Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Google Will Use AI to Guess People’s Ages Based on Search History

Plus: A former top US cyber official loses her new job due to political backlash, Congress is rushing through a bill to censor lawmakers’ personal information online, and more.

Wired
Open in Source
#vulnerability#web#google#git#intel
OpenAI kills “short-lived experiment” where ChatGPT chats could be found on Google

OpenAI removed a short-lived experiment that allowed ChatGPT users to make their conversations discoverable by search engines

Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach

Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.

Trump Administration and Big Tech want you to share your health data

The Trump Administration is working with 60 companies on a plan to have Americans voluntarily upload their healthcare and medical data.

The Booker Prize Longlist and Hacker Summer Camp

This week Bill connects the hype of literary awards to cybersecurity conference season. We highlight key insights from the Q2 2025 IR Trends report, including phishing trends, new ransomware strains, and top targeted sectors. Finally, check out all the places Talos will be at Black Hat.

Browser Extensions Can Exploit ChatGPT, Gemini in ‘Man in the Prompt’ Attack

Man in the Prompt attack shows how browser extensions can exploit ChatGPT, Gemini and other AI tools to steal data or inject hidden prompts.

Cybersecurity Trends 2025: What’s Really Coming for Your Digital Defenses

Cybersecurity trends in 2025 reveal rising AI threats, quantum risks, and supply chain attacks, pushing firms to adapt or face major data and financial losses.

GHSA-7h24-c332-p48c: vproxy Divide by Zero DoS Vulnerability

### Summary Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state. ### Details Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL value. If an attacker supplies a TTL of zero (e.g. by using a username such as 'configuredUser-ttl-0'), the modulo operation 'timestamp % ttl' will cause a division by zero panic, causing the server to crash causing a denial-of-service. The code assumed to be responsible for this can be found here: https://github.com/0x676e67/vproxy/blob/ab304c3854bf8480be577039ada0228907ba0923/src/extension.rs#L173-L183 ### PoC 1. Download and run the latest version of vproxy 2. Send a cUrl request like the following, adjusting address and port as necessary: ```curl -x "http://test-ttl-0:test@127.0.0.1:8101" https://google.com``` 3. Wait for a cUrl error indicating "Proxy CONNECT aborted...

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

Google has announced that it's making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims' accounts and gain