Google has released a Chrome 138 security update that patches a zero-day, the fifth resolved in the browser this year.
The post Chrome Update Patches Fifth Zero-Day of 2025 appeared first on SecurityWeek.
Chrome 138 Update Patches Zero-Day Vulnerability
Google has released a Chrome 138 update that patches a high-severity vulnerability with an exploit in the wild.
The post Chrome 138 Update Patches Zero-Day Vulnerability appeared first on SecurityWeek.
Critical Citrix NetScaler Flaw Exploited as Zero-Day
Citrix has released patches for a critical vulnerability in NetScaler ADC and NetScaler Gateway exploited as a zero-day.
The post Critical Citrix NetScaler Flaw Exploited as Zero-Day appeared first on SecurityWeek.
FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks
WhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit.
The post FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks appeared first on SecurityWeek.
Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’
Redmond warns that external control of a file name or path in WebDAV “allows an unauthorized attacker to execute code over a network.”
The post Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ appeared first on SecurityWeek.
Google Researchers Find New Chrome Zero-Day
Reported by the Google Threat Analysis Group, the vulnerability might have been exploited by commercial spyware.
The post Google Researchers Find New Chrome Zero-Day appeared first on SecurityWeek.
Vulnerabilities in CISA KEV Are Not Equally Critical: Report
New report says organizations should always consider environmental context when assessing the impact of vulnerabilities in CISA KEV catalog.
The post Vulnerabilities in CISA KEV Are Not Equally Critical: Report appeared first on SecurityWeek.
Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks
A Chinese threat actor exploited a zero-day vulnerability in Trimble Cityworks to hack local government entities in the US.
The post Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks appeared first on SecurityWeek.
Russian APT Exploiting Mail Servers Against Government, Defense Organizations
Russia-linked APT28 has been exploiting mail server vulnerabilities against government and defense entities since September 2023.
The post Russian APT Exploiting Mail Servers Against Government, Defense Organizations appeared first on SecurityWeek.
Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware
Google bundles multiple safeguards under a single Android toggle to protect high-risk users from advanced mobile malware implants.
The post Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware appeared first on SecurityWeek.