Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Update your Chrome today: Google patches 4 vulnerabilities including one zero-day

Google has issued a Chrome update to fix four high priority flaws including one zero-day, zero-click vulnerability.

Malwarebytes
Open in Source
#vulnerability#web#mac#windows#google#microsoft#linux#java#zero_day#chrome
Alex Ryan: From zero chill to quiet confidence

Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team.

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585, which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. Type confusion vulnerabilities can have severe consequences as they can be

GHSA-79hx-3fp8-hj66: DragonFly vulnerable to arbitrary file read and write on a peer machine

### Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain remote code execution (RCE) capabilities on the peer’s machine. ```golang file, err := os.OpenFile(t.DataFilePath, os.O_RDWR, defaultFileMode) if err != nil { return 0, err } defer file.Close() if _, err = file.Seek(req.Range.Start, io.SeekStart); err != nil { return 0, err } n, err := io.Copy(file, io.LimitReader(req.Reader, req.Range.Length)) ``` ### Patches - Dragonfy v2.1.0 and above. ### Workarounds There are no effective workarounds, beyond upgrading. ### References A third party security audit was performed by Trail of Bits, you can see the [full report](https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf). If ...

GHSA-4mhv-8rh3-4ghw: DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error

### Impact We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error (figures 9.1 and 9.2). This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug. ```golang request, err := source.NewRequestWithContext(ctx, parentReq.Url, parentReq.UrlMeta.Header) if err != nil { log.Errorf("generate url [%v] request error: %v", request.URL, err) span.RecordError(err) return err } ``` Eve is a malicious actor operating a peer machine. She sends a dfdaemonv1.DownRequest request to her peer Alice. Alice’s machine receives the request, resolves a nil variable in the server.Download method, and panics. ### Patches - Dragonfy v2.1.0 and above. ### Workarounds There are no effective workarounds, beyond upgrading. ### References A third party security audit was performed by Trail of Bits, you can see the [full report](https://g...

GHSA-8425-8r2f-mrv6: Dragonfly's directories created via os.MkdirAll are not checked for permissions

### Impact DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path already exists. This allows a local attacker to create a directory to be used later by DragonFly2 with broad permissions before DragonFly2 does so, potentially allowing the attacker to tamper with the files. Eve has unprivileged access to the machine where Alice uses DragonFly2. Eve watches the commands executed by Alice and introduces new directories/paths with 0777 permissions before DragonFly2 does so. Eve can then delete and forge files in that directory to change the results of further commands executed by Alice. ### Patches - Dragonfy v2.1.0 and above. ### Workarounds There are no effective workarounds, beyond upgrading. ### References A third party security audit was performed by Trail of Bits, you can see the [full report](https://github.com/dragonflyoss/dragonfly/blob/mai...

Can Codeless Testing Tools Detect Common Security Vulnerabilities?

Learn what Codeless Testing Tools are and how effective they are in detecting common security vulnerabilities, along with understanding their strengths and limitations.

Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims

Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going "dark." Threat intelligence firm ReliaQuest said it has observed indications that the threat actor has shifted their focus to the financial sector. This is supported by an increase in lookalike domains

Update your Apple devices to fix dozens of vulnerabilities

Apple has released security updates for all platforms to fix dozens of vulnerabilities which could give cybercriminals access to sensitive data.