software
Mozilla warns users to update Firefox before certificate expires
Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company’s root certificates. The Mozilla certificate is set to expire this Friday, March 14, 2025, and was used to sign content, including add-ons for various Mozilla […]
New Chirp tool uses audio tones to send messages between devices
A new open-source tool named ‘Chirp’ transmits data, such as text messages, between computers (and smartphones) through different audio tones. The tool, developed by cybersecurity researcher solst/ICE, maps each character into a specific sound frequency and plays it along with real-time visualization. Other microphone-equipped computers running Chirp may capture the sound and translate the message back into […]
Open-source tool ‘Rayhunter’ helps users detect Stingray attacks
The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. Stingray devices mimic legitimate cell towers to trick phones into connecting, allowing them to capture sensitive data, accurately geolocate users, and potentially intercept communications. With the release […]
Firefox continues Manifest V2 support as Chrome disables MV2 ad-blockers
Mozilla has renewed its promise to continue supporting Manifest V2 extensions alongside Manifest V3, giving users the freedom to use the extensions they want in their browser. Manifest V3 is a Google-developed browser extension specification aimed at making add-on functionality in web browsers safer by restricting overly permissive network requests and remote content loading. Despite […]
Australia bans all Kaspersky products on government systems
The Australian government has banned all Kaspersky Lab products and web services from its systems and devices following an analysis that claims the company poses a significant security risk to the country. “After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government […]
Apiiro unveils free scanner to detect malicious code merges
Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two tools consist of a comprehensive ruleset for Semgrep and Opengrep designed to detect malicious code patterns with minimal false positives and PRevent, a GitHub-integrated scanner, […]
Brave now lets you inject custom JavaScript to tweak websites
Brave Browser is getting a new feature called ‘custom scriptlets’ that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience. The new feature is coming in Brave Browser version 1.75 for the desktop and is very similar to the popular TamperMonkey and GreaseMonkey browser extensions, which allow users to create […]
Signal will let you sync old messages when linking new devices
Signal is finally adding a new feature that allows users to synchronize their old message history from their primary iOS or Android devices to newly linked devices like desktops and iPads. The transfer process is fully end-to-end encrypted, ensuring privacy and data security. It will employ a QR code verification step to ensure the action […]
Bitwarden makes it harder to hack password vaults without MFA
Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. When a potentially suspicious login attempt is detected, like from an unrecognized device, the user will now prompted to confirm the action by entering a verification code […]
Malicious PyPi package steals Discord auth tokens from devs
A malicious package named ‘pycord-self’ on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The package mimics the highly popular ‘discord.py-self,’ which has nearly 28 million downloads, and even offers the functionality of the legitimate project. The official package is a Python […]