VulnHub

Real-time Cybersecurity News

Articles tagged "Google"

Found 52 articles

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

The Hacker News

Actively Exploited

A malicious Chrome extension named Crypto Copilot has been identified, capable of injecting hidden Solana transfer fees into swap transactions, redirecting funds to an attacker's wallet. This poses a significant threat to users engaging in cryptocurrency transactions on the Raydium platform, highlighting the need for vigilance against browser-based threats.

Impact: Chrome Web Store, Crypto Copilot extension, Raydium swaps, Solana transactions
Remediation: Users should remove the Crypto Copilot extension from their browsers and monitor their cryptocurrency transactions for unauthorized transfers. Regularly updating browser security settings and using trusted extensions are also recommended.
Malware
Read Original
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

The Hacker News

Actively Exploited

This week, significant cybersecurity threats emerged as hackers exploited new 0-day vulnerabilities in Fortinet and Chrome, infiltrating supply chains and SaaS tools. The rapid response from major companies like Microsoft, Salesforce, and Google highlights the severity of these attacks and the ongoing challenges in securing trusted applications and software updates.

Impact: Fortinet, Chrome, Microsoft, Salesforce, Google
Remediation: Stopping DDoS attacks, blocking bad links, fixing live flaws
ExploitMalwareDDoS
Read Original
​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

All CISA Advisories

Actively Exploited

CISA has identified that various cyber threat actors are using commercial spyware to target users of mobile messaging applications, employing tactics such as phishing, zero-click exploits, and impersonation. The focus is primarily on high-value individuals including government and military officials, indicating a serious threat to sensitive communications.

Impact: Mobile messaging applications including Signal and WhatsApp.
Remediation: Users are encouraged to review the updated Mobile Communications Best Practice Guidance and Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society for steps to protect mobile communications and messaging apps.
macOSiOSAndroidPhishingExploitUpdate+1 more
Read Original
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

The Hacker News

The Sturnus Android banking trojan poses a significant threat by enabling credential theft and complete device takeover for financial fraud. Its unique capability to bypass encrypted messaging by capturing decrypted content directly from the device screen raises serious concerns about user privacy and security.

Impact: Android devices
Remediation: Users should ensure their devices are updated with the latest security patches, avoid downloading unverified apps, and consider using additional security measures such as two-factor authentication.
AndroidTrojanMalware
Read Original
CISA Adds One Known Exploited Vulnerability to Catalog

All CISA Advisories

Actively Exploited

CISA has added CVE-2025-13223, a Google Chromium V8 Type Confusion Vulnerability, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This vulnerability poses significant risks to federal enterprises, prompting CISA to urge timely remediation by all organizations to mitigate potential cyberattacks.

Impact: Google Chromium V8
Remediation: Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by the due date as per Binding Operational Directive (BOD) 22-01. Organizations are strongly urged to prioritize timely remediation of vulnerabilities listed in the KEV Catalog as part of their vulnerability management practices.
CVEVulnerability
Read Original
PreviousPage 4 of 4