Google Warns of Chrome 0-Day Vulnerability Actively Exploited in the wild

Google released an emergency Chrome update to fix a high severity zero day vulnerability that is already being exploited. The Stable channel has been updated for Windows, macOS, and Linux, but technical details of the flaw are being withheld while mitigations roll out.

DeadLock Ransomware Deploys BYOVD EDR Killer by Exploiting Baidu Driver for Kernel-Level Defense Bypass

Researchers detailed a new ransomware strain called DeadLock that uses a Bring Your Own Vulnerable Driver technique to disable endpoint security tools before encryption. The actors load a legitimate but vulnerable Baidu Antivirus driver to gain kernel-level privileges and terminate security processes, leveraging CVE-2024-51324.

Petco Files Data Breach Reports and Blames Inadvertent Software Setting

Petco filed data breach reports with multiple US states, stating that a misconfigured software setting made customer personal information accessible online. State filings indicate the issue dates back to a July incident, with reporting thresholds suggesting the exposure affected at least hundreds of California residents.

Nessel Urges Consumers to Protect Their Personal Information Following 700Credit Data Breach

The Michigan Attorney General issued a public advisory after a cybersecurity incident at 700Credit LLC that exposed data on nearly 6 million people, including more than 160,000 Michigan residents. Compromised information collected through auto dealer financing processes includes names, addresses, Social Security numbers, and dates of birth, and affected individuals are being urged to take standard breach response steps such as credit monitoring and fraud alerts.

Inside the Rise of a 5,000-Domain Chinese Malware Empire and the AI Tech That Finally Caught Up

Analysts described a large scale malware distribution network that has expanded to nearly 5,000 domains since mid 2023, primarily targeting Chinese speaking users with fake software download sites. The infrastructure has diversified across multiple registrars and countries and delivers dozens of distinct malicious executables, with defenders increasingly relying on AI driven analysis to track and counter the operation.