Cyber Security Headlines Meta, Yandex take heat on browsing identifiers, Acreed malware makes gains, HPE warns of critical auth bypass
18 snips
Jun 4, 2025 Meta and Yandex face backlash for compromising Android users' web browsing anonymity. Meanwhile, Acreed malware rises as a leading threat, indicating shifting malware trends. In another crucial update, Hewlett Packard Enterprise warns of a significant authentication bypass vulnerability. These developments highlight the ongoing challenges in cybersecurity and the evolving tactics of cybercriminals.
AI Snips
Chapters
Transcript
Episode notes
Meta & Yandex De-Anonymize Users
- Meta and Yandex exploit Android browser communication to de-anonymize users by linking browsing data to app IDs.
- This bypasses Android and browser privacy protections using local host ports to harvest unique web identifiers.
Luma C2 Falls, A.CREED Emerges
- Luma C2 malware's dominance declined after law enforcement disrupted its operations in May.
- A new stealer, A.CREED, has quickly become the leading credential theft tool in Russian markets.
Critical Auth Bypass in HPE StoreOnce
- Hewlett Packard Enterprise patched eight vulnerabilities in StoreOnce, including a critical auth bypass scoring 9.8 CVSS.
- The auth flaw enables remote exploitation of multiple linked issues; upgrading is the only mitigation.