Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: cve Clear Filter

Google patches sixth Chrome zero-day exploited in attacks this year

bleepingcomputer.com Unknown 2025-09-19 08:23:14

Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since the start of the year. While it didn't specifically say whether this security flaw is still being actively abused in the wild, the company warned that it has a public exploit, a common indicator of active exploitation. "Google is aware that an exploit for CVE-2025-10585 exists in the wild," Google warned in a security advisory published on Wednesday. This

Topics: chrome cve day google zero
Read More
Shop Amazon

Update your Samsung phone ASAP to patch this zero-day flaw exploited in the wild

zdnet.com Charlie Osborne 2025-09-21 06:26:08

Sabrina Ortiz/ZDNET Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways Samsung issued a patch for a zero-day vulnerability. Android devices are affected by ongoing attacks in the wild. Samsung users should accept security updates immediately. Samsung has issued a patch to resolve a critical vulnerability impacting its Android smartphone users. All impacted phone models will receive the fix, which patches a vulnerability tracked as CVE-2025-21043. The security flaw

Topics: 2025 cve samsung security vulnerability
Read More
Shop Amazon

Apple backports zero-day patches to older iPhones and iPads

bleepingcomputer.com Unknown 2025-09-23 14:16:53

​Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in "extremely sophisticated" attacks. This security flaw is the same one Apple has patched for devices running iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, and macOS (Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8) on August 20. Tracked as CVE-2025-43300, this vulnerability was discovered by Apple security researchers and is caused by an out-

Topics: 2025 apple cve iphone zero
Read More
Shop Amazon

CISA warns of actively exploited Dassault RCE vulnerability

bleepingcomputer.com Unknown 2025-09-27 06:19:39

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. The agency added the vulnerability, tracked as CVE-2025-5086 and rated with a critical severity score (CVSS v3: 9.0), to the Known Exploited Vulnerabilities (KEV). DELMIA Apriso is used in production processes for digitalizing and m

Topics: 2025 agency apriso cve delmia
Read More
Shop Amazon

Samsung patches actively exploited zero-day reported by WhatsApp

bleepingcomputer.com Unknown 2025-09-28 05:48:30

Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. Tracked as CVE-2025-21043, this critical security flaw affects Samsung devices running Android 13 or later and was reported by the security teams of Meta and WhatsApp on August 13. As Samsung explains in a recently updated advisory, this vulnerability was discovered in libimagecodec.quram.so (a closed-source image parsing library developed by Quramsoft that implements

Topics: 2025 cve devices samsung whatsapp
Read More
Shop Amazon

Akira ransomware exploiting critical SonicWall SSLVPN bug again

bleepingcomputer.com Unknown 2025-09-29 14:32:15

The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. The hackers are leverging the security issue to gain access to target networks via unpatched SonicWall SSL VPN endpoints. SonicWall released a patch for CVE-2024-40766 last year in August, marking it as actively exploited. The flaw allows unauthorized resource access and can cause firewall crashes. At the time, SonicWall

Topics: 2024 40766 access cve sonicwall
Read More
Shop Amazon

Microsoft Patch Tuesday, September 2025 Edition

krebsonsecurity.com Unknown 2025-10-01 03:21:14

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices. Microsoft assigns security flaws a “critical” rating when malware

Topics: 2025 code cve microsoft windows
Read More
Shop Amazon

SAP fixes maximum severity NetWeaver command execution flaw

bleepingcomputer.com Unknown 2025-10-04 18:18:11

SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. SAP NetWeaver is the foundation for SAP's business apps like ERP, CRM, SRM, and SCM, and acts as a modular middleware that is broadly deployed in large enterprise networks. In its security bulletin for September, the provider of enterprise resource planning (ERP) software lists a vulnerability with a maximum severity score of 10 out of 10 that is

Topics: 2025 cve data netweaver sap
Read More
Shop Amazon

Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws

bleepingcomputer.com Unknown 2025-10-12 22:03:42

Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. This activity is reported by CheckPoint Research, which observed significant chatter on the dark web around HexStrike-AI, associated with the rapid weaponization of newly disclosed Citrix vulnerabilities, including CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424. According to ShadowServer Foundation's data, nearly 8,000 endpoints remain vulner

Topics: 2025 ai checkpoint cve hexstrike
Read More
Shop Amazon

Google fixes actively exploited Android flaws in September update

bleepingcomputer.com Unknown 2025-10-13 14:14:15

Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws. The two flaws that were detected as exploited in zero-day attacks are CVE-2025-38352, an elevation of privilege in the Android kernel, and CVE-2025-48543, also an elevation of privilege problem in the Android Runtime component. Google noted in its bulletin that there are indications that those two flaws may be under limited, targeted expl

Topics: 2025 android cve flaws update
Read More
Shop Amazon

Over 28,000 Citrix devices vulnerable to new exploited RCE flaw

bleepingcomputer.com Unknown 2025-10-24 14:48:00

More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild. The vulnerability affects NetScaler ADC and NetScaler Gateway and the vendor addressed it in updates released yesterday. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Citrix, the security issue has been exploited as a zero-day vulnerability. The versions affected by CVE-2025-7775 are 14.1 be

Topics: 13 2025 citrix cve ndcpp
Read More
Shop Amazon

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks

bleepingcomputer.com Unknown 2025-10-25 21:37:53

Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. The CVE-2025-7775 flaw is a memory overflow bug that can lead to unauthenticated, remote code execution on vulnerable devices. In an advisory released today, Citrix states that this flaw was observed being exploited in attacks on unpatched devices. "As of August 26, 2025 Cloud Software G

Topics: 13 2025 citrix cve netscaler
Read More
Shop Amazon

CISA warns of actively exploited Git code execution flaw

bleepingcomputer.com Unknown 2025-10-27 01:57:33

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system. The agency has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and has set the patch deadline for federal agencies to September 15th. Git version control system allows software development teams to track codebase changes over time. The library is the backbone of modern software collaboration,

Topics: 2024 cve execution git hotfix
Read More
Shop Amazon

FBI warns of Russian hackers exploiting 7-year-old Cisco flaw

bleepingcomputer.com Unknown 2025-11-03 05:04:08

The Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia's Federal Security Service (FSB) are targeting critical infrastructure organizations in attacks exploiting a 7-year-old vulnerability in Cisco devices. The FBI's public service announcement states that the state-backed hacking group, linked to the FSB's Center 16 unit and tracked as Berserk Bear (also known as Blue Kraken, Crouching Yeti, Dragonfly, and Koala Team), has been targeting Cisco networking devices usi

Topics: actors cisco cve devices organizations
Read More
Shop Amazon

Apple fixes new zero-day flaw exploited in targeted attacks

bleepingcomputer.com Unknown 2025-11-04 20:44:31

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack." Tracked as CVE-2025-43300, this security flaw is caused by an out-of-bounds write weakness discovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats. An out-of-bounds write occurs when attackers successfully exploit such vulnerabilities by supplying input to a program, causing it t

Topics: 2025 cve generation ipad later
Read More
Shop Amazon

How One Wikipedia Editor Unraveled the ‘Single Largest Self-Promotion Operation’ in the Site's History

wired.com Nate Anderson 2025-11-11 08:00:00

Quick—what are the top entries in the category "Wikipedia articles written in the greatest number of languages"? The answer is countries. Turkey tops the list with Wikipedia entries in 332 different languages, while the US is second with 327 and Japan is third with 324. Other common words make their appearance as one looks down the list. "Dog" (275 languages) tops "cat" (273). Jesus (274) beats "Adolf Hitler" (242). And all of them beat "sex" (122), which is also bested by "fever," "Chiang Kai

Topics: different languages like mcveigh woodard
Read More
Shop Amazon

Microsoft Patch Tuesday, August 2025 Edition

krebsonsecurity.com Unknown 2025-11-08 04:14:41

Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users. August’s patch batch from Redmond includes an update for CVE-2025-53786, a vulnerability that allows an attacker to pivot from a compromised Microsoft Exchange Server dire

Topics: 2025 cve linux microsoft windows
Read More
Shop Amazon

Cisco warns of max severity flaw in Firewall Management Center

bleepingcomputer.com Unknown 2025-11-13 14:57:45

Cisco is warning about a critical remote code execution (RCE) vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) software. Cisco FCM is a management platform for the vendor’s Secure Firewall products, which provides a centralized web or SSH-based interface to allow administrators to configure, monitor, and update Cisco firewalls. RADIUS in FMC is an optional external authentication method that permits connecting to a Remote Authentication Dial-In User Service

Topics: 2025 cisco cve secure service
Read More
Shop Amazon

Dedicated volunteer exposes “single largest self-promotion operation in Wikipedia’s history”

arstechnica.com Unknown 2025-11-14 14:18:06

Quick—what are the top entries in the category "Wikipedia articles written in the greatest number of languages"? The answer is countries. Turkey tops the list with Wikipedia entries in 332 different languages, while the US is second with 327 and Japan is third with 324. Other common words make their appearance as one looks down the list. "Dog" (275 languages) tops "cat" (273). Jesus (274) beats "Adolf Hitler" (242). And all of them beat "sex" (122), which is also bested by "fever," "Chiang Kai

Topics: different languages mcveigh number woodard
Read More
Shop Amazon

CISA warns of N-able N-central flaws exploited in zero-day attacks

bleepingcomputer.com Unknown 2025-11-16 22:15:14

​CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able's N-central remote monitoring and management (RMM) platform. N-central is commonly used by managed services providers (MSPs) and IT departments to monitor, manage, and maintain client networks and devices from a centralized web-based console. According to CISA, the two flaws can allow threat actors to gain command execution via an insecure deserialization weakness (CVE-2025-8875) and inject

Topics: 2025 central cisa cve security
Read More
Shop Amazon

Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

bleepingcomputer.com Unknown 2025-11-21 18:31:49

Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released. Tracked as CVE-2025-5777 and referred to as CitrixBleed 2, this out-of-bounds memory read vulnerability results from insufficient input validation, enabling unauthenticated attackers to access restricted memory regions remotely on devices configured as a Gateway (VPN virtual server, ICA Pro

Topics: 2025 attacks citrix cve vulnerability
Read More
Shop Amazon

Details emerge on WinRAR zero-day attacks that infected PCs with malware

bleepingcomputer.com Unknown 2025-11-23 18:05:47

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. RomCom (aka Storm-0978 and Tropical Scorpius) is a Russian cyberespionage threat group with a history in zero-day exploitation, including in Firefox (CVE-2024-9680, CVE-2024-49039) and Microsoft Office (CVE-2023-36884). ESET discovered that RomCom was exploiting an undoc

Topics: 2025 cve eset lnk winrar
Read More
Shop Amazon

SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw

bleepingcomputer.com Unknown 2025-11-29 14:27:43

SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. The company says that the attackers are targeting CVE-2024-40766, an unauthorized access flaw fixed in August 2024. "We now have high confidence that the recent SSLVPN activity is not connected to a zero-day vulnerability," reads the update on the SonicWall bulletin published this week. "Instead, there is a significant correlatio

Topics: 2024 cve firewalls gen sonicwall
Read More
Shop Amazon

ReVault flaws let hackers bypass Windows login on Dell laptops

bleepingcomputer.com Unknown 2025-12-03 10:58:07

ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls. Dell ControlVault is a hardware-based security solution that stores passwords, biometric data, and security codes within firmware on a dedicated daughterboard, known as the Unified Security Hub (USH). The five vulnerabilities, reported by Cisco's Talos security division and dubbed "ReVault," affect both the ControlV

Topics: cve dell firmware security windows
Read More
Shop Amazon

Adobe issues emergency fixes for AEM Forms zero-days after PoCs released

bleepingcomputer.com Unknown 2025-12-04 09:02:22

Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances. The flaws are tracked as CVE-2025-54253 and CVE-2025-54254: CVE-2025-54253: Misconfiguration allowing arbitrary code execution. Rated "Critical" with a CVSS score of 8.6. Misconfiguration allowing arbitrary code execution. Rated "Critical" with a CVSS score of 8.6. CVE

Topics: 2025 adobe code cve execution
Read More
Shop Amazon

Android gets patches for Qualcomm flaws exploited in attacks

bleepingcomputer.com Unknown 2025-12-06 04:31:32

Google has released security patches for six vulnerabilities in Android's August 2025 security update, including two Qualcomm flaws exploited in targeted attacks. The two security bugs, tracked as CVE-2025-21479 and CVE-2025-27038, were reported through the Google Android Security team in late January 2025. The first is a Graphics framework incorrect authorization weakness that can lead to memory corruption due to unauthorized command execution in the GPU micronode while executing a specific s

Topics: 2025 android cve google security
Read More
Shop Amazon

Ransomware gangs join attacks targeting Microsoft SharePoint servers

bleepingcomputer.com Unknown 2025-12-09 00:26:49

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. Security researchers at Palo Alto Networks' Unit 42 have discovered a 4L4MD4R ransomware variant, based on open-source Mauri870 code, while analyzing incidents involving this SharePoint exploit chain (dubbed "ToolShell"). The ransomware was detected on July 27 after discove

Topics: 2025 cve microsoft ransomware security
Read More
Shop Amazon

Apple patches security flaw exploited in Chrome zero-day attacks

bleepingcomputer.com Unknown 2025-12-15 18:10:42

Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Tracked as CVE-2025-6558, the security bug is due to the incorrect validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine) open-source graphics abstraction layer, which processes GPU commands and translates OpenGL ES API calls to Direct3D, Metal, Vulkan, and OpenGL. The vulnerability enables remote attackers to execute

Topics: 2025 apple cve generation ipad
Read More
Shop Amazon

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware

bleepingcomputer.com Unknown 2025-12-18 14:10:42

Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. Cybersecurity firm Darktrace discovered the attack during an incident response in April 2025, where an investigation revealed that the Auto-Color malware had evolved to include additional advanced evasion tactics. Darktrace reports that the attack started on April 25, but active exploitation occurred two days

Topics: 2025 auto color cve darktrace
Read More
Shop Amazon

Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data

bleepingcomputer.com Unknown 2025-12-20 23:03:29

Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. TCC is a security technology and a privacy framework that blocks apps from accessing private user data by providing macOS control over how their data is accessed and used by applications across Apple devices. Apple has fixed the security flaw tracked as CVE-2025-31199 (reported by Microsoft'

Topics: apple cve data microsoft security
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3599 apple 2991 new 2371 google 1997 content 1716
Popular
like 1483 company 1410 pro 1308 iphone 1139 app 1119 zdnet 1098 said 1049 data 1042 does 900 reviews 886
Emerging
editorial 865 amazon 855 game 803 samsung 769 phone 759 pixel 755 android 738 just 715 available 680 users 679
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]