Aggregator

A vulnerability was found in Google Chrome and classified as problematic. Affected by this issue is some unknown functionality of the component Media Stream. The manipulation leads to exposure of sensitive information through metadata. This vulnerability is handled as CVE-2025-1921. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Media. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-1919. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Google Chrome. Affected is an unknown function of the component PDFium. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-1918. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Chrome on Windows. This issue affects some unknown processing of the component DevTools. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-1915. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Google Chrome. This vulnerability affects unknown code of the component V8. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-1914. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Google Chrome on Android. This affects an unknown part of the component HTML Page Handler. The manipulation leads to clickjacking. This vulnerability is uniquely identified as CVE-2025-1922. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

WordPress的GiveWP插件漏洞威胁10万家网站，攻击者无需认证即可远程执行代码，可能导致财务欺诈、数据泄露，甚至网站被完全控制。

A vulnerability was found in Google Chrome on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the component HTML Page Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is handled as CVE-2025-1917. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

新发现的恶意软件活动已经危害了 4,000 多家互联网服务提供商 (ISP)，使黑客能够远程访问关键基础设施。

欢迎关注安全圈求职社群！！

Fix Inventory is an open-source tool for detecting compliance and security risks in cloud infrastructure accounts. It was built from the ground up for cloud-native environments and provides broad support for over 300 cloud services, including AWS, Google Cloud Platform, Azure, DigitalOcean, Hetzner, Kubernetes, and GitHub. How Fix Inventory works The tool operates in three key phases to help organizations manage their cloud security: Collect inventory data – The tool queries cloud infrastructure APIs in … More →

The post Fix Inventory: Open-source cloud asset inventory tool appeared first on Help Net Security.

The Health Sector Coordinating Council is kicking off a health sector mapping initiative aimed at helping the ecosystem avoid massive disruptions in the event of major cyber incidents, said Greg Garcia, executive director for cybersecurity at the Health Sector Coordinating Council.

The majority of significant attacks hitting the health sector involve unpatched vulnerabilities dating back years, a situation cybercriminals are more easily and swiftly able to exploit using AI-based tools, said Health Information Sharing and Analysis Center President and CEO Denise Anderson.

As clinicians move to a model of working anywhere - on many types of devices and under a variety of different internet environments - web browser security is a heightened concern, said John Frushour, vice president and CISO at New York-Presbyterian Hospital, and CyberEdBoard member.

RansomHub, Play, Akira and Clop Among the Groups Claiming the Most Victims
Ransomware operations have collectively claimed what amounts to a surge in new victims. Researchers trace much of this activity to RansomHub, Play and Akira, as well as Clop, which continues to drip-feed details about its attack on users of Cleo Communications' managed file-transfer software.

Fake Error Messages Trick Users Into Deploying a C2 Framework Via PowerShell
A newly discovered phishing campaign is using social engineering to dupe victims into copying, pasting and running the Havoc command-and-control framework on their computers, warn researchers from Fortinet. "ClickFix" displays a fake error message and instructions for its supposed resolution.

Hiatus Could Embolden Moscow
Reports suggesting that the U.S. federal government is going soft on Russia in cyberspace sent shockwaves through the cybersecurity community. Resuming computer network attacks and other exploitation efforts after a pause isn't as simple as flipping a switch.

Code of Practice for Software Vendors Sets Baseline Security Expectations
A British government proposal to strengthen software supply chain security received positive feedback from vendors who said voluntary best practices could strengthen cyber defenses. The guidelines suggest requiring multifactor authentication for developers and timely vulnerability patching.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Andrea Micalizzi aka rgod (@rgod777)' was reported to the affected vendor on: 2025-03-05, 51 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-03-05, 51 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.