Security
Headlines
HeadlinesLatestCVEs

Tag

#google

A message from Bruce the mechanical shark

This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing.

TALOS
Open in Source
#vulnerability#ios#mac#windows#apple#google#cisco#git#intel#pdf#asus#auth
New Fake Marketplace From China Mimics Top Retail Brands for Fraud

Silent Push exposes thousands of fake e-commerce websites spoofing major brands like Apple and Michael Kors. Learn how this Chinese phishing scam targets shoppers and steals financial data, impacting global consumers.

A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now

The Scattered Spider hacking group has caused chaos among retailers, insurers, and airlines in recent months. Researchers warn that its flexible structure poses challenges for defense.

Update your Chrome to fix new actively exploited zero-day vulnerability

Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited.

Facebook wants to look at your entire camera roll for “AI restyling” suggestions, and more

Facebook's pursuit of your personal data continues, and now it has a new target: photos on your phone that you haven't shared with it yet.

Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary

GHSA-hc8f-m8g5-8362: File Browser: Command Execution not Limited to Scope

## Summary ## In the web application, all users have a *scope* assigned, and they only have access to the files within that *scope*. The *Command Execution* feature of Filebrowser allows the execution of shell commands which are not restricted to the scope, potentially giving an attacker read and write access to all files managed by the server. ## Impact ## Shell commands are executed with the *uid* of the server process without any further restrictions. This means, that they will have access to at least * all files managed by the application from all *scopes*, even those the user does not have access to in the GUI. * the Filebrowser database file containing the password hashes of all accounts. The concrete impact depends on the commands being granted to the attacker, but due to other vulnerabilities identified ("Bypass Command Execution Allowlist", "Shell Commands Can Spawn Other Commands", "Insecure File Permissions") it is likely, that full read- and write-access will exist. R...

AI-Themed SEO Poisoning Attacks Spread Info, Crypto Stealers

Malicious websites designed to rank high in Google search results for ChatGPT and Luma AI deliver the Lumma and Vidar infostealers and other malware.

Android threats rise sharply, with mobile malware jumping by 151% since start of year

We've seen several spikes in Android threats since the start of 2025. Here's how to protect yourself.

Top Apple, Google VPN Apps May Help China Spy on Users

Apple and Google espouse strong values about data privacy, but they allow programs from a Big Brother state to thrive on their app stores, researchers allege.