DuckDuckGo browser allows Microsoft trackers due to search agreement

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. [...]

37m

Mozilla fixes Firefox, Thunderbird zero-days exploited at Pwn2Own

Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. [...]

1h

Hackers target Russian govt with fake Windows updates pushing RATs

Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware. [...]

3h

Microsoft: Credit card stealers are getting much stealthier

Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code. [...]

3h

CISA adds 41 vulnerabilities to list of bugs used in cyberattacks

The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR. [...]

4h

US Senate: Govt’s ransomware fight hindered by limited reporting

A report published today by U.S. Senator Gary Peters, Chairman of the Senate Homeland Security and Governmental Affairs Committee, says law enforcement and regulatory agencies lack insight into ransomware attacks to fight against them effectively. [...]

5h

Screencastify Chrome extension flaws allow webcam hijacks

The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders. [...]

5h

Trend Micro fixes bug Chinese hackers exploited for espionage

Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware. [...]

6h

Researchers to release exploit for new VMware auth bypass, patch now

Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. [...]

8h

Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. Additionally, versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets. [...]

9h