Security researchers recently uncovered a PowerShell script posted on Pastebin that was purpose-built to steal Telegram session data from both desktop and web clients. Masquerading as a benign “Windows Telemetry Update,” the script quietly collects host metadata, locates Telegram session stores, compresses them into an archive, and exfiltrates the file to an attacker-controlled Telegram bot. The discovery is notable less
Tag: threat hunting
Chrome 0‑Day Under Active Attack: CVE‑2026‑2441 — What You Need to Do Now
Google has released an emergency patch for a high‑severity zero‑day in Chrome after confirming active exploitation in the wild. Tracked as CVE‑2026‑2441, the vulnerability is a use‑after‑free bug in Chrome’s CSS handling that can enable remote code execution when a user visits crafted web content. How the flaw works CVE‑2026‑2441 arises from improper lifecycle management of objects in the rendering