Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

October 13, 2025
No Comments

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users’ devices.
“Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer’s JavaScript

Leave a Reply Cancel reply

eSentire Uncovers “ChaosBot”: A Rust-Based Backdoor Hiding in Plain Sight on Discord October 13, 2025
In late September 2025, eSentire’s Threat Response Unit (TRU) found something new and dangerous. A Rust-based backdoor inside a financial services client’s network. They called it ChaosBot. ChaosBot uses Discord (the same chat service gamers and teenagers use every day) as its command center. A malefactor calling himself “chaos_00019” controlled it, sending instructions to infected […]
Kirsten Doyle
Civil Guard Arrests GoogleXcoder: The Brains Behind Spain’s Credential Theft Kits October 13, 2025
The Civil Guard has dismantled one of Spain’s most active phishing networks, arresting a 25-year-old Brazilian developer known online as “GoogleXcoder.” He stands accused of designing and selling phishing kits that allowed other criminals to mimic banks, government agencies, and public institutions. Since 2023, a slew of phishing attacks have swept across Spain. Bad actors […]
Kirsten Doyle
The Shadow AI Identity Crisis October 3, 2025
AI agents are no longer just a conceptual risk; they’ve landed and are storming the beach. From drafting code to executing business logic, these agents are autonomous and increasingly embedded into enterprise workflows. Tasked with responsibilities once reserved for humans, this growing class of shadow identities is acting with wide-ranging access, little oversight, and no […]
Eric Olden
The AI Democracy: How Defenders Can Thwart Attackers October 3, 2025
AI has transmuted the game for attackers and defenders within the past three years. Threat actors haven’t hesitated to adopt AI-powered methods. Defenders have the opportunity to respond in kind with AI-powered solutions. While emerging on the market, these solutions have yet to be adopted across the board. However, given the risks created by large […]
Katrina Thompson
Red Hat OpenShift AI Vulnerability Allows Attackers to Seize Infrastructure Control October 3, 2025
A newly disclosed security flaw in Red Hat Open Shift AI could allow attackers to escalate privileges and seize control of entire infrastructures – albeit under specific conditions. Tracked as CVE-2025-10725, the vulnerability carries a CVSS score of 9.9 out of 10, falling just short of the maximum severity rating. Red Hat has classified the […]
Josh Breaker Rolfe
Beyond Phishing: Why AI Is Critical in BEC Detection and Forensics October 2, 2025
Although business email compromise (BEC) and phishing are often included in the same breath, their differences extend beyond how they are launched to how they are caught. BEC requires deeper context-aware detection than basic phishing tools provide, and AI delivers that. BEC vs. Phishing: The Security Perspective From a practitioner’s point of view, stopping a […]
Katrina Thompson
Why ROT is a Risk Enterprises Shouldn’t Ignore October 2, 2025
While most enterprises have made ongoing investments in their tech infrastructure and processes to wring out vulnerabilities, many organisations are unknowingly clinging to a habit that’s quietly undermining their security posture: hoarding redundant, obsolete, and trivial (ROT) data. This forgotten clutter—scattered across servers, cloud drives, and legacy systems—serves no business purpose. However, it does some […]
Manuel Sanchez
Cyberattack Halts Asahi Group’s Operations in Japan October 1, 2025
Japan’s leading beverage company, Asahi, has suffered a significant disruption to its operations following a cyberattack that began on 29 September 2025. The attack has led to a complete system failure, halting production, order processing, shipping, and customer service activities across the company’s Japanese operations. Asahi said that there has been no confirmed leakage of […]
Kirsten Doyle
Phantom Taurus: A New Face in Chinese Espionage October 1, 2025
Researchers from Palo Alto’s Unit 42 say a suspected group of Chinese actors infiltrated email servers used by foreign ministries. The attackers accessed Microsoft Exchange systems and combed through messages related to diplomatic activities. The threat, dubbed “Phantom Taurus” targets governments and telecoms across Africa, the Middle East, and Asia. Its operations align closely with […]
Kirsten Doyle
AI Agents Open a New Front in Cybersecurity: ForcedLeak in Salesforce Agentforce September 30, 2025
Noma Labs has uncovered a severe flaw in Salesforce’s Agentforce platform. The chain of vulnerabilities, dubbed ForcedLeak, carried a CVSS score of 9.4 and exposed customer data to theft through indirect prompt injection and a loophole in Salesforce’s Content Security Policy. The weakness lay in how Agentforce (an autonomous AI agent) processed instructions. Unlike conventional […]
Kirsten Doyle

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

Leave a Reply Cancel reply

[email protected]

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Share :

Leave a Reply Cancel reply