Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the extensions, which collectively have over 900,000 users, are below - Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (ID:

The Hacker News
Open in Source
#web#google#microsoft#git#intel#chrome#firefox#The Hacker News
Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 (CVSS score: N/A), has been characterized as a flaw in the firmware-upload error-handling logic, which could cause the device to inadvertently start

Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins

Another well-crafted phishing campaign uses Google Cloud Integration Application infrastructure to bypass email filters.

How to Avoid Phishing Incidents in 2026: A CISO Guide

Phishing in 2026 is harder to detect and verify. Learn how CISOs can speed up investigations, reduce noise, and respond with confidence.

Disney fined $10m for mislabeling kids’ YouTube videos and violating privacy law

The FTC is seeking a $10 million settlement over allegations that children’s privacy laws were violated through the mislabeling of kid-focused YouTube videos.

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to cybersecurity company Securonix.

New VVS Stealer Malware Targets Discord Users via Fake System Errors

Palo Alto Networks’ new report reveals VVS Stealer uses Discord Injection and fake error messages to steal tokens and MFA codes. Protect your account from this new Python-based threat.

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server. Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue affecting the AdonisJS multipart

Red Hat Hybrid Cloud Console: Your questions answered

Managing a hybrid environment can feel like a balancing act between disparate sets of fragmented tools used for all the different platforms you interact with. If that sounds familiar, then your team needs integrated management across your diverse hybrid infrastructure. With Red Hat Hybrid Cloud Console, you can manage your public cloud instances, on-premise virtualization, and security compliance all in one dashboard.The Red Hat Hybrid Cloud Console was built to solve fragmentation by unifying the management of Red Hat Enterprise Linux (RHEL), Red Hat OpenShift, and Red Hat Ansible Automation

GHSA-fh55-r93g-j68g: AIOHTTP Vulnerable to Cookie Parser Warning Storm

### Summary Reading multiple invalid cookies can lead to a logging storm. ### Impact If the ``cookies`` attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. ---- Patch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326