Loading latest cybersecurity news...
04/14/25
For over 20 years, websites could exploit the “:visited” CSS selector (purple links) to check which
links a user had clicked—essentially leaking parts of your browsing history.
Chrome 136 (currently in beta) fixes this privacy flaw by partitioning visited
link data by site and frame origin. Now, only the website where you clicked a link
will know it was visited. So, if you clicked a link on Website A, it turns purple only
on Website A—not on shady or unrelated sites trying to track you. This eliminates a
longstanding privacy issue used by attackers to spy on your history.
Chrome is the first browser to roll out this protection, and others are expected to follow.
If you want the fix now, enable the flag:
chrome://flags/#partition-visited-link-database-with-self-links
04/09/25
A pharmacist at the University of Maryland Medical Center is accused of running a decade-long cyberstalking campaign against 80 coworkers by using keyloggers and spyware on 400 hospital computers. He allegedly accessed private data and spied on victims via hacked home and work cameras. A lawsuit claims UMMC failed basic cybersecurity protections, enabling the breach. The hospital is cooperating with federal investigators and says it's "deeply disappointed" and hopes the suspect is held accountable.
04/07/25
Oracle has disclosed a second cybersecurity breach in a month. A hacker accessed a legacy system and stole old client login credentials—some as recent as 2024. The attacker tried to sell the data online and demanded extortion payment. Oracle informed affected customers and said the compromised system hasn't been in use for eight years, downplaying the risk. The FBI and CrowdStrike are investigating. This breach is separate from another recent incident involving Oracle's healthcare clients.
04/03/25
A critical vulnerability has been discovered in Canon printer drivers (v3.12 and earlier), affecting Generic Plus PCL6, UFR II, LIPS4, LIPSLX, and PS drivers. The flaw, found in EMF Recode processing, allows attackers to execute arbitrary code by exploiting an out-of-bounds memory access. This issue is particularly dangerous due to its potential use in Bring Your Own Vulnerable Driver (BYOVD) attacks, enabling privilege escalation and security bypasses. Canon has acknowledged the risk and is releasing patched drivers via its official websites. Users should update their drivers immediately and implement security measures such as network segmentation and Endpoint Detection and Response (EDR) solutions to mitigate potential threats.
04/01/25
Google has announced a major update to Gmail that allows enterprise users to send end-to-end encrypted (E2EE) emails to any inbox, starting with Gmail users within the same organization and expanding to all Gmail users and other email inboxes later this year. This update eliminates the need for custom software or encryption certificates, using client-side encryption (CSE) to encrypt emails before they are transmitted or stored. When sending E2EE emails to non-Gmail users, they will receive an invitation to view the message in a secure, restricted version of Gmail. This approach provides enhanced privacy and security while simplifying the encryption process for both IT teams and end users. The encryption keys are managed in the cloud, allowing organizations to control, revoke, and monitor access to the encrypted content.
03/31/25
The NSA warning stemmed from Russia’s GRU exploiting Linked Devices and Group Links in secure messaging apps like Signal, WhatsApp, and Telegram, allowing unauthorized access. While not flaws in the apps themselves, these features were manipulated to gain control over accounts. To mitigate risks, users should regularly check and remove unknown linked devices, disable group links in Signal, restrict group additions in WhatsApp, and avoid clicking unexpected links. Secure messaging depends not just on encryption but also on device security, making regular updates, cautious link-clicking, and strong PIN settings essential. While Signal remains the gold standard for private communication, WhatsApp’s widespread use, raises additional concerns about privacy and work-life boundaries.
03/28/25
A cyber campaign has compromised around 150,000 websites, injecting malicious JavaScript to redirect visitors to Chinese-language gambling platforms via iframe injections that display full-screen overlays. The attack uses JavaScript payloads hosted on domains like "zuizhongyj[.]com" and includes variants that impersonate legitimate betting sites like Bet365. This reflects a growing trend of client-side attacks with increased obfuscation to avoid detection. Additionally, a long-running malware operation, "DollyWay World Domination," has targeted over 20,000 websites, mostly WordPress sites, since 2016. It employs a distributed network of compromised sites to redirect visitors to scam pages using Traffic Direction System (TDS) nodes, leveraging traffic broker networks like VexTrio, and injecting PHP code to disable security plugins and steal admin credentials. Despite recent infrastructure changes, DollyWay remains adaptive, continuing to disrupt and evolve its attack methods.
03/25/25
A hacker gained access to NYU’s website for at least two hours on Saturday morning, exposing personal data of over 3 million applicants, including names, test scores, majors, zip codes, family details, and financial aid information dating back to 1989. The breached page displayed charts with NYU’s average admitted SAT scores, ACT scores, and GPAs, claiming the university continued affirmative action despite the 2023 Supreme Court ruling. The page also included four accessible CSV files with admissions data, demographic information, citizenship status, and Common Application data. NYU’s IT team quickly halted the breach, and law enforcement was notified. This follows a similar 2023 hack by a group called “Computer Niggy Exploitation,” which leaked over 7 million social security numbers from the University of Minnesota. This incident is part of a growing trend of data breaches at universities, including incidents at Stanford and Georgetown. NYU had previously condemned the Supreme Court’s affirmative action ruling, noting a decrease in enrollment of underrepresented minorities.
03/21/25
Operation Zero, a company that sells zero-day exploits exclusively to the Russian government and local companies, offers up to $4 million for vulnerabilities in Telegram, a popular messaging app in Russia and Ukraine. The company seeks one-click and zero-click remote code execution (RCE) exploits, with prices reflecting their value in covert cyber operations. This suggests a strong interest from Russian government agencies in exploiting Telegram, especially given Ukraine’s ban on the app for government personnel due to security concerns. Experts note that these prices may be lower than the actual resale value, as Operation Zero is likely to charge significantly more when selling the exploits to its clients.
03/18/25
Over 100 car dealership websites were compromised in a supply chain attack via LES Automotive, a shared video service. The attackers used the ClickFix technique, tricking users into executing malicious commands by faking reCAPTCHA prompts. This led to the deployment of SectopRAT malware via PowerShell. The attack, linked to Russian-speaking cybercriminals, dynamically injected malicious scripts while sometimes serving benign versions.
