Falsifying and weaponizing certified PDFs
Certified PDFs are supposed to control modifications so that recipients know they haven’t been tampered with. It doesn’t always work.
Update your Chrome again as Google patches second zero-day in two weeks
Google has patched its second Chrome zero-day in two weeks. Users are urgently advised to update their browser.
Rocket Loader skimmer impersonates CloudFlare library in clever scheme
URLs can be deceiving, but the one used to mimic CloudFlare’s Rocket Loader in the latest Magecart attack takes it to a whole new level.
Domen toolkit gets back to work with new malvertising campaign
We describe the latest malvertising campaign that uses Domen, an advanced social engineering toolkit.
Magecart Group 4: A link with Cobalt Group?
Malwarebytes threat intel partnered with security firm HYAS to connect the dots between Magecart Group 4 and the advanced threat group Cobalt.
Magecart criminals caught stealing with their poker face on
This blog post details the curious case of a web skimmer encountered in a poker application.
A week in security (June 24 – 30)
A roundup of cybersecurity news from June 24–30, including top malicious web campaigns, updates on the GreenFlash Sundown exploit, a Malwarebytes initiative to double down on stalkerware detection and awareness, and more.
Google logins: JavaScript now required
Google now requires users to enable JavaScript before logging in for extra security measures. But wait, hasn’t JavaScript been used in cyberattacks? We take a look at the impact of Google’s decision.
Mass WordPress compromises redirect to tech support scams
Thousands of WordPress sites have been injected with the same malicious redirection. We review the infection details and the malicious traffic leading to browser lockers.
What is regex? Regular expressions explained
What is regular expression (regex) and what makes it vulnerable to attack? Learn how to use regex safely and avoid ReDoS attacks in the process.
