Browser Syncjacking: The New Chrome Extension Attack That Gives Hackers Full Device Control
A dangerous new cyberattack method called 'browser syncjacking' exploits Chrome extensions to give attackers complete control of victims' computers. The attack uses legitimate-looking extensions and Google sync features to steal sensitive data and establish backdoor access.
US Lawmakers Move to Ban Chinese AI App DeepSeek from Government Devices
A bipartisan bill aims to prohibit federal employees from using DeepSeek on government devices due to national security concerns about data collection by China. The legislation follows discoveries of code that could transmit user data to China Telecom and mirrors similar restrictions in other countries.
U.S. Government Reveals Record of 39 Zero-Day Vulnerability Disclosures in Landmark Transparency Report
The U.S. Office of the Director of National Intelligence released its first-ever public report detailing the disclosure of 39 zero-day software vulnerabilities in 2023. This unprecedented transparency offers insight into how the government balances national security with software security through its Vulnerabilities Equities Process.
Baltic Nations Bolster Cyber Defenses Ahead of Russian Power Grid Separation
Lithuania, Latvia, and Estonia are strengthening cybersecurity measures as they prepare to disconnect from the Soviet-era BRELL power network shared with Russia. The Baltic states anticipate potential retaliation from Moscow while transitioning to the EU electricity system on February 9.
Hijacked AWS Storage Buckets Expose Major Organizations to Supply Chain Attacks
Security researchers discovered 150 abandoned AWS S3 storage buckets previously used by major organizations that could be easily re-registered and hijacked. The vulnerability allowed researchers to gain control over storage locations still receiving millions of requests from government agencies and corporations.
Okta Bcrypt Vulnerability Exposes Critical API Design Flaws
A security incident at Okta revealed how Bcrypt's 72-character input limitation could be exploited to bypass authentication in certain conditions. The case highlights crucial lessons for modern API design, emphasizing explicit input validation over silent modifications.
Cybercriminals Target Organizations with Sophisticated ADFS Phishing Scheme
Security researchers have uncovered a sophisticated phishing campaign targeting organizations using Microsoft ADFS, with attackers creating convincing fake login portals to steal credentials and bypass MFA. The scam has affected over 150 organizations across education, healthcare, government and technology sectors, primarily in the US, Canada, Australia and Europe.
Security Experts Alarmed as DOGE Gains Unprecedented Access to Federal Systems
Cybersecurity professionals raise red flags over security breaches as Elon Musk's Department of Government Efficiency obtains access to sensitive Treasury and OPM systems. Growing concerns emerge about data exposure and employee safety as protests mount against controversial security protocol violations.
Hidden Threat: Security Expert Exposes Dangerous Vulnerability in Modified USB Cables
Cybersecurity researcher Mike Grover demonstrates how a seemingly innocent charging cable can be weaponized to remotely access and control computers from up to 300 feet away. The modified cable can capture keystrokes, implant malware, and execute malicious commands without detection.
Major Data Breach: Costa Rican Telecom Exposes 600,000 Citizens' Data in Unsecured Cloud Storage
A private telecommunications company in Costa Rica has left approximately 600,000 records containing citizens' sensitive personal data exposed through an unsecured Google Storage system. Despite multiple warnings, the company remains unresponsive while the data continues to be accessible, raising serious privacy concerns.