Linux Distros Unpatched Vulnerability : CVE-2025-10585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium...

Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed...

Russian Espionage Group Targets Ukrainian Military with Malware via Telegram

A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to target the Ukrainian military under the Telegram persona Civil Defense. Google's Threat Analysis Group TAG and Mandiant are tracking the activity under the name UNC581...

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D...

MGASA-2023-0283 Updated chromium-browser-stable package fixes bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 117.0.5938.92 release, fixing bugs and 31 vulnerabilities, together with 117.0.5938.92, 117.0.5938.88, 117.0.5938.62, 116.0.5845.187 and 116.0.5845.179. Google is aware that an exploit for CVE-2023-5217 exists in the wild. High...

About the security content of Safari 16.6.1

About the security content of Safari 16.6.1 This document describes the security content of Safari 16.6.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Google Reveals Alarming Surge in Russian Cyber Attacks Against Ukraine

Russia's cyber attacks against Ukraine surged by 250% in 2022 when compared to two years ago, Google's Threat Analysis Group TAG and Mandiant disclosed in a new joint report. The targeting, which coincided and has since persisted following the country's military invasion of Ukraine in February...

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the...

chromium -- Type confusion in V8

Chrome Releases reports: This release contains 1 security fix: 1394403 High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29 Google is aware that an exploit for CVE-2022-4262 exists in the wild...

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley She...

Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers

The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social...

Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops

Google’s Threat Analysis Group TAG has provided a rare look inside the operations of a cybercriminal dubbed “Exotic Lily,” that appears to serve as an initial-access broker for both Conti and Diavol ransomware gangs. Researchers’ analysis exposes the business-like approach the group takes to...

CVE-2021-1879

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been...

Exploit Details Emerge for Unpatched Microsoft Bug

New details have emerged about an unpatched security vulnerability in Microsoft’s Internet Explorer that was recently used in a complex campaign against security researchers. A fresh analysis from 0patch offers further insight into where the bug exists and how it can be triggered in real-world...

Introducing the In-the-Wild Series

This is part 1 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, head to the bottom of this post. At Project Zero we often refer to our goal simply as “make 0-day hard”. Members of the team approach this...

A Dozen Nation-Backed APTs Tap COVID-19 to Cover Spy Attacks

Cybercriminals have seized on the novel coronavirus as a theme in their attacks, and it turns out that the most sophisticated players on that scene are no exception. According to Google’s Threat Analysis Group TAG, more than a dozen nation-state-backed APTs are using the COVID-19 pandemic as a...

Microsoft Patches Two Win32k Bugs Under Active Attack

Microsoft released patches for two Win32k bugs actively under attack, along with fixes for four additional bugs that are publicly known, as part of its March Patch Tuesday security bulletin. The Win32k bugs are both elevation of privilege vulnerabilities, rated important, and tied to the way...