7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users
Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage.
Admission of War Crime by Pete Hegseth Parallels Nazi Germany
The Defense Secretary’s account of a war crime has shifted dramatically, and suspiciously, over five days: Date Who Claim Friday Hegseth “Fake news.” Does not deny “kill everybody” order. Sunday Trump “Pete said that…
Russia Wants This Mega Missile to Intimidate the West, but It Keeps Crashing
One of Vladimir Putin’s favorite sabers to rattle seems to have lost its edge.
U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Framework flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Android Framework flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Google’s new Android update patched 107 vulnerabilities, including two already […]
Defensive Security Podcast Episode 331B
Reposting Episode 331 due to the wrong mp3 attached to the original.
Want to be the first to hear our episodes each week? Become a Patreon donor here.
Links to this week’s stories:
https://cloud.google.com/blog/topics/threat-intelligence/un…
Everest Ransomware Claims ASUS Breach and 1TB Data Theft
Everest ransomware group claims it breached ASUS, stealing over 1TB of data including camera source code. ASUS has been given 21 hours to respond via Qtox.
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests.
Defensive Security Podcast Episode 331
Want to be the first to hear our episodes each week? Become a Patreon donor here.
Links to this week’s stories:
https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations
https://www.theregister.com/…
Proxyearth Tool Lets Anyone Trace Users in India with Just a Mobile Number
Proxyearth is a new site that shows names, Aadhaar numbers, and live locations of users in India using only mobile numbers, raising serious privacy and security concerns.
Google’s latest Android security update fixes two actively exploited flaws
Google’s latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google’s new Android update patches 107 vulnerabilities, including two already exploited in the wild, across system, kernel, and major vendor components. Here’s a concise summary under 160 characters: December’s Android update offers two patch levels (12-01, […]