Lazarus Group Exploits Chrome Zero-Day in Fake NFT Game; Cisco Addresses October 18 Breach and Multiple Vulnerabilities

The Lazarus Group has been reported to exploit a Google Chrome zero-day vulnerability in a new campaign that targets cryptocurrency users through a fake NFT game. Cisco has also been active in addressing security issues, having fixed multiple vulnerabilities, including a zero-day flaw that was actively exploited in brute-force attacks. The company confirmed a breach on October 18, affecting its public-facing DevHub environment, but stated that no internal systems were compromised. In addition, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Cisco ASA and FTD vulnerabilities, along with RoundCube Webmail bugs, to its Known Exploited Vulnerabilities catalog. Researchers have also discovered a command injection flaw in the Wi-Fi Alliance's test suite.