Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.
Palo Alto Networks researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure.
Forget stolen credentials and misconfigurations. Thanks to AI, the new top cause of compromises in the cloud is vulnerability exploits that beat patching cycles.
The proof-of-concept exploit allows an attacker to steal sensitive data from Gmail, Google Accounts, Google Authenticator, Google Maps, Signal, and Venmo.
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
A "highly active" Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors.
DPRK's innovative tack chains together previously unknown browser issues, then adds a rootkit to the mix to gain deep system access.
Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device.
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.
It's not going anywhere: Easy-to-exploit bugs like MOVEit, leaks of stolen data, and rapid-fire escalation are keeping ransomware attacks as painful as ever.
Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.
Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.
Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later.
An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks.
The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.
After the Raccoon Stealer Trojan disappeared, the RIG Exploit Kit seamlessly adopted Dridex for credential theft.