Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

November Linux Patch Wednesday

November Linux Patch Wednesday. In November, Linux vendors began fixing 516 vulnerabilities, one and a half times fewer than in October. Of these, 232 are in the Linux Kernel. One vulnerability is exploited in the wild: đŸ”» MemCor – Chromium (CVE-2025-13223). Added to CISA KEV on November 19. For 64 more vulnerabilities, public or suspected [
]

Alexander V. Leonov
Open in Source
#sql#vulnerability#web#linux#apache#js#samba#auth#chrome#blog
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign. "While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting

Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices

SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control.

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used to attack people. Every day, there's a new story that shows how quickly things are

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator is its ability to bypass encrypted messaging," ThreatFabric said in a report shared with The Hacker News. "By capturing content directly from the device screen after decryption, Sturnus can monitor

Mac users warned about new DigitStealer information stealer

DigitStealer is a new infostealer built for macOS, and it stands out for being smarter than most. Here's how it works and how to stay safe.

Chrome zero-day under active attack: visiting the wrong site could hijack your browser

Google has released an update to patch two high-severity vulnerabilities, one of which is already under active exploitation.

CVE-2025-13224: Chromium: CVE-2025-13224 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 142.0.3595.90 11/18/2025 142.0.7444.176

CVE-2025-13223: Chromium: CVE-2025-13223 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 142.0.3595.90 11/18/2025 142.0.7444.176