Google recently announced the release of Chrome 127 to the stable channel with patches for 24 vulnerabilities, including 16 reported by external researchers.  Memory safety bugs were the predominant types of security defects addressed in the popular browser, accounting for half of the externally reported issues, including four high-severity ones.

"FLUXROOT," a Latin America (LATAM)-based financially motivated actor, has used Google Cloud serverless projects to conduct credential phishing, bringing further attention to the abuse of cloud computing. In another attack on Brazilian users, an adversary named "PINEAPPLE" has used Google's cloud infrastructure to spread "Astaroth" stealer malware, also known as "Guildma." This article continues to discuss the abuse of Google Cloud by FLUXROOT and PINEAPPLE hacker groups.

ESET researchers have found a sophisticated Chinese browser injector. This signed ad-injecting driver comes from a "mysterious" Chinese company. According to ESET, "HotPage" comes self-contained in an executable file, which installs its main driver and injects libraries into Chromium-based browsers. It poses as a security product capable of blocking ads but actually introduces new ads. In addition, the malware replaces the content of the current page, redirects the user, and more. This article continues to discuss findings regarding the ad-injecting malware.

CrowdStrike warns of a fake recovery manual that installs a new information-stealing malware called "Daolpu." Threat actors have been taking advantage of the chaos surrounding the buggy CrowdStrike Falcon update that caused global Information Technology (IT) outages. A new campaign involves phishing emails appearing to carry instructions for using a new recovery tool that fixes Windows devices affected by the recent CrowdStrike Falcon crashes. This article continues to discuss findings regarding the fake CrowdStrike recovery manual that installs Daolpu.

Karel Dhondt and Victor Le Pochat, researchers at KU Leuven, found that many dating apps may leak users' sensitive data and exact locations. They analyzed 15 location-based dating apps to determine what user data a malicious actor could steal. All 15 apps leaked sensitive user data that attackers could abuse. This article continues to discuss findings regarding the privacy and security of the analyzed dating apps.

Symantec found that the Chinese espionage group "Daggerfly," also known as "Evasive Panda" and "Bronze Highland," has updated its malware toolkit to target most major operating systems. Recent developments show that the group is using a shared framework to target Windows, Linux, macOS, and Android OS. Researchers saw the group using new malware in recent attacks on organizations in Taiwan and a US NGO based in China. This article continues to discuss findings regarding the Daggerfly group.

Trend Micro reports that the "Play" ransomware group now has a Linux variant targeting VMWare ESXi environments. The Play ransomware, discovered in June 2022, is known for its sophisticated double-extortion tactics, custom tools, and significant impact on organizations, especially in Latin America. As Trend Micro reported last week, this is the first instance of Play ransomware targeting ESXi environments. This article continues to discuss the expansion of the Play ransomware to ESXi environments.

ESET warns that Telegram for Android was exploited to distribute malware disguised as videos. The cybersecurity company identified the vulnerability after finding an advertisement for a zero-day exploit targeting Telegram for Android on a cybercrime forum. The exploit is believed to have been developed using the Telegram Application Programming Interface (API), enabling developers to upload crafted multimedia files to Telegram chats or channels programmatically.

In January 2024, the Industrial Control System (ICS) malware "FrostyGoop" disrupted systems at a municipal district energy company in the Ukrainian city of Lvivy. The attacked facility provides central heating to 600 apartment buildings, so residents were left without heat. This article continues to discuss findings regarding the FrostyGoop ICS malware.

SecurityWeek reports "FrostyGoop ICS Malware Left Ukrainian City's Residents Without Heating"

According to Microsoft, CrowdStrike's faulty software update, which caused massive Information Technology (IT) outages worldwide, affected 8.5 million Windows devices. Microsoft has released a USB tool to help IT administrators repair Windows clients and servers impacted by the CrowdStrike Falcon agent issue. This article continues to discuss the number of Windows devices impacted by the faulty software update from CrowdStrike and the tool published by Microsoft to help administrators through the recovery process.