome will lose the “lock” icon for HTTPS-secured sites
In September 2023, Google Chrome will stop showing the lock icon when a site loads over HTTPS, partly due to the now ubiquitous use of the protocol. The misunderstood Lock …
Fake ChatGPT desktop client steals Chrome login data
Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that’s capable of copying saved credentials from the Google Chrome login data …
Google adds new risk assessment tool for Chrome extensions
Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: …
Rilide browser extension steals MFA codes
Cryptocurrency thieves are targeting users of Chromium-based browsers – Google Chrome, Microsoft Edge, Brave Browser, and Opera – with an extension that steals …
Fake ChatGPT for Google extension hijacks Facebook accounts
A new Chrome extension promising to augment users’ Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. While this …
March 2023 Patch Tuesday forecast: It’s not about luck
Every month I touch on a few hot topics related to security around patching and some important updates to look out for on the upcoming Patch Tuesday. Diligence to this ongoing …
Fake ChatGPT Chrome extension targeted Facebook Ad accounts
ChatGPT has garnered a lot of questions about its security and capacity for manipulation, partly because it is a new software that has seen unprecedented growth (hosting 100 …
Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)
Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker …
December 2022 Patch Tuesday forecast: Fine-tuning the connectivity
Microsoft wrapped up a lot of ‘loose ends’ last month with their November set of updates, but there is still some work to do before the end-of-year holiday season. The …
Google Chrome zero-day exploited in the wild (CVE-2022-4262)
Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the …
October 2022 Patch Tuesday forecast: Looking for treats, not more tricks
We’ve entered the final quarter of 2022 with a favorite holiday for many – Halloween, at the end of the month. Unfortunately, Microsoft has continued to play a few tricks on …
Featured news
Resources
Don't miss
- Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover
- Review: The Developer’s Playbook for Large Language Model Security
- Microsoft’s new AI agents take on phishing, patching, alert fatigue
- The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses
- Spring clean your security data: The case for cybersecurity data hygiene