NVIDIA today released critical security updates for its BlueField, ConnectX, DOCA, Mellanox DPDK, Cumulus Linux, and NVOS products. The Partner Security Bulletin addresses multiple vulnerabilities that could allow denial of service (DoS), escalation of privileges (EoP), and information disclosure. Customers are urged to download and install updated components immediately to protect their systems. To get […]
OpenAI announced today its definitive agreement to acquire Statsig, a product experimentation and analytics platform, for $1.1 billion.
The acquisition is a key move by the leader in artificial intelligence. It aims to add strong data tools to its system. This will help speed up the creation and launch of AI-based products.
Statsig, founded in February 2021, has rapidly established itself by providing a comprehensive suite of tools for product teams. Its platform empowers developers and product managers with capabilities ranging from A/B testing and feature flags to in-depth product analytics and session replays.
In a statement released today, Statsig expressed immense enthusiasm for the merger, describing the opportunity to join forces with OpenAI as a “no-brainer.” Since its inception, Statsig has been dedicated to putting powerful data tools into the hands of every engineering and product team. The company views this acquisition as the next logical step in its journey, allowing it to amplify its vision on a much larger scale.
The timing of the deal aligns with the explosive growth of artificial intelligence, a trend that has dominated the software industry since March 2021.
Statsig noted that by working closely with AI-native customers, they have witnessed firsthand the transformative power of AI in creating richer user experiences and streamlining development cycles.
By becoming part of OpenAI, the Statsig team aims to be at the forefront of this evolution, contributing directly to the tools that help teams ship smarter and faster in the age of AI.
For the thousands of companies relying on Statsig’s platform, the company has offered reassurance that its services will continue without interruption. A spokesperson confirmed that existing customers will remain a top priority, with ongoing investment in the core products they depend on.
Looking ahead, the integration of Statsig’s platform into OpenAI is expected to create a powerful synergy. The combination of OpenAI’s advanced AI models with Statsig’s sophisticated product analytics and experimentation tools could unlock new efficiencies for developers building on the OpenAI platform.
More details about the future direction of the combined entities are expected to be shared at Statsig’s upcoming conference, Sigsum. This acquisition signals a clear focus from OpenAI on not just advancing foundational AI models, but also on building a comprehensive ecosystem of developer tools to foster innovation.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Google has released Chrome 140 to the stable channel for Windows, Mac, and Linux. This update will roll out to users over the coming days and weeks. The new version, 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, delivers several security fixes and improvements. A full list of changes is available in the Chromium log. […]
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.
The vulnerabilities are listed below –
CVE-2025-38352 (CVSS score: 7.4) – A privilege escalation flaw in the Linux Kernel component
CVE-2025-48543 (CVSS score: N/A) – A
The BC-SECURITY team has released a major update to its flagship offensive security framework, Empire, introducing enhanced agent capabilities and comprehensive API support designed to streamline post-exploitation operations and adversary emulation for Red Teams and penetration testers worldwide. Enhanced Features Drive Advanced Operations Empire’s latest iteration showcases a server/client architecture engineered for multiplayer support, enabling distributed teams to […]
A sophisticated backdoor, MystRodX, that exploits DNS and ICMP protocols to stealthily activate and exfiltrate data from compromised systems. Deployed via a dropper disguised as a Mirai variant, MystRodX remained undetected for over 20 months by hiding its activation logic within network packet payloads. Security researchers have uncovered a MystRodX supports both active and passive […]
An Iran-nexus group has been linked to a “coordinated” and “multi-wave” spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.
The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice.
“Emails were sent to
Google has officially promoted Chrome 140 to the stable channel, initiating a multi-platform rollout for Windows, Mac, Linux, Android, and iOS.
The update brings the usual stability and performance improvements, but the headline feature is a critical security patch addressing six vulnerabilities, including one high-severity flaw that could allow for remote code execution.
Users are strongly advised to update their browsers immediately to protect against potential exploitation.
The new desktop version is identified as built 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac. The update is also being pushed to the Extended Stable channel with build 140.0.7339.81.
Key Takeaways 1. Chrome 140 is now stable on desktop and mobile, including extended-stable build 140.0.7339.81. 2. Six security bugs fixed. 3. GPU rasterization, faster HTTP/3, and CSS Container Queries support.
Mobile users will see updates with the version 140.0.7339.35 on Android and 140.0.7339.95 on iOS. While Google notes the rollout will occur over the coming days and weeks, manually checking for the update is recommended due to the severity of the patched flaws.
The most critical issue resolved in this update is a high-severity vulnerability tracked as CVE-2025-9864. This flaw is described as a “Use after free in V8,” the powerful open-source JavaScript and WebAssembly engine that powers Chrome.
A use-after-free vulnerability occurs when a program continues to use a pointer after the memory it points to has been deallocated.
By manipulating this memory state, a successful attacker could craft a malicious webpage that triggers the bug, potentially leading to a browser crash or, in a worst-case scenario, the execution of arbitrary code on the victim’s system. This vulnerability was reported by Pavel Kuzmin of the Yandex Security Team on July 28, 2025.
In addition to the V8 flaw, Google patched several medium-severity bugs reported by external researchers, including:
CVE-2025-9865: An inappropriate implementation in the Toolbar.
CVE-2025-9866: An inappropriate implementation in Extensions.
CVE-2025-9867: An inappropriate implementation in Downloads.
Google awarded a total of $10,000 in bounties to the external researchers who discovered and reported these vulnerabilities, as stated in the advisory.
Vulnerability
Description
Severity
Reward
CVE-2025-9864
Use after free in V8
High
N/A
CVE-2025-9865
Inappropriate implementation in Toolbar
Medium
$5,000
CVE-2025-9866
Inappropriate implementation in Extensions
Medium
$4,000
CVE-2025-9867
Inappropriate implementation in Downloads
Medium
Inappropriate implementation in the Toolbar
Update Rollout Details
Beyond the fixes contributed by external researchers, this release includes various other security enhancements resulting from Google’s own internal security work.
The company credits its robust internal auditing processes and sophisticated testing tools for catching many bugs before they ever reach the stable channel.
Google’s security teams extensively use automated tools like AddressSanitizer, MemorySanitizer, and UndefinedBehaviorSanitizer, as well as fuzzing technologies like libFuzzer and AFL, to proactively discover and neutralize memory corruption and other security flaws.
As the update for Chrome 140 rolls out globally, Google is restricting access to the specific bug details and links. This standard procedure is designed to prevent threat actors from reverse-engineering the exploits before a majority of users have installed the protective patch.
Users can ensure they are protected by navigating to Chrome’s “About Google Chrome” settings page, which will trigger the automatic download and installation of the latest version.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
An industrial-scale phishing campaign exploiting Google Cloud and Cloudflare infrastructure operated in plain sight for more than three years, targeting Fortune 500 companies and siphoning millions in potential revenue while evading detection. Deep Specter Research’s investigation reveals the depth of this willful blindness and its far-reaching consequences for brands, regulators, and end users. Google Cloud […]
In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices.
The bulletin details critical issues in both System and Kernel components, and emphasizes the importance of immediate updates to mitigate remote code execution risks.
Key Takeaways 1. Patch 2025-09-05 fixes CVE-2025-38352 (zero-interaction RCE) and CVE-2025-48543 (kernel EoP). 2. System bug needs no user action; kernel bug grants root. 3. Update now; AOSP source in 48 hrs.
Critical System Component RCE Vulnerability
The flagship fix addresses CVE-2025-38352, a zero-interaction flaw in the Android System component that allows remote (proximal/adjacent) code execution without any elevated privileges.
Google’s severity assessment rates this as Critical, noting that successful exploitation could grant attackers complete control of affected devices even with platform and service mitigations enabled in development environments.
No user engagement, such as clicking a link or opening a file, is required to trigger the exploit.
Source code patches for CVE-2025-38352 are now available in the Android Open Source Project (AOSP) repository.
Google plans to update the bulletin with direct AOSP links within 48 hours of publication.
Rated High, this flaw could allow local code to gain root-level permissions, bypassing SELinux policies and other kernel-level safeguards.
Affected versions include Android 13, 14, 15, and 16. Partners have received notification of both issues over a month in advance, ensuring OEMs can integrate the necessary kernel patches into upcoming device updates.
CVE
Title
Severity
CVE-2025-38352
Remote (proximal/adjacent) code execution in System component, zero-interaction
Critical
CVE-2025-48543
Elevation of Privilege in Kernel, bypass SELinux to gain root
High
Users are strongly advised to verify their patch level is at least 2025-09-05 and to apply updates immediately.
Android partners have been briefed, and AOSP source code updates will be released shortly.
This coordinated effort underscores Google’s commitment to proactive vulnerability management and rapid response to emerging threats.
Users and device manufacturers alike must prioritize this update to maintain the integrity of Android’s security posture.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
