Malicious Chrome extensions with 1.7M installs found on Web Store
Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses.
New spyware strain steals data from Russian industrial companies
Moscow-based cybersecurity firm Kaspersky said the campaign has already affected over 100 victims across several dozen Russian organizations, but did not disclose the specific targets.
Malicious Chrome extensions with 1.7M installs found on Web Store
Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses.
Overcoming Technical Barriers in Desktop and Application Virtualization
Exposed RDP ports are an open door for attackers. TruGrid SecureRDP enforces Zero Trust and MFA, blocks lateral movement, and secures remote access—no open firewall ports required. Learn more and get a free trial.
No thanks: Google lets its Gemini AI access your apps, including messages
Google says it's Gemini AI will soon be able to access your messages, WhatsApp, and utilities on your phone. But we're struggling to see this as a good thing.
Policy-as-Code vs. IaC Security: The Difference | CSA
If you treat Policy-as-Code and Infrastructure-as-Code security as interchangeable, you’re setting yourself up for compliance gaps and security incidents.
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.
Malicious Open Source Packages Surge 188% Annually
Sonatype’s latest Open Source Malware Index report has identified more than 16,000 malicious open source packages, representing a 188% annual increase
New Bert Ransomware Group Strikes Globally with Multiple Variants
Trend Micro has observed the Bert ransomware group in operation since April 2025, with confirmed victims in sectors including healthcare, technology and event services
Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage
A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies.
Public exploits released for CitrixBleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777Â and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens.
Brazilian police arrest IT worker over $100 million cyber theft
Police in Brazil arrested an employee of C&M Software, who allegedly told them he had sold his login credentials to the hackers behind a massive theft via the PIX instant payment system.