logo
episode-header-image
Jan 2025
24m 44s

A cute cover for a dangerous vulnerabili...

N2K Networks
About this episode

Nati Tal, Head of Guardio Labs, sits down to share their work on “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking.

Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing the alarming tactics modern threat actors employ to exploit trusted platforms.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next
Today
Cybercrime has a hefty price tag.
UK police make multiple arrests in the retail cyberattack case. French authorities arrest a Russian basketball player at the request of the U.S. A German court declares open season on Meta’s tracking pixels. The European Union unveils new rules to regulate artificial intelligence ... Show More
35m 48s
Yesterday
Plug-ins gone rogue.
Patch Tuesday. An Iranian ransomware group puts a premium on U.S. and Israeli targets. Batavia spyware targets Russia’s industrial sector. HHS fines a Texas Behavioral Health firm for failed risk analysis. The Anatsa banking trojan targets financial institutions in the U.S. and C ... Show More
29m 52s
Jul 8
Memory leaks and login sneaks.
Researchers release proof-of-concept exploits for CitrixBleed2. Grafana patches four high-severity vulnerabilities. A hacker claims to have breached Spanish telecom giant Telefónica. Italian police arrest a Chinese man wanted by U.S. authorities for alleged industrial espionage. ... Show More
30m 50s
Recommended Episodes
Mar 2025
Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations: Wednesday, March 19, 2025
Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations In this episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues including the exploitation of a server-side request forgery (SSRF) vulnerability in OpenAI's Chat ... Show More
8m 10s
Jan 2025
Cybersecurity Today: Browser Exploits, U.S. Treasury Breach & CrowdStrike's Comeback: Monday, January 6, 2024
In this episode, we delve into the latest cybersecurity threats and developments. We cover a new double click exploit that bypasses browser protections and a massive compromise affecting millions of Chrome users through infected extensions. Additionally, we discuss the U.S. Treas ... Show More
10m 5s
Jun 20
Exposing Cybersecurity Threats: Breaches, Vulnerabilities, and Evolving Malware
In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365’s enterprise security as foreign government hackers compromised the email accounts of journ ... Show More
14m 28s
May 14
Mark's and Spencer Data Breach, Vulnerable Routers, Fortinet Exploits, and New Ransomware Threats
In this episode of Cybersecurity Today, host Jim Love covers recent cybersecurity incidents including a data breach at Mark's and Spencer, the FBI's alert on outdated routers being exploited, and critical Fortinet vulnerabilities actively used in attacks. Additionally, the episod ... Show More
8m 38s
Feb 2025
Two Vulnerabilities Compromised OpenSSH Safety: Cyber Security Today for February 20, 2025
Cyber Security Today: OpenSSH Vulnerabilities and Black Stash's Stolen Cards In this episode, host Jim Love discusses two significant OpenSSH vulnerabilities that risk man-in-the-middle and denial-of-service attacks. The hacker group Black Stash has released 4 million stolen cred ... Show More
6m 55s
Dec 2024
OpenAI's for-profit plan includes a PBC, Hackers injected malicious code into several Chrome extensions, and Apple just dropped 8 minutes of Severance season 2
OpenAI's for-profit plan includes a public benefit corporation which would strip the company's non-profit of its oversight role, Hackers injected malicious code into several Chrome extensions in a recent attack, and Apple just dropped the first eight minutes of Severance season t ... Show More
7m 28s
May 9
Critical Cybersecurity Breaches: OneDrive Default Settings, PowerSchool Ransom, and DOGE Staffer Compromises
In this episode of Cybersecurity Today, host Jim Love discusses recent cybersecurity breaches and vulnerabilities. Key topics include a security flaw in the new default setting of Microsoft OneDrive, a ransom incident involving PowerSchool that compromised student data, and the b ... Show More
11m 50s
Jul 7
Ingram Micro Ransomware Attack and the Rise of Linux SSH Server Compromises
In this episode of Cybersecurity Today, host David Shipley discusses the recent Safe Play ransomware attack on technology distributor Ingram Micro, exploring its impact and ongoing recovery efforts. The script also examines a new campaign targeting misconfigured Linux servers to ... Show More
10m 41s
Listen to millions of songs and podcasts on Anghami