Edge

A new variant of the 'SHub' macOS infostealer, dubbed Reaper, uses AppleScript to display a fake security update message and install a backdoor, ultimately stealing browser data, financial documents, and cryptocurrency wallet information while bypassing Terminal-based mitigations in macOS.

This rule detects potential exploitation of the InstallerTakeOver vulnerability (CVE-2021-41379), where successful exploitation allows an unprivileged user to escalate privileges to SYSTEM.

Multiple vulnerabilities in Microsoft Edge and Microsoft Edge for Android can allow an attacker to perform privilege escalation, cause a data breach, and bypass security policies.

CVE-2026-7928 is a use-after-free vulnerability in the WebRTC component of Chromium, affecting Google Chrome and Microsoft Edge (Chromium-based) and potentially allowing for arbitrary code execution.

CVE-2026-7925 is a use-after-free vulnerability in the Chromoting component of Google Chrome, also affecting Microsoft Edge.

CVE-2026-7914 is a type confusion vulnerability in the Accessibility component of Chromium, also affecting Microsoft Edge.

CVE-2026-7906 is a use-after-free vulnerability in the SVG component of Chromium, also affecting Microsoft Edge.

A use-after-free vulnerability in the ANGLE graphics engine within Chromium (CVE-2026-7359) allows for potential exploitation in Google Chrome and Microsoft Edge.

A heap buffer overflow vulnerability exists in the WebRTC component of Google Chrome and Microsoft Edge (Chromium-based), potentially leading to code execution.

CVE-2026-7355 is a use-after-free vulnerability in the Media component of Chromium, affecting Google Chrome and Microsoft Edge, potentially allowing for arbitrary code execution.

CVE-2026-7357 is a use-after-free vulnerability in the GPU component of Chromium that also affects Microsoft Edge, potentially leading to arbitrary code execution.

CVE-2026-7333 is a use-after-free vulnerability in the GPU component of Chromium, affecting Google Chrome and Microsoft Edge, potentially leading to arbitrary code execution.

CVE-2026-7348 is a use-after-free vulnerability in the Codecs component of Chromium, affecting Google Chrome and Microsoft Edge.

CVE-2026-7349 is a use-after-free vulnerability in the Cast component of Chromium, affecting Google Chrome and Microsoft Edge.

CVE-2026-7338 is a use-after-free vulnerability in the Cast component of Chromium, affecting Google Chrome and Microsoft Edge, potentially leading to arbitrary code execution.

CVE-2026-7353 is a heap buffer overflow vulnerability in the Skia graphics library used by Chromium, affecting both Google Chrome and Microsoft Edge.

Adversaries may embed a malicious command in an MSC file in order to trick victims into executing malicious commands, leading to initial access and execution of arbitrary code.

Attackers may attempt credential theft by launching browsers (Chrome, Edge) with remote debugging, headless automation, or minimal arguments from an unusual parent process on Windows systems.

Attackers modify the Windows registry to disable SmartScreen prompt overrides, potentially allowing users to bypass security warnings and execute harmful content, leading to system compromise.

Attackers modify registry run keys or startup keys to achieve persistence by referencing a program that executes when a user logs in or the system boots.

Detects DNS queries to commonly abused remote monitoring and management (RMM) or remote access software domains from non-browser processes, potentially indicating unauthorized remote access or command and control activity.

Detection of DNS-over-HTTPS (DoH) being enabled via registry modifications on Windows systems, potentially indicating defense evasion and obfuscation of network activity by masking DNS queries.

Attackers masquerade malicious executables as legitimate business application installers to trick users into downloading and executing malware, leveraging defense evasion and initial access techniques.