FISA

Source: The Hacker News A new wave of malicious Chrome extensions is putting millions of users at risk by masquerading as trusted tools like Fortinet VPN, YouTube utilities, and productivity boosters. Despite their appearance, these add-ons are anything but helpful. Once installed, they silently exfiltrate browser cookies, act as proxies for remote servers, and give attackers direct control over a user’s online traffic. Researchers at DomainTools uncovered that many of these extensions—some of which remained available on the Chrome Web Store until recently—were built to appear benign while executing advanced data theft operations behind the scenes. The fake “fortivpn” extension, for example, compressed and encrypted all browser session cookies and transmitted them to a command-and-control server, a tactic more commonly associated with advanced persistent threat actors [1]. The distribution campaign is unusually sophisticated. Threat actors have registered more than 100 convincing domai...

  As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in a report shared with The Hacker News. This translates to 45 security flaws that have been weaponized in real-world attacks within a day of disclosure. Fourteen other flaws have been exploited within a month, while another 45 flaws were abused within the span of a year. The cybersecurity company said a majority of the exploited vulnerabilities have been identified in content management systems (CMSes), followed by network edge devices, operating systems, open-source software, and server software. The breakdown is as follows - Content Management Systems (CMS) (35) Network Edge Devices (29) Operating Systems (24) Open Source Software (14) Server Software (14) The leadin...