Search results for Chromium Android extensions | Breaking Cybersecurity News | The Hacker News

Microsoft today finally released the first new reborn version of its Edge browser that the company rebuilds from scratch using Chromium engine, the same open-source web rendering engine that powers Google's Chrome browser. However, the Chromium-based Edge browser builds haven't yet entered the stable or even the beta release; instead, Microsoft has released two testing-purpose preview builds for developers. Both previews build— "Canary"  that will be updated daily, and "Developer"  that will be updated every week—are now available for download from the Microsoft's new Edge insider website . Here's how Microsoft differentiates Canary and Developer builds: "Every night, we produce a build of Microsoft Edge — if it passes automated testing, we'll release it to the Canary channel. We use this same channel internally to validate bug fixes and test brand new features. The Canary channel is truly the bleeding edge, so you may discover bugs...

Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, eventually enabling remote attackers to identify unpatched devices and exploit known vulnerabilities. The vulnerability, which has not yet given any CVE number, is an information disclosure bug that resides in the way the Google Chrome for Android generates 'User Agent' string containing the Android version number and build tag information, which includes device name and its firmware build. This information is also sent to applications using WebView and Chrome Tabs APIs, which can be used to track users and fingerprint devices on which they are running. For example: Mozilla/5.0 (Linux; Android 5.1.1; Nexus 6 Build/LYZ28K ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.34 Mobile Safari/537.36 Yakov Shafranovich, a contributor at Nightwatch Cybersecurity firm, initially reported this issue to Google three years a...

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn't just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can become an entry point if it's left unpatched or overlooked. Here's a clear look at the week's biggest risks, from exploited network flaws to new global campaigns and fast-moving vulnerabilities. ⚡ Threat of the Week Flaws in Multiple Network Security Products Come Under Attack — Over the past week, Fortinet , SonicWall , Cisco , and WatchGuard said vulnerabilities in their products have been exploited by threat actors in real-world attacks. Cisco said attacks exploiting CVE-2025-20393, a critical flaw in AsyncOS, have been abused by a China-nexus advanced persistent threat (APT) actor cod...

Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something's wrong. This week's stories aren't just about what was attacked—but how easily it happened. If we're only looking for the obvious signs, what are we missing right in front of us? Here's a look at the tactics and mistakes that show how much can go unnoticed. ⚡ Threat of the Week Apple Zero-Click Flaw in Messages Exploited to Deliver Paragon Spyware — Apple disclosed that a security flaw in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, CVE-2025-43200, was addressed by the company in February as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. The Citizen Lab said it u...

German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as  Kimsuky  using rogue browser extensions to steal users' Gmail inboxes. The  joint advisory   comes  from Germany's domestic intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea's National Intelligence Service (NIS). The intrusions are designed to strike "experts on the Korean Peninsula and North Korea issues" through spear-phishing campaigns, the agencies noted. Kimsuky , also known Black Banshee, Thallium, and Velvet Chollima, refers to a  subordinate element  within North Korea's Reconnaissance General Bureau and is known to "collect strategic intelligence on geopolitical events and negotiations affecting the DPRK's interests." Primary targets of interest include entities in the U.S. and South Korea, particularly singling out individuals working within the government, military...

A new powerful rootkit-enabled spyware operation has been discovered wherein hackers are distributing multifunctional malware disguised as cracked software or trojanized app posing as legitimate software like video players, drivers and even anti-virus products. While the rootkit malware—dubbed Scranos —which was first discovered late last year, still appears to be a work in progress, it is continuously evolving, testing new components and regularly making an improvement to old components, which makes it a significant threat. Scranos features a modular design that has already gained capabilities to steal login credentials and payment accounts from various popular services, exfiltrate browsing history and cookies, get YouTube subscribers, display ads, as well as download and execute any payload. According to a 48 page in-depth report Bitdefender shared with The Hacker News prior to its release, the malware gains persistence on infected machines by installing a digitally-signed ...

Tech giant Microsoft on Tuesday shipped fixes to quash  64 new security flaws  across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to  16 vulnerabilities  that Microsoft addressed in its Chromium-based Edge browser earlier this month. "In terms of CVEs released, this Patch Tuesday may appear on the lighter side in comparison to other months," Bharat Jogi, director of vulnerability and threat research at Qualys, said in a statement shared with The Hacker News. "However, this month hit a sizable milestone for the calendar year, with MSFT having fixed the 1000th CVE of 2022 – likely on track to surpass 2021, which patched 1,200 CVEs in total." The actively exploited vulnerability in question is  CVE-2022-37969  (CVSS score: 7.8), a privilege e...

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It's assessed that the malware is being propagated through counterfeit installers for games and VPN applications that are uploaded to file-sharing sites such as Mediafire and Discord. SEA is a feature that allows Node.js applications to be packaged and distributed as a standalone executable, even on systems without Node.js installed. "Both approaches are effective for distributing Node.js-based malware, as they allow execution without requiring a pre-installed Node.js runtime or additional dependencies," security researchers Eduardo Altares and Joie Salvio said in a report shared with The Hacker News. On a dedicated website, the...

Microsoft on Tuesday rolled out its monthly security updates with  fixes for 51 vulnerabilities  across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated Important and one is rated Moderate in severity, making it one of the rare Patch Tuesday updates without any fixes for Critical-rated vulnerabilities. This is also in addition to  19 more flaws  the company addressed in its Chromium-based Edge browser. None of the security vulnerabilities are listed as under active exploit, while of the flaws —  CVE-2022-21989  (CVSS score: 7.8) — has been classified as a publicly disclosed zero-day at the time of the release. The issue concerns a privilege escalation bug in Windows Kernel, with Microsoft warning of potential attacks exploiting the shortcoming. "Successful exploitation of this vulnerability requires an attacker to...

Microsoft's  Patch Tuesday update  for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity. While none of the vulnerabilities are listed as actively exploited, three of them are publicly known at the time of release. It's worth pointing out that Microsoft separately  addressed 21 flaws  in the Chromium-based Microsoft Edge browser earlier this month. All the three critical vulnerabilities remediated this month are remote code execution flaws impacting HEVC Video Extensions ( CVE-2022-22006 ), Microsoft Exchange Server ( CVE-2022-23277 ), and VP9 Video Extensions ( CVE-2022-24501 ). The Microsoft Exchange Server vulnerability, which was reported by researcher Markus Wulftange, is also noteworthy for the fact that it requires the attacker to be authenticated to ...

In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the decisions you make now will shape your organization's resilience for years to come. This isn't just a threat roundup; it's the strategic context you need to lead effectively. Here's your full weekly recap, packed with the intelligence to keep you ahead. ⚡ Threat of the Week New HybridPetya Ransomware Bypasses UEFI Secure Boot — A copycat version of the infamous Petya/NotPetya malware dubbed HybridPetya has been spotted. But no telemetry exists to suggest HybridPetya has been deployed in the wild yet. It also differs in one key respect: It can compromise the secure boot featu...