VulnHub

Researchers have discovered that 100 Chrome extensions, published through five different accounts, are part of a coordinated campaign designed to steal user data and create backdoors. These malicious extensions utilize shared command and control (C&C) infrastructure, indicating a well-organized effort by the attackers. Users who have installed these extensions are at risk of having their data compromised, which could lead to identity theft or other forms of online fraud. This incident serves as a reminder for users to be cautious when installing browser extensions and to regularly review their installed add-ons for any suspicious activity. The findings underscore the need for enhanced scrutiny of browser extensions to protect user privacy and security.

Security researchers have identified a new Android banking trojan called Mirax, which is targeting users across Europe. This malware utilizes a method known as Malware-as-a-Service (MaaS) to infect devices, allowing cybercriminals to gain remote access and turn affected smartphones into residential proxy nodes. By doing this, attackers can route their malicious activities through the compromised devices, making it harder to trace their actions back to them. This poses a significant risk to users, as their personal data and banking information could be at risk. The emergence of Mirax highlights ongoing vulnerabilities in mobile security and the need for users to remain vigilant against such threats.

Google's threat intelligence team has identified a new extortion group known as UNC6783, which appears to be linked to the Raccoon persona. This group is specifically targeting Business Process Outsourcing (BPO) companies and helpdesk services, indicating a shift in focus towards sectors that handle sensitive customer data. The group's tactics may involve ransomware or other extortion methods, which poses significant risks to affected organizations. Companies in the BPO sector should be vigilant and enhance their security measures to protect against potential breaches and data leaks. As this threat evolves, understanding the methods and motivations behind it will be crucial for businesses in these industries.

Kaspersky has reported that SparkCat malware has resurfaced on app stores, specifically targeting cryptocurrency users in Asia. This malware has been found in applications available for both iOS and Android devices. Users downloading these apps may unknowingly expose their sensitive information, such as cryptocurrency wallet details, to attackers. This resurgence is particularly concerning given the increasing popularity of cryptocurrency among users, making them prime targets for cybercriminals. As the malware spreads, it underlines the need for users to be vigilant about the apps they download and the permissions they grant.

Recent research from Varonis Threat Labs has identified a new cybersecurity threat called Storm infostealer, which operates as a subscription service. This malicious software is designed to bypass the encryption used by Google Chrome, putting users' sensitive information at risk. It primarily targets web browsers, cryptocurrency wallets, and various online accounts. This is concerning because it can lead to identity theft and financial loss for affected individuals. As this service gains traction, it raises alarms about the potential for widespread exploitation of personal data.

The latest ThreatsDay Bulletin highlights a range of pressing cybersecurity threats impacting various systems. Researchers are reporting on the alarming trend of chaining together minor vulnerabilities to create significant backdoors, which could allow attackers to gain unauthorized access. Additionally, there are ongoing concerns about Android rootkits and methods for evading AWS CloudTrail logging, raising red flags for cloud security. These developments underscore the need for organizations to stay vigilant and proactive in patching software and monitoring their systems for unusual activity. With cyber threats evolving quickly, it’s crucial for companies to keep their defenses updated and educate their teams on the latest risks.

Google has released a series of updates to address 21 vulnerabilities in its Chrome browser, including a significant zero-day flaw identified as CVE-2026-5281. This vulnerability affects the Dawn component of Chrome and has been exploited in the wild, which means attackers are actively taking advantage of it. Users of Chrome are urged to update their browsers to the latest version to protect themselves against potential exploits. Keeping browsers up to date is crucial as these vulnerabilities can allow unauthorized access or manipulation of user data. The timely patching of such vulnerabilities emphasizes the ongoing need for vigilance in maintaining cybersecurity.

Google has addressed 21 vulnerabilities in its Chrome browser, including a serious zero-day flaw identified as CVE-2026-5281. This vulnerability is categorized as a use-after-free (UAF) issue in Dawn, which is part of the WebGPU standard utilized by Chromium and its derivatives. While specific details about the exploitation of this flaw are scarce, the fact that it has been flagged as 'in-the-wild' suggests that attackers are actively using it. Users of Chrome and other Chromium-based browsers should ensure they are running the latest versions to protect themselves from potential attacks. Keeping browsers updated is crucial because such vulnerabilities can lead to unauthorized access or other malicious activities.

The latest Malware newsletter from Security Affairs reports on several significant cybersecurity threats. One notable incident involves new malware specifically targeting users of Cobra DocGuard software, potentially compromising sensitive data. Additionally, Iranian cyber actors have been using Telegram as a command and control channel to distribute malware to predetermined targets, raising concerns about state-sponsored cyber activities. The newsletter also discusses the Trivy supply chain attack, which has now expanded to include compromised Docker images, putting many containerized applications at risk. Lastly, a new malware called VoidStealer has been identified, which manipulates Chrome debugging tools to extract user information. These developments highlight ongoing vulnerabilities in software and the tactics employed by cybercriminals and state actors alike.

Recent reports indicate that cybercriminals are increasingly using cloud phones, which are virtualized Android devices hosted on remote servers, to carry out financial fraud schemes. These devices provide attackers with anonymity and the capability to manipulate phone numbers, making it easier for them to bypass traditional security measures. As a result, victims can include individuals and businesses alike, potentially leading to significant financial losses. Security experts warn that the rise of these technologies poses a growing risk to online transactions and personal data. Companies and users need to be vigilant and adopt more stringent security practices to mitigate these threats.