"Chrome extensions can steal plain text passwords from websites."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 03 September 2023, 1349 UTC.  Content provided by ""

Source: ("").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (

Chrome extensions can steal plaintext passwords from websites

  • A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code.

  • Money Extortion

Fake YouPorn extortion scam threatens to leak your sex tape

  • A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down.

  • NPM

Yes, there's an npm package called @(-.-)/env and some others like it

  • Strangely named npm packages like -, @!-!/-, @(-.-)/env, and --hepl continue to exist on the internet's largest software registry. While not all of these may necessarily pose an obvious security risk, some were named before npm enforced naming guidelines and could potentially break tooling.

  • WordPad

Microsoft is killing WordPad in Windows after 28 years

  • Microsoft announced today that it will deprecate WordPad with a future Windows update as it's no longer under active development, though the company did not specify the precise timing of this change.

  • VMware

Exploit released for critical VMware SSH auth bypass vulnerability

  • Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network Insight).

  • Windows 11

Microsoft reminds of Windows 11 21H2 forced updates before end of service

  • Microsoft has reminded customers that systems running Windows 11 21H2 will be force-updated before reaching the end of servicing next month.

  • Microsoft

Microsoft retires Visual Studio for Mac, support ends in a year

  • Microsoft has announced it is retiring Visual Studio for Mac and that support for the latest version, 17.6, will continue for another year, until August 31, 2024.

  • Callaway

Golf gear giant Callaway data breach exposes info of 1.1 million

  • Topgolf Callaway (Callaway) suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers.

  • Sourcegraph

Sourcegraph website breached using leaked admin access token

  • AI-powered coding platform Sourcegraph revealed that its website was breached this week using a site-admin access token accidentally leaked online on July 14th.

  • Forever21

Forever 21 data breach: hackers accessed info of 500,000

  • Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had their personal information exposed to network intruders.

  • Lazarus

Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks

  • North Korean state-sponsored hackers have uploaded malicious packages to the PyPI (Python Package Index) repository, camouflaging one of them as a VMware vSphere connector module named vConnector.

  • Hacker screens

LogicMonitor customers hacked in reported ransomware attacks

  • Network monitoring company LogicMonitor confirmed today that some users of its SaaS platform have fallen victim to cyberattacks.

  • Key Decryptor Unlock

Free Key Group ransomware decryptor helps victims recover data

  • Researchers took advantage of a weakness in the encryption scheme of Key Group ransomware and developed a decryption tool that lets some victims to recover their files for free.

  • Russian Android

GRU hackers attack Ukrainian military with new Android malware

  • Hackers working for the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, more commonly known as the GRU, have been targeting Android devices in Ukraine with a new malicious framework named 'Infamous Chisel.

  • Credit Cards

Classiscam fraud-as-a-service expands, now targets banks and 251 brands

  • The "Classiscam" scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before.


Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.