The security flaw (tracked as CVE-2024-4835) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages.
A requirement for the Pentagon to commission an independent study on the creation of a U.S. Cyber Force was added late Wednesday to the House version of the defense policy bill.
The security issue was discovered internally by Google’s Clément Lecigne and is tracked as CVE-2024-5274. It is a high-severity ‘type confusion’ in V8, Chrome’s JavaScript engine responsible for executing JS code.
Siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems, according to a new report by CyberArk.
Around 16 different independent hacktivist groups are targeting Indian elections, including Anon Black Flag Indonesia, Anonymous Bangladesh, and Morocco Black Cyber Army, among others.
Bitdefender researchers who discovered the threat group report that its operations align with Chinese geo-political interests, focusing on intelligence collection and espionage.
Microsoft’s new automatic screenshot retrieval feature could enable hackers to steal sensitive information such as online banking credentials, security experts warned. Additionally, the U.K ICO will probe Recall for compliance with privacy law.
This campaign, active since at least 2021, has targeted over 30 victims in various countries, primarily in Africa and the Middle East, with government agencies being the main victims.
Much of the testimony – and concerns raised by the committee – focused on the AI advantages for cybercriminals and nation-state actors, advantages that cybersecurity officials say must be countered by increasingly building AI into products.
Delivered via a phishing email attachment, the malicious file makes use of the hidden right-to-left override (RLO) Unicode character (U+202E) to reverse the order of the characters that come after that character in the string.