The WebXR Leak: A Hidden Browser Flaw Exposed Millions to Risk
A serious security vulnerability has recently been uncovered in the underlying technology powering most of the world’s web browsers, placing over four billion devices at risk of a data leak. The flaw was discovered by autonomous security specialist AISLE, which rated the issue as Medium severity (4.3). Despite its rating, the scale of exposure was enormous, as it affected all major browsers built on the Chromium code base—including Google Chrome, Microsoft Edge, Brave, and Opera.
U.S. Warns of Brickstorm Backdoor Malware Targeting U.S. Infrastructure
Federal cybersecurity officials have issued a warning about a stealthy backdoor known as Brickstorm, which Chinese state-sponsored hackers are deploying across critical infrastructure environments in the United States and Canada.
WordPress Sites Under Attack
A severe security flaw in the King Addons for Elementor WordPress plugin has come under active exploitation, putting thousands of websites at risk.
Nationwide Cyberattack Disrupts CodeRED Emergency Alert System
A nationwide cyberattack has compromised the OnSolve CodeRED emergency notification system, prompting cities and counties across the United States to warn residents and advise password changes. CodeRED, widely used by local governments, delivers urgent alerts during severe weather, evacuations, missing persons, and other emergencies.
New Android MaaS Threats Expand On-Device Fraud and Remote Control Capabilities
A new Android malware family called Albiriox is being sold under a malware-as-a-service model, offering extensive capabilities for on-device fraud, real-time device control, and screen manipulation. It targets more than 400 financial and cryptocurrency apps and spreads through dropper apps delivered via social engineering and obfuscation techniques.
OpenAI Confirms Mixpanel Breach: Limited API User Data Exposed, ChatGPT Unaffected
OpenAI has disclosed a data breach stemming from Mixpanel, a third-party analytics provider used to track API dashboard activity. The incident did not involve unauthorized access to OpenAI’s own systems; instead, an attacker compromised Mixpanel and exported metadata linked to API users. No passwords, API keys, chat data, or payment information were exposed.
Microsoft Teams Guest Access Leaves Organizations Exposed to Security Bypass Attacks
Microsoft Teams has become a staple of corporate communication, prompting companies to invest heavily in tools like Microsoft Defender for Office 365 to protect against phishing, malware, and malicious links.
Global Malvertising Campaign Exploits Trusted Software Installers
A major malvertising operation known as TamperedChef is tricking users worldwide into installing malware disguised as legitimate software installers. According to Acronis Threat Research Unit (TRU), attackers are deploying fake versions of common tools to establish persistent access and deliver a JavaScript-based backdoor for remote control. The campaign remains active, supported by search engine manipulation, fake ads, and abused digital certificates—all intended to boost credibility and evade security detection.
