-
Google has released Chrome 140 to the stable channel for Windows, Mac, and Linux. This update will roll out to users over the coming days and weeks. The new version, 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, delivers several sec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released a critical Android Security Bulletin for September 2025, addressing multiple high-severity vulnerabilities that are currently being actively exploited in the wild. The security patch level 2025-09-05 or later is …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed remote code execution (RCE) vulnerability in Microsoft’s IIS Web Deploy toolchain has captured industry attention after the release of a public proof-of-concept. Tracked as CVE-2025-53772, this flaw resides in the unsafe deserializati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical security flaws discovered in Mobile Security Framework (MobSF) version 4.4.0 enable authenticated attackers to exploit path traversal and arbitrary file write vulnerabilities, potentially compromising system integrity and exposing sensitive da…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in HashiCorp Vault—tracked as CVE-2025-6203 and HCSEC-2025-24—has been disclosed that allows malicious actors to submit specially crafted payloads capable of exhausting server resources and rendering Vault instances unresponsiv…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical client-side remote code execution (RCE) vulnerability in Google Web Designer exposed Windows users to full system compromise, according to a detailed write-up by security researcher Balint Magyar. Affecting versions prior to 16.4.0.0711 (rel…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed critical vulnerability in the Next.js framework, tracked as CVE-2025-29927, allows unauthenticated attackers to bypass middleware-based authorization checks by exploiting improper handling of the x-middleware-subrequest HTTP header. T…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
MediaTek today published its September 2025 Product Security Bulletin, disclosing and remediating a series of critical and moderate vulnerabilities in its modem and system components. The announcement highlights that all affected device OEMs have alrea…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the IBM Watsonx Orchestrate Cartridge for IBM Cloud Pak for Data has been disclosed, enabling blind SQL injection attacks that could compromise sensitive data. Tracked as CVE-2025-0165, this flaw allows a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in ImageMagick, the widely used open-source image processing software, that could allow attackers to execute arbitrary code remotely. The vulnerability, tracked as CVE-2025-57803 with a se…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
