Cybercriminals are using decoy browser update notifications to hide malicious software, according to cybersecurity firm Proofpoint. Threat actors are infecting genuine but susceptible websites with JavaScript featuring harmful payloads. Prompting users with legitimate-looking update notifications hides the malicious nature. The technique reportedly originated with threat actor TA569 and has been adopted by at least four other criminal groups, suggesting a rising trend.
Two Windows vulnerabilities, one a 0-day, are under active exploitation
Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed
