SecurityWeek

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code ...
SecurityWeek

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

OpenAI recently patched a Codex CLI vulnerability that can be exploited in attacks aimed at software developers.
Hosted on MSN

Fresh zero-day vulnerability in Chrome found to be actively exploited by hackers in the wild

When was the last time you updated your web browser? Are your palms sweaty? Knees weak, arms heavy, mom's spaghetti? Well, as the saying goes the best time to plant a tree/update your web ...

Hacking Alert! Millions of Android Phones In India Are At Risk, Do This Immediately To Protect Your Device

The Indian Computer Emergency Response Team (CERT-In) has alerted Google Android phone users about severe vulnerabilities ...

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions ...
Ars Technica

High-severity vulnerability in Passwordstate credential manager. Patch now.

The maker of Passwordstate, an enterprise-grade password manager for storing companies’ most privileged credentials, is urging them to promptly install an update fixing a high-severity vulnerability ...
Communications of the ACM

Patching Vulnerabilities in AI Chips

There are challenges to patching AI chips, and cybersecurity risks to not patching them. The expanding power of artificial intelligence and its many applications depends upon the strength and ...
Android Authority

Qualcomm confirms cyberattack on Android devices that exploited a vulnerability in its chipsets

A zero-day vulnerability found in several Qualcomm chipsets was recently exploited to target Android users. The vulnerability affects 64 chipsets, including Snapdragon SoCs, modems, and FastConnect ...

More work for admins as Google patches latest zero-day Chrome vulnerability

Chrome has suffered two other confirmed zero days in the V8 engine in 2025, from a tally of seven across Chrome as a whole. The V8 flaws were CVE-2025-5419 in June and CVE-2025-10585 in September.
Computer Weekly

Briefs: Vulnerabilities found in Trend Micro, Firefox browser

Tokyo-based antivirus vendor Trend Micro has issued a patch for a vulnerability in its antivirus scanning products, which could crash a user's system or allow remote execution of arbitrary code. The ...

Google fixes two Android zero days exploited in attacks, 107 flaws

Google has released the025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited ...
EurekAlert!

Computer scientists discover vulnerabilities in a popular security protocol

The Blast-RADIUS attack flow. More than 90 vendors have been involved in a coordinated disclosure and issued security bulletins. A widely used security protocol that dates back to the days of dial-up ...