Apple patches two zero-day flaws used in targeted attacks

Apple releases emergency patches for two zero-day vulnerabilities actively exploited in attacks. iPhone and iPad users urged ...

Google releases emergency fix for yet another zero-day

Exact dates when the patch is expected to roll out is unknown, Google confirmed it will be coming to most users “over the coming days/weeks”. The Stable channel has been updated to 143.0.7499.109/.110 ...
Security Boulevard

Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products

Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft ...
Việt Báo

Technology News Roundup 29/12: Samsung and Apple smartphone prices may continue to rise in the near future.

Some predictions suggest that upcoming flagship models from Samsung and Apple are unlikely to maintain the same price points ...
Amaze Lab on MSN

Emergency patch rushed by Apple and Google—'extremely sophisticated' attack detected

A fast-moving spyware campaign has forced Apple, Google and the U.S. government into an unusually coordinated response, as federal officials warn organizations to either update Chrome and other ...
The Hacker News

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.0–1.120.4 affected, ...
The Hacker News

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

This weekly recap brings those stories together in one place. No overload, no noise. Read on to see what shaped the threat ...
Android Authority

Good news for custom ROMs: Google just released the Android 16 QPR2 source code

Google has started uploading the source code for Android 16 QPR2 to AOSP following its release for Pixel devices today. This marks a return to form for Google after the company surprisingly withheld ...
CSOonline

Gladinet servers file-sharing servers allow remote code execution

Enterprises relying on Gladinet’s file-sharing services are faced with another round of zero-day patching, this time to block attackers from abusing cryptographic keys directly baked into its ...
Bleeping Computer

Windows PowerShell now warns when running Invoke-WebRequest scripts

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. As Microsoft ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Hosted on MSN

Critical flaws found in AI development tools are dubbed an 'IDEsaster' — data theft and remote code execution possible

A six-month investigation into AI-assisted development tools has uncovered over thirty security vulnerabilities that allow data exfiltration and, in some cases, remote code execution. The findings, ...