Google Researchers Find New Chrome Zero-Day
Google on Monday released a fresh Chrome 137 update to address three vulnerabilities, including a high-severity bug exploited in the wild. Tracked as CVE-2025-5419, the…
Month: June 2025
Google fixed the second actively exploited Chrome zero-day since the start of the year
Google fixed the second actively exploited Chrome zero-day since the start of the year Pierluigi Paganini June 03, 2025 Google addressed three vulnerabilities in its…
Threat Actors Target PerimeterX CAPTCHA to Automate Microsoft Account Creation
A recent post on an underground forum has brought renewed attention to the escalating arms race between cybercriminals and anti-bot security vendors. The solicitation, offering…
Scammers are impersonating Interactive Brokers: Here’s what you need to know
Interactive Brokers is warning customers to be on high alert due to a wave of scams involving fraudsters posing as company representatives. Interactive Brokers (IBKR)…
Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion
Jun 03, 2025Ravie LakshmananThreat Intelligence / Cyber Threats Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies…
National Grid starts building large-scale substation to support growth of West London datacentres
The National Grid has confirmed that it is in the process of building its largest new electrical substation in response to the growing demand for…
Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names
Microsoft and CrowdStrike announced on Monday that they are leading an industry effort to map threat actor naming, with the goal of making it easier…
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Jun 03, 2025Ravie LakshmananWeb Security / Digital Identity Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock…
Cryptojacking campaign relies on DevOps tools
Cryptojacking campaign relies on DevOps tools Pierluigi Paganini June 03, 2025 A cryptojacking campaign is targeting exposed DevOps servers like Docker and Gitea to secretly…
Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely
Multiple security vulnerabilities in Hewlett-Packard Enterprise (HPE) StoreOnce software platform that could allow remote attackers to execute malicious code, bypass authentication mechanisms, and access sensitive…
SolarWinds Dameware Vulnerability Could Let Attackers Gain Elevated Privileges
June 3, 2025 – SolarWinds Worldwide, LLC has announced the release of Dameware 12.3.2, a critical service update focused on bug fixes, security enhancements, and…
Splunk Enterprise XSS Vulnerability Let Attackers Execute Unauthorized JavaScript Code
A significant security vulnerability in the Splunk Enterprise platform could allow low-privileged attackers to execute unauthorized JavaScript code through a reflected Cross-Site Scripting (XSS) flaw. …