Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Oyster Backdoor Spreading via Trojanized Popular Software Downloads

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing. The

The Hacker News
Open in Source
#web#mac#google#microsoft#git#java#backdoor#rce#pdf#auth#chrome#The Hacker News
CVE-2024-6103: Chromium: CVE-2024-6103: Use after free in Dawn

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6102: Chromium: CVE-2024-6102: Out of bounds memory access in Dawn

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6101: Chromium: CVE-2024-6101: Inappropriate implementation in WebAssembly

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6100: Chromium: CVE-2024-6100 Type Confusion in V8

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

Debian Security Advisory 5716-1

Debian Linux Security Advisory 5716-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA dropper, VBA downloader, link downloader, and executable downloader -- with some of them using a

CVE-2024-38082: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2024-38093: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. "The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as