Some browser extension permissions are too broad, and owners can quickly repurpose pre-approved capabilities for malicious intent, a security researcher told CyberScoop.

Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.

Ransomware groups last year achieved lateral movement within an average of 48 minutes after gaining initial access to targeted environments, threat intelligence experts said.

Federal prosecutors accuse Cameron Wagenius of searching how to defect to Russia before he tried to sell stolen data to a foreign intelligence service.

The vulnerability, described by a researcher as “bad programming,” allows an attacker to send unlimited connection requests through ChatGPT’s API.

The credentials are likely for future phishing and spam campaigns, Sysdig researchers said.

The Qilin ransomware operation first emerged in July 2022 after rebranding a previous variant known as Agenda and rewriting the malware in Rust.

Censys cybersecurity researchers find medical devices, login portals, and health records floating online.

The new malware identified by Morphisec is named after an old internet mystery: Cicada3301.

The OpenSSH bug represents the latest high-profile vulnerability to affect the open-source software ecosystem.