Malicious content exists online. It's one thing to recognize them and steer clear, and it's another thing not to know them at all. Malware still exists; no one can deny it. Add that to the number of vulnerabilities that we learn about almost all the time, and then you can conclude that cyber defenders deserve all the credit that might go their way.
While you were reading the last paragraph, you should already have a good idea of what we are about to discuss. Let's begin.
Most Parked Domains Now Serving Malicious Content
Once upon a time, when I land on parked domains (either via typo or just that the website "moved on"), I tend to see a few links or a notice that the domain is for sale. Thanks to Brian Krebs, we are learning that such domains can now serve malicious content. Based on the information from the article, there are two ways one can help themselves in this situation: web browser bookmarks of your favorite web browsers and using a VPN
From the article:
David Brunsdon, a threat researcher at Infoblox, said the parked pages send visitors through a chain of redirects, all while profiling the visitor’s system using IP geolocation, device fingerprinting, and cookies to determine where to redirect domain visitors.
“It was often a chain of redirects — one or two domains outside the parking company — before threat arrives,” Brunsdon said. “Each time in the handoff the device is profiled again and again, before being passed off to a malicious domain or else a decoy page like Amazon.com or Alibaba.com if they decide it’s not worth targeting.”
GhostPoster Firefox Extensions Hide Malware in Icons
When I read articles like this, it makes me think twice before installing a web browser extension. The excerpt below briefly explains the type of extensions and how they evade detection.
The extensions pose as free VPN services, ad blockers, translation tools, and weather forecast apps, but instead deploy a multi-stage payload that monitors users’ activities, disables security protections, and enables remote code execution (RCE).
The extension’s developer used steganography to hide after that marker a loader that reaches a remote command-and-control (C&C) server to retrieve an encrypted payload.
Browser extensions with 8 million users collect extended AI conversations
Like the previously reviewed article, this is also about web browser extensions. This time on the Chrome Web Store. How do you know if you are affected?
Here is how:
“Anyone who used ChatGPT, Claude, Gemini, or the other targeted platforms while Urban VPN was installed after July 9, 2025 should assume those conversations are now on Urban VPN’s servers and have been shared with third parties,” the company said. “Medical questions, financial details, proprietary code, personal dilemmas—all of it, sold for ‘marketing analytics purposes.'”
UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks
The fairly good news about this attack is that it requires physical access to the device. Anything else, as with all vulnerabilities, it's not a good thing.
Here is what's going on:
The problem is that during the boot process the firmware indicates that direct memory access (DMA) protections are enabled, when in reality the IOMMU is not properly configured and activated until immediately before control is handed over to the operating system.
This allows an attacker who has physical access to the targeted system to use a malicious PCIe device to conduct a DMA attack.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)