Aggregator

A vulnerability was found in Google Chrome on Android and classified as critical. Affected by this issue is some unknown functionality of the component Navigation. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is handled as CVE-2025-0435. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Payments. The manipulation leads to clickjacking. This vulnerability is known as CVE-2025-0442. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The Justice Department announced on Tuesday that, alongside international partners, the FBI deleted “PlugX” malware from thousands of infected computers worldwide. As described in court documents unsealed in the Eastern District of Pennsylvania, a group of hackers sponsored by the People’s Republic of China (PRC), known to the private sector as “Mustang Panda” and “Twill Typhoon,” used a version of PlugX malware to infect, control, and steal information from victim computers. According to court documents, … More →

The post FBI removed PlugX malware from U.S. computers appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in Google Chrome. Affected is an unknown function of the component Fenced Frames. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-0441. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google Chrome. This issue affects some unknown processing of the component Frames. The manipulation leads to race condition. The identification of this vulnerability is CVE-2025-0439. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. This vulnerability affects unknown code of the component Tracing. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-0438. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

既要精确度又要分析效率？滚！

A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-0480. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Детальный обзор уникальных технологических новинок: роботы-компаньоны, электронная соленая ложка и бесструнная гитара. Все самые интересные инновации с главной технологической выставки года.

A vulnerability was found in Google Chrome. It has been rated as critical. Affected by this issue is some unknown functionality of the component Metrics. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-0437. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #474965 / VDB-291915

Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend against advanced intrusion techniques by operationalizing expanded cloud logs. 

The playbook details analytical methodologies tied to using these logs. Specifically, the playbook offers:

• An overview of the newly introduced logs in Microsoft Purview Audit (Standard) that enable organizations to conduct forensic and compliance investigations by accessing critical events (e.g., mail items accessed, mail items sent, and user searches in SharePoint Online and Exchange Online). 
• A description of administration/enabling actions and ingestion of these logs to Microsoft Sentinel and Splunk Security Information and Event Management (SIEM) systems. 
• A discussion of significant events in other M365 services, such as Teams. 

CISA encourages organizations to use the playbook to make newly available logs an actionable part of their enterprise cybersecurity operations. 

The security provider published mitigation measures to prevent exploitation

A vulnerability was found in Google Chrome on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Fullscreen. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2025-0440. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

2018人教版

A vulnerability was found in Google Chrome. It has been classified as critical. Affected is an unknown function of the component Skia. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-0436. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Минцифры напомнило о дедлайне подачи заявок.

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The threat actor used AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) for encryption, then demanded the payment of […]

A vulnerability was found in UpdraftPlus Plugin up to 1.24.12 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-0215. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component V8. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-0434. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.