Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2025-21401: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 133.0.3065.69 2/14/2025 133.0.6943.98/.99

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers

Despite high-profile attention and even US sanctions, the group hasn’t stopped or even slowed its operation, including the breach of two more US telecoms.

Japan Goes on Offense With New 'Active Cyber Defense' Bill

Japan is on a mission to catch up to the US standard of national cyber preparedness, and its new legislation is a measure intended to stop escalating Chinese cyber-espionage efforts, experts say.

GHSA-772m-773g-qmhc: Missing rate limit in MaysWind ezBookkeeping

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.

GHSA-3wf7-83q3-948c: Remote code execution in alextselegidis/easyappointments

Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.

GHSA-mpg8-8x9c-p9gv: MaysWind ezBookkeeping has Improper Privilege Management

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.

Democratize security processes in your software development lifecycle

IT security is no longer the responsibility of a single, specialized team. To help protect your organization from growing cyber threats, IT security should be a priority for everyone. By integrating security processes and functions into every stage of the software development lifecycle, you not only better protect your products but you also build trust with your users. Here's how you can democratize security processes and make it a shared responsibility across your organization, while giving your developers what they need to create applications quickly.Software supply chain security tools and

EPMS: the cornerstone of cybersecurity in defense operations

In a landscape where cyber threats evolve daily, the Defense Information Systems Agency’s (DISA) Enterprise Patch Management System (EPMS) plays a critical role in maintaining the cybersecurity of the Department of Defense (DoD). EPMS is not just a tool—it's a strategy, bridging software, efficiency and innovation to enhance the security posture of critical systems.The Importance of EPMSEPMS addresses a core cybersecurity challenge: verifying that all systems are consistently patched against known vulnerabilities. With cyber adversaries growing more sophisticated, leaving any endpoint exp

President Trump to Nominate Former RNC Official as National Cyber Director

Sean Cairncross will be one of the primary advisers to the administration on national cybersecurity matters.

Massive 1.17TB Data Leak Exposes Billions of IoT Grow Light Records

Massive 1.17 TB data leak exposes billions of records from a Chinese IoT grow light company. Wi-Fi passwords,…