Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

5 Best VPN Services (2025), Tested and Reviewed

Every VPN says it’s the best, but only some of them are telling the truth.

Wired
Open in Source
#web#ios#android#mac#windows#apple#google#linux#chrome#firefox#wifi
CVE-2025-47967: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.

Hackers Hide RMM Installs as Fake Chrome Updates and Teams Invites

New research from Red Canary and Zscaler shows phishing lures now drop RMM tools like ITarian and Atera,…

⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More

In a world where threats are persistent, the modern CISO’s real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the

HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks

Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character

AI browsers or agentic browsers: a look at the future of web surfing

Agentic and AI browsers are here: What are they? Which ones are there? How can they help me? Are they safe to use?

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges. "

CVE-2025-10201: Chromium: CVE-2025-10201 Inappropriate implementation in Mojo

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.66 09/11/2025 140.0.7339.133

CVE-2025-10200: Chromium: CVE-2025-10200 Use after free in Serviceworker

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.66 09/11/2025 140.0.7339.133

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts

Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. The malvertising campaign, per Bitdefender, is designed to push fake "Meta Verified" browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37 malicious ads