Researchers say hackers have compromised the VoIP desktop client of 3CX's Phone System, used by 600K+ companies and 12M+ DAUs, in an ongoing supply chain attack
https://www.3cx.com/... Any vendor of software and services that pull in code from NPM, PIP, RubyGems etc … Eitan Erez : This supply chain attack started unfolding not long ago as 3CX VOIP desktop cl...
Financial cybercrime group the Disneyland Team is spoofing bank domains using Punycode, a standard that lets browsers render domains with non-Latin alphabets
Brian Krebs / Krebs on Security : Tweets: @briankrebs Tweets: @briankrebs : A financial crime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domai...
An investigation shows TrustCor Systems, used by Chrome, Safari, and Firefox as a root certificate authority, has connections to US intel and law enforcement
TrustCor Systems vouches for the legitimacy of websites. But its physical address is a UPS Store in Toronto. Tweets: @shashj , @josephmenn , @jvagle , @matthew_d_green , and @v0max Tweets: Shashank J...
A detailed look at how Facebook and Instagram for iOS open links with a custom in-app browser, letting Meta track every interaction including entering passwords
How the seemingly innocuous “in-app web browsers” on iOS/Android are a really bad thing, and a proposal for how to fix that. With a little web history thrown in. https://www.holovaty.com/... @katebeva...
A deep dive: how Apple uses iOS WebKit monopoly to strip-mine and sabotage the web, hurting all browser engine projects and draining the web of future potential
the only platform that actually supports Safari *and* competing browsers. @satefan : An open letter to Tim Cook signed by all iOS browsers builders (big and small), an alliance, writing code to prove ...
Russia has created its own trusted TLS certificate authority as sanctions prevent Russian sites from renewing existing TLS certificates
Yeah, RIGHT TechRadar : Russia creates its own TLS certificate authority to bypass sanctions Leigh Mc Gowran / Silicon Republic : Russia issues its own TLS certificates to get past global sanctions Ad...
Study: Microsoft Edge sends frequent hashed IDs tied to hardware to its back-end servers, making it one of the least private browsers available
Microsoft Edge is one of the least private web browsers — even more so than other popular browsers like Google Chrome and Mozilla Firefox — according to academic researchers.
Safari's Siri Suggested Websites feature found promoting conspiracy sites and misinformation; Apple says it removes any inappropriate suggestions when notified
Apple's Safari, one of the internet's most popular web browsers, has been surfacing debunked conspiracies, shock videos …
The open web can't flourish if vendors don't work towards closing the rendering performance gap between desktop and mobile web browsers
The mobile web sucks — I hate browsing the web on my phone. — I do it all the time, of course — we all do. Just looking at the stats for The Verge …