Google has released Chrome version 137.0.7151.55/56 to the stable channel for Windows, Mac, and Linux, addressing 11 security vulnerabilities. This update includes critical patches for memory corruption issues and API implementation flaws

A new wave of ransomware and extortion attacks is targeting the US retail sector, with threat intelligence suggesting the involvement of the advanced threat actor group Scattered Spider (UNC3944).

Researchers have identified a surge in malicious `.desktop` files targeting Linux systems. These files exploit standard desktop behaviors to execute hidden commands and download malware.

Reports by Google Cloud and Trellix indicate there is growing collaboration between nation-state actors and cybercriminal networks for help with initial access and the use of custom malware sold on underground forums.

Russian hackers exploited vulnerabilities in Safari and Chrome to launch cyberattacks from November 2023 to July 2024. They used a watering hole attack on Mongolian government websites to infect mobile users with malware, stealing information.

The recent campaigns targeting various sectors, including the energy and government sectors, highlight the effectiveness of known vulnerabilities even with available patches, emphasizing the importance of proactive software security measures.

A new campaign has been discovered with similarities to a previous campaign, including the use of social media sites to build rapport with targets. The threat actors then engage in encrypted messaging and send a malicious file with a 0-day exploit.

Android 14 introduces new security measures to mitigate the risks associated with 2G networks, allowing users and enterprises to disable 2G connectivity and protect against potential attacks.

The shift towards zero-click exploits and new browser mitigations has led to a decrease in browser zero-days, but attackers are still finding ways to exploit vulnerabilities in other components.

Chrome Browser Cloud Management offers extension management capabilities and reporting to enable organizations to control extension usage and mitigate potential security risks.