6 Google Chrome Extensions Expose User Information
Research reveals 6 widely used Google Chrome extensions unintentionally transmit user data over simple HTTP.
Research reveals 6 widely used Google Chrome extensions unintentionally transmit user data over simple HTTP.
SAP has fixed a critical NetWeaver vulnerability allowing attackers to bypass authorization checks and escalate their privileges. The post Critical Vulnerability Patched in SAP NetWeaver appeared first on SecurityWeek.
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — haveRead More »The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
Sensor manufacturer Sensata said a ransomware group had access to its network for more than a week and stole personal information. The post Sensitive Information Stolen in Sensata Ransomware Attack appeared first on SecurityWeek.
Google has stepped in to address a security flaw that could have made it possible to brute-force an account’s recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher “brutecat,” leverages an issue in the company’s account recovery feature. That said, exploitingRead More »Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account
Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released. The post Exploited Vulnerability Impacts Over 80,000 Roundcube Servers appeared first on SecurityWeek.
Google has awarded $5,000 to a researcher who found security holes that enabled brute-forcing the phone number of any user. The post Vulnerabilities Exposed Phone Number of Any Google User appeared first on SecurityWeek.
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries. “A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries,”Read More »Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
United Natural Foods has taken some systems offline after detecting unauthorized activity on its IT systems, causing disruptions to operations. The post Whole Foods Distributor United Natural Foods Hit by Cyberattack appeared first on SecurityWeek.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-32433 (CVSS score: 10.0) – ARead More »CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog