The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
Threatpost
Security
MSHTML Flaw Exploited to Attack Russian Dissidents
A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.
MSHTML Flaw Exploited to Attack Russian Dissidents
A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.
Threatpost
Exchange Servers Speared in IcedID Phishing Campaign
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.
Exchange Servers Speared in IcedID Phishing Campaign
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.
Okta Says It Goofed in Handling the Lapsus$ Attack
“We made a mistake,” Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.
Threatpost
Critical Sophos Security Bug Allows RCE on Firewalls
The security vendor’s appliance suffers from an authentication-bypass issue.
Threatpost
DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
Threatpost