Dark Reading

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses

Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not ...
MUO on MSN

Yes, you can get malware just by visiting a website

It's not even your browser's fault.
DataBreachToday

Breach Roundup: German Police Expose REvil, GandCrab Boss

This week, German police unmasked a REvil leader, a critical Docker flaw, Medusa ransomware surged, DPRK hackers abused ...

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...
The Hacker News

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.