fixed
-
Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data or achieve code execution. Mozilla released security updates to fix two critical vulnerabilities in the Firefox browser that could be potentially exploited to access sensitive data or achieve code execution. “This week at the security hacking competition pwn2own, security researchers…
-
A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google Chrome’s Loader, which attackers can use to make the browser leak cross-origin data that can be…
-
Jenkins, the widely used automation server for CI/CD pipelines, has released a critical security advisory addressing several vulnerabilities in popular plugins. These flaws-ranging from authentication bypasses to cross-site scripting-could allow attackers to compromise Jenkins environments, bypass authentication, or gain elevated privileges. The security updates bring essential patches for affected plugins, but in some cases, no…
-
Google released emergency security updates to fix a Chrome vulnerability that could lead to full account takeover. Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. The security researcher Vsevolod Kokorin (@slonser_) discovered the vulnerability, which stems from an insufficient policy enforcement in…
-
SecurityWeek reports that updates have been issued by Ivanti to address a pair of zero-day vulnerabilities in its Endpoint Manager Mobile offering, which have been chained in ongoing attacks that were confirmed to have impacted very few of its customers.
-
SecurityWeek reports that updates have been issued by Ivanti to address a pair of zero-day vulnerabilities in its Endpoint Manager Mobile offering, which have been chained in ongoing attacks that were confirmed to have impacted very few of its customers.
-
SonicWall addressed three SMA 100 flaws, including a potential zero-day, that could allow remote code execution if chained. SonicWall patches three SMA 100 vulnerabilities (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821), including a potential zero-day, that could be chained by a remote attacker to execute arbitrary code. The first flaw, tracked as CVE-2025-32819 (CVSS score of 8.8), is…
-
Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that renders fonts (thus, text) onto digital displays (e.g., screens) and is used across many platforms,…
-
Google addressed 46 Android security vulnerabilities, including one issue that has been exploited in attacks in the wild. Google’s monthly security updates for Android addressed 46 flaws, including a high-severity vulnerability, tracked as CVE-2025-27363 (CVSS score of 8.1), that has been exploited in the wild. The company did not disclose any details regarding the attacks…
-
* bsc#1235431 * bsc#1240840 Cross-References: * CVE-2024-56650
-
ASUS recently patched a vulnerability in routers enabled with AiCloud that could allow executing unauthorized… ASUS Fixed Critical Auth Bypass Vulnerability In AiCloud Routers on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
-
arXiv:2504.18497v1 Announce Type: new Abstract: Empirical inference attacks are a popular approach for evaluating the privacy risk of data release mechanisms in practice. While an active attack literature exists to evaluate machine learning models or synthetic data release, we currently lack comparable methods for fixed aggregate statistics, in particular when only a limited number of…
-
Microsoft is preparing to reintroduce Recall to Windows 11. A feature limited to Copilot+ PCs—a label that just a fraction of a fraction of Windows 11 systems even qualify for—Recall has been controversial in part because it builds an extensive database of text and screenshots that records almost everything you do on your PC. But…
-
The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The vulnerabilities, discovered and reported by security researchers Seth Kraft and Alex Tisdale, include: 1. A stored XSS vulnerability (CVE-2025-29471) in the web interface of Nagios Log Server that allows a standard…
-
Cobalt’s State of Pentesting Report 2025 reveals how GenAI security lags behind adoption.
-
Cobalt’s State of Pentesting Report 2025 reveals how GenAI security lags behind adoption.
-
WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute arbitrary code on your machine has been fixed in version 7.11. About CVE-2025-31334 WinRAR is an extremely popular file archiver utility for Windows. It can create and…
-
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857) is under active exploitation, but this should not be surprising: according to Statcounter, Chrome is…
-
Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Mozilla has released security updates to address a critical flaw, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Recently, Google addressed a similar vulnerability, tracked as CVE-2025-2783, in Chrome that has been actively exploited in the wild as a zero-day.…
-
Microsoft released the optional non-security update (KB5053657) to Windows 10 and 11 yesterday. These updates are typically intended The post Windows Print Glitch Fixed: KB5053657 appeared first on Cybersecurity News.