Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to…
Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns
UK firms face confluence of cyber-related risks in 2026, says Nardello & Co This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns
Hacker pleads guilty to hacking Supreme Court, AmeriCorps, and VA Systems
An actor who goes online with the alias @ihackthegovernment posted stolen personal data from his victims, including the U.S. Supreme Court. Nicholas Moore, 24, from Tennessee, pleaded guilty to repeatedly hacking the U.S. Supreme Court’s electronic filing system. Court documents…
CrashFix – Hackers Using Malicious Extensions to Display Fake Browser Warnings
Cybersecurity researchers have discovered a sophisticated malware campaign using an unusual but effective tactic: deliberately crashing users’ browsers. The threat, named CrashFix, operates through a malicious Chrome extension disguised as the legitimate ad blocker NexShield. When users search for privacy…
Windows SMB Client Vulnerability Enables Attacker to Own Active Directory
A critical vulnerability in Windows SMB client authentication that enables attackers to compromise Active Directory environments through NTLM reflection exploitation. Classified as an improper access control vulnerability, this vulnerability allows authorized attackers to escalate privileges via carefully orchestrated authentication relay…
Entity Resolution vs. Identity Verification: What Security Teams Actually Need
Two similar terms — completely different outcomes Security teams often hear “entity resolution” and “identity verification” used as if they mean the same thing. They don’t — and that confusion can lead teams to invest in tools that solve the…
Ring’s Facial Recognition Feature: Convenience or Privacy Nightmare?
In this episode, we explore Amazon Ring’s newly introduced Familiar Faces feature that utilizes AI for facial recognition. We discuss the convenience of identifying familiar people at your doorstep, the privacy concerns it raises, and the legal implications surrounding biometric…
Researchers Exploit Bug in StealC Infostealer to Collect Evidence
CyberArk says it exploited a vulnerability in the StealC infostealer to gather intelligence This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Exploit Bug in StealC Infostealer to Collect Evidence
Social Media Firms Block 4.7 Million Australian Accounts
Some 4.7 million accounts barred in Australia in first half of December following social media ban for under-16s, says government This article has been indexed from Silicon UK Read the original article: Social Media Firms Block 4.7 Million Australian Accounts
Five Chrome Extensions Used to Hijack Enterprise HR and ERP Systems
Socket’s Threat Research Team has uncovered a coordinated Chrome extension campaign targeting enterprise HR and ERP platforms, including Workday, NetSuite, and SAP SuccessFactors. Five malicious extensions, collectively installed over 2,300 times, work together to steal session tokens, block security controls,…
How ‘Reprompt’ Attack Let Hackers Steal Data From Microsoft Copilot
Varonis found a “Reprompt” attack that let a single link hijack Microsoft Copilot Personal sessions and exfiltrate data; Microsoft patched it in January 2026. The post How ‘Reprompt’ Attack Let Hackers Steal Data From Microsoft Copilot appeared first on TechRepublic.…
US Adds Charges To China-Export AI Chips
New rules appear to add 25 percent duty to Nvidia, AMD AI processors destined for mainland China, amid shifting White House strategy This article has been indexed from Silicon UK Read the original article: US Adds Charges To China-Export AI…
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses
Security researchers have identified a sophisticated backdoor malware variant, PDFSIDER, that leverages DLL side-loading to evade endpoint detection and response (EDR) systems. The threat demonstrates advanced persistent threat (APT) tradecraft, combining evasion mechanisms with encrypted command-and-control capabilities to maintain covert…
17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data
Cybercriminals have distributed 17 malicious browser extensions across Chrome, Firefox, and Edge platforms, collectively downloading over 840,000 times and compromising user security for years. The GhostPoster campaign, which emerged as early as 2020, used deceptive extension names like “Google Translate…
Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes
Security researchers have uncovered significant vulnerabilities in the firmware of Xiaomi’s popular Redmi Buds series, specifically affecting models ranging from the Redmi Buds 3 Pro up to the latest Redmi Buds 6 Pro. The discovery highlights critical flaws in the…
A week in security (January 12 – January 18)
Last week on Malwarebytes Labs: Stay safe! This article has been indexed from Malwarebytes Read the original article: A week in security (January 12 – January 18)
NSA dual-hat question, third-party report, GhostPoster extension continues
Cybercom-NSA leadership nominee to assess dual-hat role Two-thirds of third-party applications access sensitive data without justification, says report GhostPoster browser extensions up to 840,000 installs Huge thanks to our sponsor, Dropzone AI Here’s a security tip most vendors won’t tell…
UK Influencer To Pay Reduced Extradition Costs
TikTok influencer Harrison Sullivan will not have to pay £15,000 cost of jet police chartered to return him from Spain to the UK This article has been indexed from Silicon UK Read the original article: UK Influencer To Pay Reduced…
Argus: Python-Based Recon Toolkit Aims to Boost Security Intelligence
Security researchers and penetration testers gain a comprehensive open-source reconnaissance platform with the release of Argus v2.0, a Python-based information gathering toolkit that consolidates 135 specialised modules into a unified command-line interface. The toolkit addresses the growing complexity of modern…
Mandiant Publishes Rainbow Tables That Crack NTLMv1 Admin Passwords
Mandiant has publicly released comprehensive rainbow tables designed to crack Net-NTLMv1 authentication hashes, addressing a critical security gap that has persisted for over two decades, despite the protocol being deprecated and widely recognized as fundamentally insecure. The decision to release these tables…
ATM maintenance tech broke the bank by forgetting to return a key
Bank staff wore the blame for a silly security slip Who, Me? Welcome to another edition of “Who Me?”, The Register’s Monday column that shares your mistakes and celebrates your escapes.… This article has been indexed from The Register –…
Global tensions are pushing cyber activity toward dangerous territory
Cybersecurity is inseparable from geopolitics. Ongoing conflicts, sanctions, trade wars, geoeconomic rivalry, and technological competition have pushed state competition into cyberspace. States use cyber operations to exert pressure on rivals, enabling disruption without resorting to conventional weapons. Infrastructure vulnerabilities in…
SEON Identity Verification combines KYC checks with real-time fraud intelligence
SEON has unveiled the launch of its AI-powered Identity Verification solution, bringing ID verification, liveness detection and proof of address checks into its unified risk platform. SEON’s solution is built on more than 900 real-time fraud signals, helping organizations assess…
IT Security News Hourly Summary 2026-01-19 09h : 5 posts
5 posts were published in the last hour 7:32 : BodySnatcher – New Vulnerability Allows Attacker to Impersonate Any ServiceNow User 7:32 : New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released 7:32 : Review: AI…