A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It […]
Author Archives: Onsite Computing, Inc.
Cybersecurity researchers have discovered a malicious package named “os-info-checker-es6” that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. “This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final Go […]
Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. […] Go to Source Author: Sergiu Gatlan
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. “Insufficient policy enforcement […]
Salary savings come with hidden costs, including insider threats and depleted cybersecurity defenses, conveying advantages to skilled adversaries, experts argue. Go to Source Author: Becky Bracken
A new study by researchers at Princeton University and Sentient shows it’s surprisingly easy to trigger malicious behavior from AI agents by implanting fake “memories” into the data they rely on for making decisions. Go to Source Author: Jai Vijayan, Contributing Writer
The security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against “a very limited number of customers” — for now — and stem from open source libraries. Go to Source Author: Rob Wright
Google is rolling out a change to Chromium that “de-elevates” Google Chrome so it does not run as an administrator to increase security in Windows. […] Go to Source Author: Mayank Parmar
Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. […] Go to Source Author: Sergiu Gatlan
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. “Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version […]