Chrome & Firefox Patch Critical Flaws; Maverick Malware Active
How credentials get stolen in seconds, even with a script-kiddie-level phish
- Simple phishing attacks steal credentials quickly via fake login pages attached as .shtml files.
- Malicious .shtml pages leverage JavaScript to instantly transmit stolen credentials via a Telegram bot.
- Attackers bypass phishing servers using Telegram, making detection harder; use security tools, verify senders.
Source: Malwarebytes Labs | Date: November 11, 2025
WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks
- The 'Maverick' malware, distributed via WhatsApp messages, is designed to hijack browser sessions to facilitate fraudulent transactions targeting major Brazilian financial institutions.
- Once executed, Maverick steals authentication tokens and session cookies from browsers, effectively bypassing multi-factor authentication and allowing attackers to impersonate legitimate users.
- The campaign focuses on financial fraud, leveraging compromised browser sessions to initiate unauthorized Pix transfers and other illicit financial activities.
Source: The Hacker News | Date: November 11, 2025
Stolen iPhones are locked tight, until scammers phish your Apple ID credentials
- Scammers use phishing to bypass Apple's Activation Lock on stolen iPhones, accessing devices.
- Phishing messages mimic Apple, targeting displayed contact info to steal Apple ID credentials.
- Successful attacks unlock, wipe, resell devices; users should ignore unsolicited messages about lost phones.
Source: Malwarebytes Labs | Date: November 11, 2025
Firefox Releases Security Update to Fix Multiple Vulnerabilities Allowing Arbitrary Code Execution
- Mozilla has released a critical security update for Firefox, addressing multiple vulnerabilities that could allow arbitrary code execution.
- The update fixes issues including use-after-free errors and type confusion bugs within the browser engine, which could be triggered by specially crafted web content.
- Users are urged to update to Firefox version 145.0 or later immediately to mitigate the risk of these severe vulnerabilities.
Source: Cybersecurity News | Date: November 11, 2025
Google Chrome Stable Channel Update for Desktop Addresses Multiple High-Severity Flaws
- Google has released a Chrome stable channel update 129.0.6477.109 for Windows, Mac, and Linux, addressing a range of security vulnerabilities.
- The update resolves multiple high-severity flaws, including those in the V8 JavaScript engine and other core components, which could lead to arbitrary code execution or data exfiltration.
- Users are strongly advised to update their Chrome browsers to the latest version to apply these critical security patches and protect against potential exploits.
Source: Chrome Releases Blog | Date: November 12, 2025
ChromeOS Long Term Support (LTS) 138 Receives Security Release
- ChromeOS LTS 138 has received a security update, bringing it to version 138.0.7011.127 (Platform Version: 16003.88.0).
- This update includes the latest security fixes from the Chrome browser and critical patches specific to the ChromeOS environment, enhancing overall system integrity.
- Users on the LTS channel should ensure their devices are updated to this version to benefit from the latest protections against known vulnerabilities.
Source: Chrome Releases Blog | Date: November 12, 2025
References
- WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks - The Hacker News
- Firefox Releases Security Update to Fix Multiple Vulnerabilities Allowing Arbitrary Code Execution - Cybersecurity News
- Stable Channel Update for Desktop - Chrome Releases Blog
- ChromeOS Long Term Support (LTS) 138 Security Release - Chrome Releases Blog