Tag: browser
-
New Credit Card Skimming Campaign Uses Browser Extensions to Steal Financial Data
by
in SecurityNewsA newly discovered credit card skimming campaign, dubbed >>RolandSkimmer,
-
Firefox 137 Launches with Patches for High-Severity Security Flaws
by
in SecurityNewsMozilla has officially launched Firefox 137 with crucial security fixes aimed at addressing several high-severity vulnerabilities reported by security researchers. As part of its April 1, 2025, Mozilla Foundation Security Advisory (MFSA 2025-20), the foundation detailed three significant Common Vulnerabilities and Exposures (CVEs), which could have permitted attackers to exploit users’ machines through various means,…
-
Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities
by
in SecurityNewsChrome 135 and Firefox 137 were released on Tuesday with fixes for several high-severity memory safety vulnerabilities. The post Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chrome-135-firefox-137-patch-high-severity-vulnerabilities/
-
Privacy Roundup: Week 13 of Year 2025
by
in SecurityNews
Tags: access, ai, android, apple, application-security, breach, browser, cctv, chrome, cloud, cve, cybersecurity, data, detection, exploit, firmware, google, group, leak, linux, malware, microsoft, mobile, phishing, privacy, regulation, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, zero-dayThis is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
âš¡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
by
in SecurityNewsEvery week, someone somewhere slips up”, and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks?Step behind the curtain with us this week as we explore breaches…
-
Cyberspionage in Russland – Aktiv ausgenutzter Zero-Day-Exploit in Google Chrome
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecke-chrome-sandbox-umgehung-kaspersky-a-5cc1e2fae2e2dc9392ea2cf85b8cd384/
-
Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 Sicherheitsfixes Firefox 137, 128.9 ESR und 115.22 ESR kommt
by
in SecurityNewsZum 27. März 2025 haben die Mozilla-Entwickler Sicherheitsfixes für den Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 als Wartungsupdate veröffentlicht. Es werden kritische Schwachstellen beseitigt. Laut den Release Notes für den Firefox 136.0.4 nur Sicherheitsfixes, die im Sicherheitshinweis mfsa2025-19 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/31/firefox-136-0-4-firefox-esr-128-8-1-firefox-esr-115-21-1-sicherheitsfixes/
-
UK Cybersecurity Weekly News Roundup 31 March 2025
by
in SecurityNews
Tags: attack, best-practice, browser, chrome, computing, cryptography, cve, cyber, cybersecurity, exploit, flaw, framework, google, government, healthcare, incident, infrastructure, ransomware, risk, risk-assessment, software, threat, update, vulnerability, zero-dayUK Cybersecurity Weekly News Roundup – 31 March 2025 Welcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. UK Warned of Inadequate Readiness Against State-Backed Cyberattacks Cybersecurity experts have sounded the alarm over the UK’s growing vulnerability to state-sponsored cyber threats. A…
-
Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 Sicherheitsfixes Firefox 137, 128.9 ESR und 115.22 ESR kommt
by
in SecurityNewsZum 27. März 2025 haben die Mozilla-Entwickler Sicherheitsfixes für den Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 als Wartungsupdate veröffentlicht. Es werden kritische Schwachstellen beseitigt. Laut den Release Notes für den Firefox 136.0.4 nur Sicherheitsfixes, die im Sicherheitshinweis mfsa2025-19 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/31/firefox-136-0-4-firefox-esr-128-8-1-firefox-esr-115-21-1-sicherheitsfixes/
-
UK Cybersecurity Weekly News Roundup 31 March 2025
by
in SecurityNews
Tags: attack, best-practice, browser, chrome, computing, cryptography, cve, cyber, cybersecurity, exploit, flaw, framework, google, government, healthcare, incident, infrastructure, ransomware, risk, risk-assessment, software, threat, update, vulnerability, zero-dayUK Cybersecurity Weekly News Roundup – 31 March 2025 Welcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. UK Warned of Inadequate Readiness Against State-Backed Cyberattacks Cybersecurity experts have sounded the alarm over the UK’s growing vulnerability to state-sponsored cyber threats. A…
-
âš¡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
by
in SecurityNewsEvery week, someone somewhere slips up”, and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks?Step behind the curtain with us this week as we explore breaches…
-
Cyberspionage in Russland – Aktiv ausgenutzter Zero-Day-Exploit in Google Chrome
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecke-chrome-sandbox-umgehung-kaspersky-a-5cc1e2fae2e2dc9392ea2cf85b8cd384/
-
Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot
by
in SecurityNewsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft’s new AI agents take on phishing, patching, alert fatigue Microsoft … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/30/week-in-review-chrome-sandbox-escape-0-day-fixed-microsoft-adds-new-ai-agents-to-security-copilot/
-
Firefox patches flaw similar to exploited Chrome zero-day
First seen on scworld.com Jump to article: www.scworld.com/news/firefox-patches-flaw-similar-to-exploited-chrome-zero-day
-
CISA Issues Urgent Security Alerts: Critical Vulnerabilities in Schneider Electric, Chrome, and Sitecore
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has released several important security advisories, which address critical vulnerabilities across a range of platforms, including industrial control systems (ICS). First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-known-exploited-vulnerabilities-catalog-4/
-
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows First seen on theregister.com Jump to article: www.theregister.com/2025/03/28/google_kaspersky_mozilla/
-
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
by
in SecurityNewsFirefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day. The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/firefox-affected-by-flaw-similar-to-chrome-zero-day-exploited-in-russia/
-
Mozilla fixed critical Firefox vulnerability CVE-2025-2857
by
in SecurityNewsMozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Mozilla has released security updates to address a critical flaw, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Recently, Google addressed a similar vulnerability, tracked as CVE-2025-2783, in Chrome that has been actively exploited in the wild as a zero-day.…
-
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
by
in SecurityNewsGoogle’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/28/critical-firefox-tor-browser-sandbox-escape-flaw-fixed-cve-2025-2857/
-
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
by
in SecurityNewsMozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.”Following the…
-
Notfallupdate: Kritische Sandbox-Lücke in Firefox und Tor-Browser entdeckt
by
in SecurityNewsNicht nur Chrome-Nutzer sollten dieser Tage ihren Browser updaten. Eine aktiv ausgenutzte Sicherheitslücke betrifft auch die Windows-Version von Firefox. First seen on golem.de Jump to article: www.golem.de/news/notfallupdate-kritische-sandbox-luecke-in-firefox-und-tor-browser-entdeckt-2503-194773.html
-
Firefox fixes flaw similar to Chrome zero-day used against Russian organizations
by
in SecurityNewsDevelopers of Mozilla’s Firefox say that reports on a Google Chrome zero-day vulnerability led them to find a similar bug for the Windows version of their browser. First seen on therecord.media Jump to article: therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day
-
Google Addresses Actively Exploited Chrome Zero-Day
First seen on scworld.com Jump to article: www.scworld.com/brief/google-addresses-actively-exploited-chrome-zero-day
-
Mozilla warns Windows users of critical Firefox sandbox escape flaw
by
in SecurityNewsMozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser’s sandbox on Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw/
-
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
by
in SecurityNews“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
-
CVE-2025-2783: Chrome Zero-Day Targets Russian Organizations
by
in SecurityNewsGoogle Issues Emergency Patch for Chrome Zero-Day Exploit Google has released an urgent security update for its Chrome browser on Windows after uncovering a critical vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2025-2783, involves… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-2783-chrome-zero-day/
-
Google Hastily Patches Chrome Zero-Day Exploited by APT
by
in SecurityNewsResearchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
-
APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections
by
in SecurityNewsIn mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code. The attack was initiated through personalized phishing emails, which directed victims to…