LinkedIn accused of covert browser extension scanning in 'BrowserGate' report
The "BrowserGate" report claims LinkedIn injects JavaScript that identifies thousands of browser extensions, linking this information to user profiles.
General
20 articles
N-able report highlights shift to proactive risk management in SOC operations
The report identifies six key metrics for moving from reactive to proactive security.
Malicious Chrome extension steals ChatGPT conversations
The ChatGPT Ad Blocker extension employed a DOM cloning technique to copy and filter conversations, focusing on text longer than 150 characters.
Cloudflare Targets WordPress With New AI-Powered EmDash CMS
Cloudflare launches EmDash CMS, an AI-powered platform built to fix WordPress security flaws with sandboxed plugins, serverless scaling, and passkey auth.
Former engineer pleads guilty to server extortion plot
The engineer, Daniel Rhyne, used administrator credentials to access the company's network and schedule tasks to delete admin accounts and change passwords.
Why Security Researchers and Red Teams Are Turning to Workflow Automation
Security researchers and red teams adopt workflow automation to cut alert fatigue, enrich data, and scale operations across SOC, intel and recon tasks.
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university ...
Google Brings Lazy Loading to Media Files in New Chrome Release
Google has announced a significant update for its Chrome browser, extending native lazy loading capabilities to audio and video elements. This highly anticip...
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what secu...
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Win...
Major outage hits Russian banking apps, metro payments across regions
The disruption on Friday affected apps from some of the country’s largest banks, including Sberbank, VTB, Alfa-Bank, T-Bank and Gazprombank.
Hackers threaten to leak data after cyberattack on German party Die Linke
Die Linke confirmed in late March that its IT infrastructure had been hit by what it described as a “serious cyberattack.
Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials. The post Guardarian Users Targeted ...
Google Wants to Transition to Post-Quantum Cryptography by 2029
Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantu...
Escaping the COTS trap
Over the years, enterprise cybersecurity environments have accumulated staggering numbers of commercial tools. Industry research converges on a consistent pi...
Battling payment fraud with tokenization and executive interviews from RSAC 2026 - Brian Oh, Mickey Bresman, Ashish Jain, Thyaga Vasudevan, Jimmy White - ESW #453
Apache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service Attacks
The Apache Software Foundation has released critical security updates to address two vulnerabilities in Apache Traffic Server (ATS). Disclosed on April 2, 20...
Residential proxies make a mockery of IP-based defenses
Attack traffic moved through ordinary home and mobile connections in ways that limited the usefulness of IP reputation on its own. GreyNoise observed 4 billi...
Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app
Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online ...