Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
Eight malicious extensions still remain in Chrome Web Store. These use some interesting tricks to keep running arbitrary code despite restrictions of Manifest V3.
New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.
SEO poisoning is gaining momentum as threat actors leverage malicious ads to deliver malware through web browser searches.
Traffers are responsible for redirecting user traffic to malicious content (malware, fraud, phishing, scam) exploited by other threat actors.
User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our evidence indicates that the use of the CNAME scheme threatens web security and privacy systematically and in general