Mozilla has released urgent updates for its Firefox browser to fix a security issue that could allow attackers to bypass protective measures. This comes shortly after Google patched a similar vulnerability in Chrome, which had been actively exploited.

The flaw, identified as CVE-2025-2857, could let a compromised part of Firefox’s system access more powerful functions, potentially leading to security risks. Mozilla has addressed the issue in Firefox versions 136.0.4 and 115.21.1, and the update also includes a fix for the Tor Browser.

This update follows a patch by Google to address a similar issue in Chrome, which had been exploited in cyberattacks targeting organizations in Russia. The U.S. Cybersecurity Agency has added the Chrome flaw to its list of critical vulnerabilities, urging federal agencies to update by mid-April.

Users are advised to update their browsers to stay protected from potential threats.

Source: April 2, 2025 20:30 (1 hour, 47 minutes ago) |  0 | 1 minute read

Before responding to any email, take a moment to ask yourself, "Is this legitimate?" Phishing attempts often look convincing, so it's crucial to stay cautious, especially when email requests personal or company data. Always verify the sender and the content before engaging, as scammers can disguise themselves as trusted sources. A quick check can prevent you from falling victim to scams or data breaches. A few extra seconds of scrutiny could save you from significant security risks. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Before linking apps to your accounts, protect your data by granting minimal permissions, avoiding oversharing, and reviewing access regularly.

Key Actions:

1. Grant Only Necessary Permissions: Share just the info the app needs.
2. Review Regularly: Check and revoke access for unused apps.
3. Choose Reputable Apps: Connect only with trusted, well-reviewed apps.

Quick Tip: The fewer permissions you grant, the safer your data will be.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Shortened links (like bit.ly or TinyURL) simplify web addresses but can hide their true destination, posing a security risk. Clicking on a shortened link from an unknown sender, especially in unsolicited emails or messages, could lead to malicious sites or infect your device with malicious software. If unsure, use a URL unshortening service (e.g., CheckShortURL) to reveal the full web address. Also, look out for red flags, like misspelled domains or extra characters. Taking these extra steps can help you avoid risky sites and keep your personal information secure.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

On April Fools’ Day, links in emails, texts, or on social media may look funny or intriguing, but they could hide harmful content. Cybercriminals often use pranks as bait to lure unsuspecting users into clicking malicious links. Always hover over any link to check the URL before clicking, even if it seems harmless. Curiosity can easily lead you into danger, so it’s important to stay cautious. Always verify links and stay secure online this April. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

It’s important to disable location services on your device when you're not actively using apps that need it. Many apps continuously track your whereabouts, often sharing this data with third parties, which could put your personal information at risk. By turning off location tracking when it's not needed, you can reduce unnecessary data collection, and maintain better control over your privacy.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

For added security, make it a habit to turn off your devices when you're not using them. This small action is an effective way to safeguard your personal information. Shutting down your devices is especially important at the end of the day. By doing so, you reduce the chances of unauthorized access to your data. It also helps maintain your privacy by preventing unnecessary access. Incorporating this simple habit into your routine will add an extra layer of protection to your digital life. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

The ClearFake cyberattack, first discovered in 2023, has grown into a more dangerous threat. Originally using fake browser update pop-ups, ClearFake now tricks people by pretending to be security checks, like fake reCAPTCHA or Cloudflare Turnstile verifications. These false alerts lead users to unknowingly download harmful software, such as Lumma Stealer and Vidar Stealer.

A new tactic called ClickFix has emerged, where attackers fool users into running harmful commands disguised as fixes for technical problems. This results in even more dangerous software being installed on the victim's computer. ClearFake has also started using advanced technology, like blockchain, to hide its tracks and make it harder to detect.

The campaign is growing, with over 9,300 websites now compromised, potentially affecting nearly 200,000 users by mid-2024. Recently, ClearFake has targeted auto dealership websites through...

It’s crucial to stay vigilant against cyber threats as the election approaches, such as deepfakes and disinformation campaigns, which can manipulate public opinion and weaken trust in the system. Always verify the source of digital content before sharing, and be cautious of AI-generated media, especially when it seems suspicious or too sensational. Staying informed and discerning will help protect integrity, ensuring you're making decisions based on truthful, reliable information and preventing the spread of misinformation.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

To prevent phishing, always verify email signatures before responding to sensitive or financial requests.

DO:

• Cross-check signatures with known contacts or official websites.
• Ensure correct spelling, job titles, and contact details.
• Confirm requests via a separate, trusted communication channel.
• Be cautious of urgent or emotional language.

Avoid:

• Ignoring inconsistencies in the signature.
• Clicking suspicious links or downloading attachments.
• Assuming all emails with valid signatures are safe.
• Forgetting phishing can occur even from legitimate-looking addresses.

Do you have a question? Submit a ticket at...