Security News
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this...
A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web...
PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Infosec In Brief A security researcher has found that Google could leak the email addresses of YouTube...
Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. [...]
Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the SYS01 information stealer, which grabs everything the attackers need to carry on with it endlessly.
YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements. Currently, YouTube performs client-side ad injection, where JavaScript scripts and the video player on a user's device load and display ads.
The issue began yesterday, and although it does not appear to impact everyone, it is far from isolated, with affected users reporting that it affects all YouTube videos. The reports come from users of ad blockers on both Chrome and Firefox, like Adblock Plus, as well as web browsers that have integrated ad-blocking systems, such as OperaGX. A first reported by 9to5Google, many users are accusing YouTube of intentionally causing this problem, as Google has begun cracking down on the use of ad blockers on YouTube over the past year.
Google fixes yet another Chrome zero-day exploited in the wildFor the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit. GitHub fixes maximum severity Enterprise Server auth bypass bugA critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub.
The threat research team discovered a significant spike in scams leveraging sophisticated tactics such as using deepfake technology, AI-manipulated audio synchronization, and hijacking of YouTube and other social channels to disseminate fraudulent content. While all social media is a natural breeding ground for scams, YouTube has become a significant channel for crime.