MUST READ

Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

 | 

Millions of sites at risk from Imunify360 critical flaw exploit

 | 

Critical FortiWeb flaw under attack, allowing complete compromise

 | 

Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

 | 

Washington Post notifies 10,000 individuals affected in Oracle-linked data theft

 | 

Chrome extension “Safery” steals Ethereum wallet seed phrases

 | 

A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet

 | 

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days

 | 

Google sues cybercriminal group Smishing Triad

 | 

New Danabot Windows version appears in the threat landscape after May disruption

 | 

Australia’s spy chief warns of China-linked threats to critical infrastructure

 | 

Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

 | 

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

 | 

Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

 | 

SAP fixed a maximum severity flaw in SQL Anywhere Monitor

 | 

Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

 | 

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

 | 

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Triofox bug exploited to run malicious payloads via AV configuration

 | 

Chrome

Pierluigi Paganini June 03, 2025
Google fixed the second actively exploited Chrome zero-day since the start of the year

Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript […]

Pierluigi Paganini March 27, 2025
U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium Mojo sandbox escape vulnerability, tracked as CVE-2025-2783, to its Known Exploited Vulnerabilities (KEV) catalog. This week Google has released out-of-band fixes to address a high-severity security […]

Pierluigi Paganini March 26, 2025
Google fixed the first actively exploited Chrome zero-day since the start of the year

Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia. Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783, in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia. The vulnerability is an incorrect handle […]

Pierluigi Paganini October 30, 2024
Google fixed a critical vulnerability in Chrome browser

Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an out-of-bounds write issue that resides in the Dawn implementation. Dawn is an open-source […]

Pierluigi Paganini August 28, 2024
U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 (CVSS score of 8.8) to its Known Exploited Vulnerabilities (KEV) catalog. This week Google released a security update to address the Chrome […]

Pierluigi Paganini August 26, 2024
Google addressed the tenth actively exploited Chrome zero-day this year

Google released emergency security updates to fix the tenth actively exploited Chrome zero-day vulnerability this year. Google released a security update to address a new Chrome zero-day vulnerability, tracked as CVE-2024-7965 (CVSS score 8.8), that is actively exploited. The vulnerability is an Inappropriate implementation issue that resides in Chrome’s V8 JavaScript engine. “Google is aware that exploits […]

Pierluigi Paganini August 22, 2024
Google addressed the ninth actively exploited Chrome zero-day this year

Google released emergency security updates to fix the ninth actively exploited Chrome zero-day vulnerability this year. ​​Google released an emergency security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7971, that is actively exploited. The vulnerability is a type confusion issue that resides in Chrome’s V8 JavaScript engine. “Google is aware that an exploit for CVE-2024-7971 […]

Pierluigi Paganini August 08, 2024
0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers

An 18-year-old bug, dubbed “0.0.0.0 Day,” allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks. Oligo Security’s research team warns of an 18-year-old bug, dubbed “0.0.0.0 Day,” that allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks. The issue potentially leads to unauthorized access […]

Pierluigi Paganini July 26, 2024
A bug in Chrome Password Manager caused user credentials to disappear

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. An 18-hour outage impacted Google Chrome’s Password Manager on Wednesday, impacting users who rely on the tool to store and […]

Pierluigi Paganini June 19, 2024
Google Chrome 126 update addresses multiple high-severity flaws

Google released Chrome 126 update that addresses a high-severity vulnerability demonstrated at the TyphoonPWN 2024 hacking competition. Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

Security / November 14, 2025

Millions of sites at risk from Imunify360 critical flaw exploit

Security / November 14, 2025

Critical FortiWeb flaw under attack, allowing complete compromise

Hacking / November 14, 2025

Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

Security / November 14, 2025

Washington Post notifies 10,000 individuals affected in Oracle-linked data theft

Data Breach / November 14, 2025