Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

Google SecOps SOAR Server 安全漏洞

Google SecOps SOAR Server is a security platform from Google, Inc USA. A security vulnerability exists in Google SecOps SOAR Server that stems from insufficient code validation of uploaded Python packages, which could lead to remote code execution...

MAL-2025-190978 Malicious code in nanoreset (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d98d973ab73f5753f101bf681c2916dd61b81ae036a3519f76e17321ba9e2ef The package nanoreset was found to contain malicious code. Source: ghsa-malware fc12f8a503d7dbf0bae6b335d8ea61ae3e1c8e6ec42e415cc48b4ab536180c8e Any...

EUVD-2025-18662

Malicious code in bioql PyPI...

CVE-2025-9918

CVE-2025-9918 describes a Path Traversal vulnerability in the archive extraction component of Google SecOps SOAR Server, affecting version 6.3.54.0, 6.3.53.2 and earlier. An authenticated attacker with import-use-case permissions can achieve Remote Code Execution by uploading a malicious ZIP arch...

How to spot the latest fake Gmail security alerts

Security alerts from tech companies are supposed to warn us when something might be amiss—but what if the alerts themselves are the risk? Scammers have long impersonated tech companies' security and support staff as a way to sniff out users' login credentials, and reports suggest that they're doi...

Google ChromeOS Out-of-Bounds Read Vulnerability

Google ChromeOS is an operating system from the American company Google. Google ChromeOS suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a virtual machine to escape...

Empowering SecOps in the cloud: enhancing threat detection with Wiz and Google Security Operations

Wiz announces integration with Google Security Operations to help SecOps teams identify critical cloud security issues...

Google Fixes Nearly 100 Android Security Issues

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023...

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat...

Vulnerability Researchers: Check out The Critical Thinking Podcast

Today, The Wordfence Bug Bounty Program was featured on an episode of the Critical Thinking Podcast, a top resource and community for bug bounty researchers. Critical Thinking is a podcast focused on ethical hacking and security analysis and is described as a “by Hackers for Hackers podcast focus...

Google Android suffers from an unspecified vulnerability (CNVD-2023-9767435)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause denial of service attacks...

CVE-2023-3497

Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. Chromium security severity: Medium...

CVE-2023-3497

Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. Chromium security severity: Medium...

Design/Logic Flaw

Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. Chromium security severity: Medium...

Google Android Out-of-Bounds Write Vulnerability (CNVD-2023-52816)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause remote code execution without additional execute privileges...

Debian: Security Advisory (DLA-128-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans

The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire,...

Slackware: Security Advisory (SSA:2014-356-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2013-0349)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...