CrowdStrike Achieves FedRAMP Authorization for New Modules

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. “Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response

Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.

Iran has throttled internet access in the country in a purported attempt to hamper Israel’s ability to conduct covert cyber operations, days after the latter launched an unprecedented attack on the country, escalating geopolitical tensions in the region. Fatemeh Mohajerani, the spokesperson of the Iranian Government, and the Iranian Cyber Police, FATA, said the internet…

The regime’s cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.

Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. “Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate…

Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.