Samsung announces major security and privacy updates for upcoming Galaxy smartphones.
Posted inCybersecurity News

Samsung announces major security and privacy updates for upcoming Galaxy smartphones.

Samsung Electronics has unveiled a comprehensive suite of security and privacy upgrades for its upcoming Galaxy smartphones. These enhancements will be introduced with the launch of One UI 8, Samsung’s latest software interface based on Android 16, and are designed to address the evolving landscape of mobile threats while supporting the company’s expanding portfolio of AI-powered features.
A newly discovered vulnerability, Count(er) Strike, enables unauthorized users to extract sensitive data from the widely used ServiceNow service management suite.
Posted inCybersecurity News

A newly discovered vulnerability, Count(er) Strike, enables unauthorized users to extract sensitive data from the widely used ServiceNow service management suite.

A newly discovered vulnerability in ServiceNow, dubbed "Count(er) Strike, allows low-privileged—and in some cases, unauthenticated—users to extract sensitive data from ServiceNow tables, even when they should have no access to that information. With thousands of organizations relying on ServiceNow for workflow automation and sensitive business processes, the potential impact is especially concerning.
A New Android vulnerability, TapTrap, bypasses Android protections using an ingenious invisible user interface.
Posted inCybersecurity News

A New Android vulnerability, TapTrap, bypasses Android protections using an ingenious invisible user interface.

A newly uncovered Android vulnerability, dubbed TapTrap, is raising concerns among cybersecurity experts for its ability to bypass Android’s permission system using a highly deceptive invisible user interface (UI) technique. This attack, developed by researchers at TU Wien and the University of Bayreuth, leverages UI animations to trick users into performing sensitive actions—such as granting permissions or even wiping their devices—without their knowledge.
U.S. sanctions North Korean member of the Andariel hacking group for his role in fraudulent IT worker scheme.
Posted inCybersecurity News

U.S. sanctions North Korean member of the Andariel hacking group for his role in fraudulent IT worker scheme.

The U.S. Department of the Treasury recently imposed sanctions on Song Kum Hyok, a North Korean cyber operative linked to the notorious Andariel hacking group. This action targets his central role in orchestrating a fraudulent IT worker scheme that generated illicit revenue for the North Korean regime, supporting its weapons of mass destruction (WMD) and ballistic missile programs.
An Iranian Ransomware-as-a-Service operation has reappeared, promising to target U.S. and Israeli entities.
Posted inCybersecurity News

An Iranian Ransomware-as-a-Service operation has reappeared, promising to target U.S. and Israeli entities.

An Iranian ransomware-as-a-service (RaaS) operation with direct ties to a government-backed cyber group has reemerged after nearly five years of inactivity, posing a renewed threat to organizations in the United States and Israel. The group, operating under the name Pay2Key.I2P, is actively recruiting cybercriminals and offering substantial financial incentives to affiliates who successfully compromise high-value targets.
Researchers discover 18 malicious browser extensions that remain accessible on Chrome and Edge web stores.
Posted inCybersecurity News

Researchers discover 18 malicious browser extensions that remain accessible on Chrome and Edge web stores.

A recent investigation by the security team at Koi Security has brought to light a significant threat affecting millions of internet users. The team identified a coordinated campaign involving 18 malicious browser extensions that remain accessible on both the Google Chrome and Microsoft Edge web stores. These extensions have collectively impacted over 2.3 million users, making this one of the most extensive browser hijacking operations in recent years.
Malware researchers – here’s how to download a browser extension without installing it.
Posted inLabs and Lessons

Malware researchers – here’s how to download a browser extension without installing it.

Downloading a browser extension without immediately installing it can be useful for offline installation, security analysis, or archival purposes. While most users add extensions directly through their browser’s web store, there are several professional methods to obtain the extension package file—typically a .crx file for Chrome and Edge—without triggering installation. Below, we outline the most effective approaches.