A malicious campaign involving a Google-featured fake extension has compromised more than 900,000 Chrome users, according to researchers at OX Security. Two rogue browser add-ons, disguised as AI chat assistants, secretly collected conversations from ChatGPT and DeepSeek, as well as users’ full browsing histories. The fake extensions cloned the interface of AITOPIA, a legitimate AI […]
Veeam patches critical RCE flaws in its latest Backup & Replication software release, aiming to neutralize a group of high-severity vulnerabilities recently uncovered in the platform. The company issued emergency security updates to prevent potential exploitation of these weaknesses, urging all users to apply the fixes immediately. The vulnerabilities posed risks that could allow remote […]
A critical remote code execution flaw is actively hitting a number of D-Link legacy routers, exposing users to serious cyber threats. Attackers are exploiting a vulnerability identified as CVE-2026-0625, which carries a CVSS score of 9.3. The flaw stems from improper input sanitization on the routers’ ‘dnscfg.cgi’ endpoint, allowing unauthenticated remote actors to inject system-level […]
A new phishing campaign targeting European hospitality businesses uses fraudulent reservation emails posing as Booking.com communications. This booking scam deploys DCRat through a multi-stage infection chain that starts with spoofed travel cancellations and leads to full system compromise, researchers at Securonix revealed. Dubbed PHALT#BLYX, the campaign tricks hotel staff with urgent emails showing fake charges […]
Google Chrome fixes a WebView vulnerability with an urgent security patch addressing CVE-2026-0628, a high-severity flaw that risked bypassing key browser protections. The issue affects the “WebView” tag component, which allows developers to embed web content within applications. Attackers could exploit this flaw to sidestep established security restrictions, creating potential exposure for end users. The […]