MAL-2026-4865 Malicious code in @car-loans/close-flow-module (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.178/179 for Windows/Mac and 148.0.7778.178 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.167/168 for Windows/Mac and 148.0.7778.167 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Stable Channel Update for Desktop

The Stable channel has been updated to 147.0.7727.137/138 for Windows/Mac and 147.0.7727.137 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Stable Channel Update for Desktop

The Stable channel has been updated to 147.0.7727.116/117 for Windows/Mac and 147.0.7727.116 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.177/178 for Windows/Mac and 146.0.7680.177 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.164/165 for Windows/Mac and 146.0.7680.164 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.80 for Windows/Mac and 146.0.7680.80 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept restricted...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Updated 2026-03-13: The previous version of these notes...

CVE-2026-30796 RustDesk Server Pro API Requires Address Book Password in Plaintext for Sync Protocol

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Address book sync API modules allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling...

Scam Guard for desktop: A second set of eyes for suspicious moments

Scams aren’t so obvious anymore. They're well-written, have working grammar, and can lead victims to very convincing branded webpages. Scammers increasingly use AI tools to clone sites and create highly sophisticated scams at scale, so don't expect to rely on spotting obvious typos anymore. That’...

CVE-2026-21517

Improper link resolution before file access 'link following' in Windows App for Mac allows an authorized attacker to elevate privileges locally...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 145 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 145.0.7632.45 Linux 145.0.7632.45/46 Windows/Mac contains a number of fixes and improvements -- a list of changes is availab...

Stable Channel Update for Desktop

The Stable channel has been updated to 144.0.7559.96/.97 for Windows/Mac and 144.0.7559.96 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept restrict...

Stable Channel Update for Desktop

The Stable channel has been updated to 143.0.7499.146/.147 for Windows/Mac and 143.0.7499.146 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. 2025-12-12: Updated to include more details for bug number 466192044 Security Fixe...

CVE-2025-12385 Improper validation of <img> tag size in Text component parser

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...

Stable Channel Update for Desktop

The Stable channel has been updated to 141.0.7390.122/.123 for Windows and Mac and 141.0.7390.122 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. 2025-10-24: Updated to correct the security bugs included in the release...

EUVD-2013-0661

Malware in sbrugna...

EUVD-2017-14187

Malware in sbrugna...