logo
episode-header-image
Jan 2025
24m 44s

A cute cover for a dangerous vulnerabili...

N2K Networks
About this episode

Nati Tal, Head of Guardio Labs, sits down to share their work on “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking.

Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing the alarming tactics modern threat actors employ to exploit trusted platforms.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next
Yesterday
A farmers market of stolen data.
Farmers Insurance discloses a data breach affecting over a million people. Agentic AI tools fall for common scams. A new bill in Congress looks to revive letters of marque for the digital age. Cybercriminals target macOS users with the Shamos infostealer. New Android spyware masq ... Show More
22m 12s
Aug 24
Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]
Please enjoy this encore of Career Notes. Senior Vice President and Executive in Residence with Rapid7 and Chairman for Cyversity, Julian Waits, grew up in the era of the Justice League and Superman and it shaped his career. Julian always wanted to do something where he could fin ... Show More
11m 4s
Aug 23
Beyond the smoke screen. [Research Saturday]
This week, we are joined by Dr. Renée Burton, VP of Infoblox Threat Intel, who is discussing their work on VexTrio, a notorious traffic distribution system (TDS) involved in digital fraud. The VexTrio investigation uncovers a massive global ad fraud and scam operation powered by ... Show More
22m 22s
Recommended Episodes
Mar 2025
Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations: Wednesday, March 19, 2025
Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations In this episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues including the exploitation of a server-side request forgery (SSRF) vulnerability in OpenAI's Chat ... Show More
8m 10s
Jul 14
Urgent Cyber Threats: Citrix Exploit, Fortinet RCE, and AI Vulnerabilities
In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability active ... Show More
17m 48s
Jan 2025
Cybersecurity Today: Browser Exploits, U.S. Treasury Breach & CrowdStrike's Comeback: Monday, January 6, 2024
In this episode, we delve into the latest cybersecurity threats and developments. We cover a new double click exploit that bypasses browser protections and a massive compromise affecting millions of Chrome users through infected extensions. Additionally, we discuss the U.S. Treas ... Show More
10m 5s
Jun 27
Max Severity Flaws, Massive Exploits, and AI Security: A Cybersecurity Briefing
In this episode of 'Cybersecurity Today,' host Jim Love discusses urgent cybersecurity threats and concerns. Cisco has issued emergency patches for two maximum severity vulnerabilities in its Identity Services Engine (ISE) that could allow complete network takeover; organizations ... Show More
11m 23s
Jun 20
Exposing Cybersecurity Threats: Breaches, Vulnerabilities, and Evolving Malware
In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365’s enterprise security as foreign government hackers compromised the email accounts of journ ... Show More
14m 28s
May 14
Mark's and Spencer Data Breach, Vulnerable Routers, Fortinet Exploits, and New Ransomware Threats
In this episode of Cybersecurity Today, host Jim Love covers recent cybersecurity incidents including a data breach at Mark's and Spencer, the FBI's alert on outdated routers being exploited, and critical Fortinet vulnerabilities actively used in attacks. Additionally, the episod ... Show More
8m 38s
Feb 2025
Two Vulnerabilities Compromised OpenSSH Safety: Cyber Security Today for February 20, 2025
Cyber Security Today: OpenSSH Vulnerabilities and Black Stash's Stolen Cards In this episode, host Jim Love discusses two significant OpenSSH vulnerabilities that risk man-in-the-middle and denial-of-service attacks. The hacker group Black Stash has released 4 million stolen cred ... Show More
6m 55s
Dec 2024
OpenAI's for-profit plan includes a PBC, Hackers injected malicious code into several Chrome extensions, and Apple just dropped 8 minutes of Severance season 2
OpenAI's for-profit plan includes a public benefit corporation which would strip the company's non-profit of its oversight role, Hackers injected malicious code into several Chrome extensions in a recent attack, and Apple just dropped the first eight minutes of Severance season t ... Show More
7m 28s
Listen to millions of songs and podcasts on Anghami