Google has unveiled support for the V8 Sandbox in its Chrome web browser, aiming to combat memory corruption issues. According to Samuel Groß, the V8 Security technical lead, the sandbox prevents the spread of memory corruption within the host process. 

Described as a lightweight, in-process sandbox for the JavaScript and WebAssembly engine, the V8 Sandbox mitigates common vulnerabilities....

Malicious advertisements and counterfeit websites have become conduits for disseminating two distinct types of stealer malware, notably Atomic Stealer, targeting users of Apple's macOS operating system. Jamf Threat Labs has released a report highlighting ongoing attacks aimed at extracting sensitive data from macOS users. The attackers behind these campaigns employ diverse methods to compromise victims' Macs, stealing valuable...

A recent phishing campaign targets U.S. organizations, aiming to deploy the NetSupport RAT, a remote access trojan. Tracked by Israeli cybersecurity firm Perception Point as Operation PhantomBlu, this campaign employs a sophisticated method by exploiting Microsoft Office's Object Linking and Embedding (OLE) template manipulation to execute malicious code, avoiding detection. NetSupport RAT, derived from the legitimate tool NetSupport Manager,...

Cybersecurity researchers have identified critical vulnerabilities within the third-party plugin ecosystem for OpenAI ChatGPT, shedding light on potential avenues for threat actors to exploit and gain unauthorized access to sensitive data. Recent findings from Salt Labs highlight security flaws within the ChatGPT platform itself and its accompanying plugin infrastructure, posing significant risks to user privacy and data...

The U.S. Department of Justice (DoJ) has unveiled charges against Linwei Ding, a 38-year-old Chinese national, and a California resident, for their alleged involvement in stealing proprietary information from Google while clandestinely collaborating with two Chinese tech firms. The indictment alleges that Ding, a former Google engineer, clandestinely siphoned off sensitive trade secrets to his account, facilitating the Chinese companies'...

A U.S. judge has mandated that NSO Group relinquish its source code for Pegasus and other remote access trojans to Meta as part of Meta's ongoing legal dispute with the Israeli spyware vendor.

This decision represents a significant legal triumph for Meta, which initiated the lawsuit in October 2019, accusing NSO Group of exploiting its infrastructure to distribute spyware to roughly 1,400...

Meta Platforms has disclosed a comprehensive set of measures aimed at curtailing the activities of eight companies operating within the surveillance industry across Italy, Spain, and the United Arab Emirates. These actions were detailed in Meta's Adversarial Threat Report for the fourth quarter of 2023 and were specifically designed to address the proliferation of spyware targeting devices running iOS, Android, and Windows operating systems. The...

Since early 2023, a clandestine threat group known as ResumeLooters has been systematically targeting employment agencies and retail companies, predominantly located within the Asia-Pacific (APAC) region. This group's nefarious activities, previously undocumented, have caught the attention of cybersecurity experts at Singapore-based Group-IB. Their analysis reveals a sophisticated operation aimed at stealing sensitive data for financial...

Google has launched a new pilot program in Singapore aimed at bolstering security measures against the installation of certain Android apps that exploit permissions to gain unauthorized access to sensitive data and one-time passwords. This initiative, integrated into Google Play Protect, seeks to automatically block the installation of such apps when users attempt to download them from external sources like web browsers, messaging apps, or file...

Chinese users face a targeted malvertising campaign through malicious Google ads promoting restricted messaging apps like Telegram. Malwarebytes' Jérôme Segura revealed that threat actors exploit Google advertiser accounts to create these deceptive ads, leading users to download Remote Administration Trojans (RATs). The ongoing campaign, known as FakeAPP, is a continuation of a prior assault that initially targeted Hong Kong users searching for...