Cybersecurity News

Cybersecurity researchers at DomainTools Intelligence (DTI) have uncovered a sophisticated malware campaign targeting Chrome users through the official Web Store. The operation involves over 100 malicious extensions disguised as legitimate services, including VPN clients, AI-powered tools, and cryptocurrency utilities, presenting a significant threat to browser security. Sophisticated Deception: Malware Distribution Strategy Since February 2024, threat … Read more

Mozilla has demonstrated exceptional incident response capabilities by rapidly addressing two critical zero-day vulnerabilities in Firefox, discovered during the prestigious Pwn2Own Berlin hacking competition. The security team released emergency patches across all Firefox versions within hours of the vulnerabilities’ disclosure, showcasing their commitment to user security. Analysis of the Critical Vulnerabilities The first vulnerability (CVE-2025-4918) … Read more

Google has unveiled a groundbreaking security enhancement for Chrome browser users, introducing an automated password reset capability within its built-in password manager. This significant upgrade addresses one of the most critical challenges in modern cybersecurity: the timely response to compromised credentials. Advanced Automated Password Protection System The enhanced Chrome Password Manager now features automatic credential … Read more

In a significant cybersecurity development, Curator (formerly Qrator Labs) has successfully defended against the largest distributed denial-of-service (DDoS) attack ever recorded, involving an unprecedented botnet of 4.6 million compromised devices. The attack, which targeted a government organization on May 16, marks a dramatic escalation in the scale and sophistication of DDoS threats. Historic Scale and … Read more

Cybersecurity researchers at NSFOCUS have uncovered a sophisticated new DDoS botnet called HTTPBot, marking a significant shift in malware targeting strategies. Unlike traditional DDoS botnets that primarily target Linux and IoT devices, this new threat specifically focuses on Windows systems, presenting a unique challenge to gaming companies, educational institutions, and technology firms in China. Technical … Read more

In a watershed moment for digital privacy rights, Google has agreed to pay $1.375 billion to settle privacy violation claims in Texas, marking the largest state privacy settlement in U.S. history. The agreement addresses unauthorized location tracking and biometric data collection practices that affected millions of users, setting a new precedent for corporate accountability in … Read more

In a significant victory against cybercrime, an international law enforcement coalition has successfully dismantled six major DDoS-for-hire platforms in a coordinated operation. The investigation culminated in the arrest of four suspected administrators in Poland, effectively disrupting services responsible for thousands of cyberattacks worldwide since 2022. These platforms had targeted educational institutions, government agencies, commercial enterprises, … Read more

Cybersecurity researchers at Aikido have uncovered a severe security breach in the widely-used NPM package rand-user-agent, which averages over 45,000 weekly downloads. The compromise involved the injection of obfuscated malicious code that deploys a Remote Access Trojan (RAT) on affected systems, posing a significant threat to developers and organizations utilizing this package. Compromise Details and … Read more

Cybersecurity researchers at Patchstack have uncovered a severe security vulnerability in the widely-used WordPress plugin OttoKit (formerly SureTriggers), potentially affecting over 100,000 active websites. The critical flaw enables unauthorized attackers to create administrator accounts on vulnerable WordPress installations, posing a significant risk to website security. Understanding the Technical Impact The vulnerability, tracked as CVE-2025-27007, stems … Read more

Nucor Corporation, the largest steel producer in the United States, has disclosed a major cybersecurity breach that forced the company to suspend portions of its manufacturing operations. This incident highlights the increasing vulnerability of critical industrial infrastructure to sophisticated cyber threats and raises concerns about the security of the manufacturing sector. Incident Impact and Initial … Read more