Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log…
Steam game mod breached to push password-stealing malware
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push…
Google Releases Eighth Zero-Day Patch of 2023 for Chrome
CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser's…
Fake VPN Chrome extensions force-installed 1.5 million times
Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers,…
Chameleon Android Trojan Offers Biometric Bypass
A more sophisticated version of a "work in progress" malware is impersonating a Google Chrome app to attack a wider…
Android malware Chameleon disables Fingerprint Unlock to steal PINs
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices…
Google fixes 8th Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the…
Ten new Android banking trojans targeted 985 bank apps in 2023
This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading…
Google Chrome’s new cache change could boost performance
Google is introducing a significant change to Chrome's Back/Forward Cache (BFCache) behavior, allowing web pages to be stored in the…
TrickBot malware dev pleads guilty, faces 35 years in prison
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware,…