Obfuscated Code Found in SVG Files from Pornography Sites Triggers Malicious Attacks Recent findings from cybersecurity firm Malwarebytes have revealed alarming vulnerabilities in the use of SVG file formats on various adult-themed websites. Researchers discovered that these sites were deploying obfuscated JavaScript within SVG files, which, when downloaded, initiate a…
Government, Industry Specific, Regulation ENISA’s Laura Heuvinck Discusses Cybersecurity Index’s Implications for the EU Akshaya Asokan (asokan_akshaya) • August 8, 2025 Laura Heuvinck, ENISA Spokesperson In the recently released EU Cybersecurity Index, European Union member states achieved an average score of 64.51 out of 100, indicating a moderate level of…
Data Breach at Bouygues Telecom Affects 6.4 Million Customers Pierluigi Paganini August 08, 2025 Bouygues Telecom Reports Cyberattack Compromising Customer Data Bouygues Telecom has confirmed that it experienced a significant cyberattack, resulting in the exposure of personal information of approximately 6.4 million of its customers. This French telecommunications provider, a…
Google AI “Big Sleep” Identifies Critical SQLite Vulnerability Before Hackers Can Exploit It
July 16, 2025
AI Security / Vulnerability
Google announced on Tuesday that its language model-assisted vulnerability detection system successfully identified a security flaw in the SQLite open-source database engine, preventing potential exploitation. The vulnerability, designated CVE-2025-6965 (CVSS score: 7.2), is a memory corruption issue affecting all versions prior to 3.50.2. Discovered by “Big Sleep,” an AI agent developed through a collaboration between DeepMind and Google Project Zero, this flaw allows for potential attacks through arbitrary SQL statements, leading to integer overflow risks. SQLite maintainers cautioned that this critical security issue was previously known only to threat actors. Google has not disclosed the identities of these actors but emphasized the urgency of addressing the vulnerability.
Google AI “Big Sleep” Detects Critical SQLite Vulnerability Before Exploitation Could Occur On July 16, 2025, Google announced a significant achievement in cybersecurity through its AI-driven vulnerability assessment tool, known as Big Sleep. This large language model (LLM)-assisted framework successfully detected a critical security vulnerability in the widely used SQLite…
Google AI “Big Sleep” Identifies Critical SQLite Vulnerability Before Hackers Can Exploit It
July 16, 2025
AI Security / Vulnerability
Google announced on Tuesday that its language model-assisted vulnerability detection system successfully identified a security flaw in the SQLite open-source database engine, preventing potential exploitation. The vulnerability, designated CVE-2025-6965 (CVSS score: 7.2), is a memory corruption issue affecting all versions prior to 3.50.2. Discovered by “Big Sleep,” an AI agent developed through a collaboration between DeepMind and Google Project Zero, this flaw allows for potential attacks through arbitrary SQL statements, leading to integer overflow risks. SQLite maintainers cautioned that this critical security issue was previously known only to threat actors. Google has not disclosed the identities of these actors but emphasized the urgency of addressing the vulnerability.
As of November 21, 2024, an estimated 2,000 devices from Palo Alto Networks have been compromised due to a campaign exploiting newly disclosed security vulnerabilities. According to data from the Shadowserver Foundation, the majority of incidents have been reported in the U.S. (554) and India (461), with additional cases in Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the U.K. (39), Peru (36), and South Africa (35).
Earlier this week, Censys reported identifying 13,324 publicly exposed next-generation firewall management interfaces, with 34% of these exposures located in the U.S. However, it is crucial to note that not all exposed hosts are necessarily vulnerable. The vulnerabilities, CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9), involve authentication bypass and privilege escalation, potentially enabling attackers to carry out malicious actions.
Warning: Ongoing Attack Campaign Compromises Over 2,000 Palo Alto Networks Devices November 21, 2024 In a concerning development in cybersecurity, it has been reported that approximately 2,000 devices from Palo Alto Networks have been compromised as a result of an ongoing attack campaign leveraging recently uncovered security vulnerabilities. The Shadowserver…
As of November 21, 2024, an estimated 2,000 devices from Palo Alto Networks have been compromised due to a campaign exploiting newly disclosed security vulnerabilities. According to data from the Shadowserver Foundation, the majority of incidents have been reported in the U.S. (554) and India (461), with additional cases in Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the U.K. (39), Peru (36), and South Africa (35).
Earlier this week, Censys reported identifying 13,324 publicly exposed next-generation firewall management interfaces, with 34% of these exposures located in the U.S. However, it is crucial to note that not all exposed hosts are necessarily vulnerable. The vulnerabilities, CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9), involve authentication bypass and privilege escalation, potentially enabling attackers to carry out malicious actions.
The recent shifts in the United States’ cybersecurity landscape illustrate a tumultuous period marked by significant policy changes under the Trump administration. The alterations to fiscal policy and foreign relations, coupled with widespread dismissals of federal staff, have left crucial cybersecurity priorities shrouded in uncertainty. This concern was evident at…
Data Privacy, Data Security, Geo Focus: Australia Telecom Faces Potential Fines Up to $2.22 Million per Violation Akshaya Asokan (asokan_akshaya) • August 8, 2025 Image: Marlon Trottmann/Shutterstock The Australian Information Commissioner has initiated legal action against Optus, one of the country’s largest telecommunications companies, alleging the firm failed to adequately…
860,000 Affected by Data Breach at Columbia University In a significant security incident, Columbia University has reported a data breach that has compromised the personal information of approximately 860,000 individuals. The university, based in the United States, has disclosed that sensitive data was potentially accessed by unauthorized actors, raising serious…
Urgent: Google Issues Critical Chrome Update to Address Active Exploit CVE-2025-6558
Jul 16, 2025
Browser Security / Zero-Day
On Tuesday, Google released a significant update for its Chrome web browser, addressing six security vulnerabilities, including a high-severity flaw that is currently being exploited in the wild. The vulnerability, identified as CVE-2025-6558 (CVSS score: 8.8), involves inadequate validation of untrusted input within the browser’s ANGLE and GPU components. According to the NIST National Vulnerability Database (NVD), “Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to version 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a specially crafted HTML page.” ANGLE, which stands for “Almost Native Graphics Layer Engine,” serves as a bridge between Chrome’s rendering engine and the device’s graphics drivers. Exploits in this module can enable attackers to bypass Chrome’s sandbox, allowing them to manipulate low-level GPU operations typically confined within the browser, making this vulnerability particularly concerning.
Urgent: Critical Chrome Update Released by Google to Address CVE-2025-6558 Exploit On July 16, 2025, Google announced significant updates to its Chrome web browser, patching six security vulnerabilities, one of which is particularly concerning as it has already been exploited in the wild. This flaw, identified as CVE-2025-6558, has been…
Urgent: Google Issues Critical Chrome Update to Address Active Exploit CVE-2025-6558
Jul 16, 2025
Browser Security / Zero-Day
On Tuesday, Google released a significant update for its Chrome web browser, addressing six security vulnerabilities, including a high-severity flaw that is currently being exploited in the wild. The vulnerability, identified as CVE-2025-6558 (CVSS score: 8.8), involves inadequate validation of untrusted input within the browser’s ANGLE and GPU components. According to the NIST National Vulnerability Database (NVD), “Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to version 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a specially crafted HTML page.” ANGLE, which stands for “Almost Native Graphics Layer Engine,” serves as a bridge between Chrome’s rendering engine and the device’s graphics drivers. Exploits in this module can enable attackers to bypass Chrome’s sandbox, allowing them to manipulate low-level GPU operations typically confined within the browser, making this vulnerability particularly concerning.
