This weekly threat roundup covers a range of active attack techniques including browser vulnerabilities, tools designed to disable endpoint detection and response (EDR) software, a botnet targeting smart TVs, an OpenBSD security flaw, and Android trojan malware. Many of these threats exploit familiar weaknesses — weak credentials, malicious downloads, overprivileged browser extensions, and vulnerable WordPress installations. The breadth of this week’s threats highlights that attackers continue to have success with well-understood tactics that organisations have yet to fully mitigate.

Security Architect’s Take: Audit browser extension permissions across your estate and enforce allow-listing policies, and ensure EDR solutions are protected against tampering via vendor-specific anti-tamper controls — ransomware groups actively targeting EDR tools means your detection capability itself is part of your attack surface.

Original advisory: ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More