1010.cx

  • Chrome 142 Update Patches 20 Security Flaws Enabling Code Execution

    ·

    , , , ,

    Google has released Chrome version 142 to the stable channel, addressing multiple critical security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, now rolling out to Windows, Mac, and Linux users, contains fixes for 20 security flaws discovered by external researchers and Google’s internal security teams. Overview of the […]

    The post Chrome 142 Update Patches 20 Security Flaws Enabling Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability Exploited

    ·

    , , , ,

    Microsoft has patched a critical race condition vulnerability in its Windows Cloud Files Minifilter driver, known as CVE-2025-55680, which enables local attackers to escalate privileges and create arbitrary files across the system.

    Discovered by researchers at Exodus Intelligence in March 2024, the flaw was addressed in the October 2025 Patch Tuesday updates, earning a CVSS score of 7.8 for its potential to grant SYSTEM-level access through DLL side-loading.

    While no widespread in-the-wild exploitation has been confirmed, security experts classify it as “exploitation more likely” due to the straightforward nature of the time-of-check to time-of-use (TOCTOU) weakness in the cldflt.sys driver.

    Understanding The Cloud Files Minifilter

    The Cloud Files Minifilter driver powers features like OneDrive’s Files On-Demand, allowing seamless synchronization of cloud-stored files as local placeholders that hydrate on access.

    Registered via the CfRegisterSyncRoot API in cldapi.dll, sync root directories enforce policies for hydration when files download and population, controlling how directories reveal cloud contents.

    These placeholders, managed through IOCTL code 0x903BC, represent files in states like pinned, full, or partial, relying on the minifilter to handle operations such as creation via CfCreatePlaceholders.

    The driver intercepts IRP major functions for file creation, reading, writing, and controlling, processing user requests in kernel mode to ensure secure cloud integration, Exodus Intelligence said.

    However, this tight coupling between user-space APIs and kernel handling introduces risks when validating inputs like filenames during placeholder creation.

    Race Condition Flaw Leads to Privilege Escalation

    At the core of CVE-2025-55680 lies the HsmpOpCreatePlaceholders function in cldflt.sys, triggered by CfCreatePlaceholders to build placeholders under a sync root.

    The function first probes and maps the user-supplied buffer containing the relative filename (relName) into kernel space using IoAllocateMdl and MmMapLockedPagesSpecifyCache, sharing physical memory between user and kernel views.

    Exploit Chain
    Exploit Chain

    It then validates relName against forbidden characters such as backslash ($$ or colon (:)), a safeguard added post-CVE-2020-17136.

    Yet, a narrow window exists between this check and the subsequent FltCreateFileEx2 call to create the file.

    Attackers can exploit this TOCTOU by altering the mapped buffer, replacing a character like ‘D’ with ” in a string such as “JUSTASTRINGDnewfile.dll” to form “JUSTASTRING\newfile.dll”, causing the driver to follow a pre-set junction point to privileged paths like C:\Windows\System32.

    Without flags to block symlinks, the file lands in restricted areas, bypassing permissions.

    Exploitation demands low privileges but coordinates multiple threads: one monitors for file creation in System32, others spam CfCreatePlaceholders with benign payloads, and racers toggle the buffer byte to win the timing race.

    Success allows dropping a malicious DLL, hijacked by services like those in System32, for side-loading, yielding kernel-context code execution. Setup involves registering a sync root and junction, with cleanup post-escalation.

    Microsoft urges immediate patching, emphasizing endpoint detection for anomalous file ops in cloud sync dirs.

    Enterprises should audit OneDrive usage and enforce least-privilege policies to mitigate local threats. As cloud reliance grows, such kernel flaws underscore the perils of bridging user and system spaces.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability Exploited appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • 12 Malicious Extensions in VSCode Marketplace Steal Source Code and Exfiltrate Login Credentials

    ·

    , ,

    The VSCode extension marketplace has become a critical vulnerability in the software supply chain. Security researchers at HelixGuard Team recently discovered 12 malicious extensions operating within the Microsoft VSCode Marketplace and OpenVSX, with four remaining active despite their detection. These extensions employ sophisticated techniques to steal source code, exfiltrate sensitive credentials, establish remote backdoors, and […]

    The post 12 Malicious Extensions in VSCode Marketplace Steal Source Code and Exfiltrate Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution

    ·

    , , ,

    Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users.

    The rollout begins immediately and will continue over the next few days or weeks, ensuring widespread protection against newly discovered threats.

    This version addresses 20 vulnerabilities, many of which could enable attackers to execute malicious code remotely, potentially compromising user data and system integrity.

    The update underscores Google’s commitment to rapid response in the face of evolving browser-based attacks.

    Chrome 142.0.7444.59 for Linux, 142.0.7444.59/60 for Windows, and 142.0.7444.60 for Mac incorporate a range of fixes and performance improvements.

    Detailed change logs are available through Chromium’s source repository, highlighting enhancements in rendering, stability, and user interface.

    While full details on new features will appear in upcoming posts on the Chrome and Chromium blogs, the immediate priority is bolstering defenses against exploitation attempts.

    Security experts recommend users enable automatic updates to mitigate risks promptly, as unpatched browsers remain prime targets for cybercriminals.

    Chrome 142 Released – Fix for 20 Vulnerabilities

    The update addresses a wide range of vulnerabilities, including 20 security patches. Details about the bugs will initially remain confidential to allow for global deployment and to prevent facilitating active exploits.

    Several fixes arise from external researchers, earning bounties under Google’s Vulnerability Reward Program, while others result from internal audits and fuzzing tools like AddressSanitizer and libFuzzer.

    High-severity issues dominate, particularly in the V8 JavaScript engine, where type confusion, race conditions, and inappropriate implementations could lead to arbitrary code execution.

    Media handling and extensions also receive attention, closing gaps that might allow unauthorized access or policy bypasses. Lower-severity fixes address UI inconsistencies and storage races, preventing subtle but persistent risks.

    For a breakdown of key externally reported vulnerabilities, see the table below:

    CVE IDSeverityDescriptionReporterBountyReport Date
    CVE-2025-12428HighType Confusion in V8Man Yue Mo (GitHub Security Lab)$50,0002025-09-26
    CVE-2025-12429HighInappropriate implementation in V8Aorui Zhang$50,0002025-10-10
    CVE-2025-12430HighObject lifecycle issue in Mediaround.about$10,0002025-09-04
    CVE-2025-12431HighInappropriate implementation in ExtensionsAlesandro Ortiz$4,0002025-08-06
    CVE-2025-12432HighRace in V8Google Big SleepN/A2025-08-18
    CVE-2025-12433HighInappropriate implementation in V8Google Big SleepN/A2025-10-07
    CVE-2025-12036HighInappropriate implementation in V8Google Big SleepN/A2025-10-15
    CVE-2025-12434MediumRace in StorageLijo A.T$3,0002024-04-27
    CVE-2025-12435MediumIncorrect security UI in OmniboxHafiizh$3,0002025-09-21
    CVE-2025-12436MediumPolicy bypass in ExtensionsLuan Herrera (@lbherrera_)$2,0002021-02-08

    (Additional medium and low-severity fixes include use-after-free errors in PageInfo and Ozone, out-of-bounds reads in V8 and WebXR, and UI issues in Autofill, Fullscreen, and SplitView, reported by researchers like Umar Farooq, Wei Yuan, and Khalil Zhani.)

    Google extends thanks to contributors who helped squash these bugs before they hit production. Internal efforts, including fuzzing and sanitizer tools, accounted for numerous fixes, preventing a wide array of potential exploits.

    As browser usage surges amid rising phishing and malware campaigns, this release reinforces Chrome’s position as a secure default for billions. Users should verify updates via chrome://settings/help to stay protected.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • PhantomRaven Attack Discovered in 126 Malicious npm Packages, Exceeding 86,000 Downloads

    ·

    , ,

    The global developer community has been rocked by the emergence of PhantomRaven, a far-reaching campaign involving 126 malicious npm packages with more than 86,000 downloads. Lurking beneath the surface, these packages actively steal npm tokens, GitHub credentials, and CI/CD secrets from unsuspecting developers across the world. Despite their scale and impact, the attackers have leveraged […]

    The post PhantomRaven Attack Discovered in 126 Malicious npm Packages, Exceeding 86,000 Downloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • CISA Alerts on Active Exploitation of WSUS Vulnerability

    ·

    , , ,

    The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about active exploitation of a critical vulnerability affecting Windows Server Update Service (WSUS). The agency updated its alert on October 29, 2025, adding crucial information about identifying vulnerable systems and detecting potential threats. Critical Flaw in Windows Server Update Service Microsoft released an […]

    The post CISA Alerts on Active Exploitation of WSUS Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • WordPress Plugin Vulnerability Lets Attackers Read Any Server File

    ·

    , , , , ,

    A critical security flaw has been discovered in the Anti-Malware Security and Brute-Force Firewall WordPress plugin, putting more than 100,000 websites at risk. The vulnerability, identified as CVE-2025-11705, allows authenticated attackers with basic subscriber-level access to read any file stored on the web server, potentially exposing sensitive data including database credentials and security keys. Attribute […]

    The post WordPress Plugin Vulnerability Lets Attackers Read Any Server File appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • PolarEdge Botnet Hits 25K IoT Devices in Major Cyber Campaign

    ·

    , , , ,

    Cybersecurity researchers at XLab have uncovered a sophisticated infrastructure-as-a-service botnet operation called PolarEdge, which has compromised over 25,000 Internet of Things devices and established 140 command-and-control servers through systematic exploitation of vulnerable edge devices. The newly exposed RPX relay system reveals how threat actors construct operational relay box networks that effectively conceal attack sources and […]

    The post PolarEdge Botnet Hits 25K IoT Devices in Major Cyber Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability

    ·

    , , ,

    In a critical update issued on October 29, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) has provided organizations with enhanced guidance on detecting and mitigating threat activity related to the actively exploited CVE-2025-59287 vulnerability in Microsoft’s Windows Server Update Services (WSUS).

    This remote code execution flaw, rated at a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges on affected servers, posing severe risks to enterprise networks.

    Microsoft initially addressed the issue during October’s Patch Tuesday. Still, it released an out-of-band update on October 23, 2025, after discovering the prior fix was incomplete, prompting CISA to add it to the Known Exploited Vulnerabilities (KEV) Catalog the following day.

    Exploitation has surged in the wild, with reports of attackers using proxy networks and public proof-of-concept exploits to harvest sensitive data such as user credentials and network configurations.

    WSUS Vulnerability and Exploitation

    CVE-2025-59287 stems from unsafe deserialization of untrusted data in WSUS, specifically involving the insecure .NET BinaryFormatter when processing AuthorizationCookie objects via endpoints like GetCookie() in the ClientWebService or SoapFormatter in ReportingWebService.

    Attackers craft malicious SOAP requests containing base64-encoded payloads, encrypted with AES-128-CBC, which bypass validation and trigger code execution upon deserialization.

    This vulnerability affects only servers with the WSUS role enabled, a feature not active by default, and exposes ports TCP 8530 and 8531 to network traffic.

    The flaw’s network-based attack vector requires no privileges or user interaction, enabling rapid compromise of update management infrastructure, which attackers leverage for lateral movement and data exfiltration.

    CVE IDDescriptionCVSS v3.1 ScoreSeverityAffected ProductsExploitation PrerequisitesImpact
    CVE-2025-59287Deserialization of untrusted data in WSUS allows remote code execution.9.8CriticalWindows Server 2012, 2012 R2, 2016, 2019, 2022 (incl. 23H2), 2025 with WSUS role enabled.Unauthenticated access to TCP ports 8530/8531; crafted requests to ClientWebService or ReportingWebService.Arbitrary code execution with SYSTEM privileges; potential for network enumeration, credential theft, and persistence.

    Organizations must prioritize identifying vulnerable servers using PowerShell commands like Get-WindowsFeature -Name UpdateServices or the Server Manager Dashboard to confirm WSUS enablement.

    Applying the October 23 out-of-band patch followed by a reboot is essential, with temporary workarounds including disabling the WSUS role or blocking inbound traffic to the exposed ports at the host firewall.

    CISA’s latest advisory emphasizes proactive threat hunting, urging administrators to monitor for anomalous activity such as child processes spawned with SYSTEM permissions from wsusservice.exe or w3wp.exe, including nested PowerShell instances executing base64-encoded commands.

    Observed tactics include spawning cmd.exe and powershell.exe for enumeration via net user /domain and ipconfig /all, with outputs exfiltrated to webhook sites or Cloudflare Workers subdomains for command-and-control.

    These behaviors may mimic legitimate operations but warrant vetting, especially alongside deserialization errors in WSUS logs or unusual POST requests to Client.asmx endpoints.

    Additional resources from Huntress detail real-world exfiltration scripts, while Palo Alto Networks Unit 42 highlights consistent attacker methodologies involving proxy obfuscation.

    Federal agencies face a November 14, 2025, remediation deadline, but all entities should act immediately to safeguard updated pipelines against this high-impact threat.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Air Force’s 10-year fighter jet report is missing key details, experts say

    ·

    A new report to Congress pitching the Air Force’s 10-year fighter jet plan is missing key details and explanations, raising questions and concerns among defense experts.

    The 24-page document details Air Force Secretary Troy Meink’s support of the interim defense strategy’s mandate “to protect the homeland, deter our adversaries, and project decisive airpower” by purchasing more F-15EXs, F-35s and F-47 aircraft. The report sets an ambitious goal of having nearly 1,400 tactical aircraft by 2030 but says the service does not have “total obligation authority” to place the necessary orders and adds that “Industry production limitations will also limit the USAF's ability to meet global force requirement.” The document also said the service needs a total of 1,558 manned tactical aircraft to “achieve low risk to resourcing, executing and sustaining combat operations.”

    It’s unclear how the Air Force will reach those goals, said Todd Harrison, a defense budgeting expert at the American Enterprise Institute. He added the report didn’t include info from the Future Years Defense Program, the Pentagon’s five-year budget plan.

    “One thing that stood out to me is it doesn't have actual tables in the unclassified document showing the force plans in the future,” Harrison said. “It doesn't even show the FYDP plans.”

    The long-term plan was ordered up by the 2025 National Defense Authorization Act. This initial version was due six months ago; new editions are required every April through 2029. Defense One obtained a copy of the unclassified version of the report. 

    Defense experts were also concerned by the number of required combat aircraft detailed in the Air Force’s report to Congress, saying it falls short.

    Dave Deptula, a retired Air Force three-star and dean of the Mitchell Institute, said the Air Force has been on a “death spiral” and said the ambitious goals pitched by the service in the report aren’t enough for current national security needs.

    The Air Force “desperately needs additional budget from the administration and funding from Congress to reverse this dire situation,” Deptula said. “The report is interesting, but it’s about 25-30 percent short of what’s needed to execute America’s security strategy.”

    A graph in the report shows dwindling numbers of A-10s, F-15C/D, and F-15E aircraft, while retaining the same numbers of F-16s and F-22s over the next five years. It also details the service’s plan to modernize some aircraft and retire others. 

    Retirements of the A-10 Warthog are continuing; the Air Force plans to stop funding missions with them by next September, according to the report. The plan also calls for retiring some F-15Es with older engines while keeping ones with updated Pratt & Whitney F100-PW-229 power plants.

    F-15C and D jets are being retired as F-15EXs arrive. Annual production of the EX is to reach full speed with 24 jets in fiscal 2027, and the Air Force is “exploring opportunities to capitalize on this production rate,” according to the report.

    F-16s in the Block 40 and Block 50 configurations will get Active Electronically Scanned Array radars, Multifunctional Information Distribution System Joint Tactical Radio Systems, and Integrated Viper Electronic Warfare Suites, the report said. 

    F-22 Block 30s and 35s are getting extensive modernization while older Block 20s are planned for retirement.

    Upgrading and buying more F-35s is listed as a major priority but fielding those new jets is “inherently risky” given funding woes and “industry delivery delays,” the report said. 

    Aircraft-builder Lockheed Martin still got paid incentive fees when they delivered F-35s “up to 60 days late,” the Government Accountability Office wrote last month. 

    The report identifies the F-47 and the collaborative combat aircraft prototypes as the service’s “number one modernization priority.” Service officials plan to have the F-47 ready for its first flight by 2028.

    The report acknowledges the “complexity” of adapting to the administration’s new defense strategy.

    “Homeland defense, forward posturing, power projection (deterrence), contingency response, modernization and aircrew production are the key missions the USAF must balance through deliberate basing, procurement, and management of tactical fighter aircraft,” the report said. “Balancing these diverse requirements with limited resources adds complexity to an already significant challenge to meet force structure demands.”

    The report broadly follows Meink’s argument that the Air Force’s existing power-projection programs are relevant to the administration’s national-security objectives, including “the President’s determination to restore our neglected position in the Western Hemisphere.”

    During the Air & Space Force Association's annual conference near Washington, D.C., last month, Meink told reporters “homeland defense pretty much captures all threats.”

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶