The vulnerability, which has now been fixed, was caused by a window message event handler that does not properly validate the message origin, providing attackers access to sensitive user information.

Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI’s ChatGPT as a lure to propagate about 10 malware families since March 2023.

The operation, dubbed SpecTor, also included the seizure of 117 firearms, 850 kilograms of drugs — including 64 kilograms of fentanyl or fentanyl-laced narcotics — and $53.4 million in cash and virtual currencies, the DoJ said in a statement.

Russia-linked APT group Sandworm is behind destructive cyberattacks against Ukrainian state networks, the Ukrainian Government Computer Emergency Response Team (CERT-UA) warns.

Cybercriminals have been using AT&T-provided email addresses to steal large amounts of cryptocurrency by accessing accounts via mail keys. One victim claimed to have lost $134,000 from its Coinbase account. The firms are suggested to update their security controls to prevent such activities and proactively require a password reset on some email accounts.

Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices’ firmware that acted as a time bomb designed to brick them.

The UK government has announced a new fraud strategy which will focus heavily on mitigating the impact of telephone and online scams, although critics have said it doesn’t go far enough.

Trend Micro noticed a ransomware variant called Rapture that adopts a minimalistic approach and leaves behind only a small digital footprint. The attackers utilized the commercial packer Themida to pack the ransomware, hence making the analysis challenging. An RSA key configuration file used by the attackers was found to be similar to that used by […]

Watch out for bugs in TP-Link, Apache Log4j2, and Oracle WebLogic Server that are under active exploitation by different cybercriminal groups, warns CISA. FCEB agencies are required to apply vendor-provided fixes by May 22, 2023.

Heimdal Security’s SOC team has discovered an ongoing phishing campaign that seems to be aimed at customers of Romanian telecom providers. The fraudulent page requests the victims to submit their credit card information to cover a tax related to changing a delivery address. Experts recommend avoiding opening suspicious emails or links, and using order tracking […]