Tag Google

Critical Security Updates for Apple iOS and macOS Released to Address Actively Exploited Vulnerabilities

September 24, 2021

On Thursday, Apple launched important security updates to tackle multiple vulnerabilities in older iOS and macOS versions, which have been exploited in real-world attacks. This release also expands on previous patches for a security flaw targeted by NSO Group’s Pegasus spyware aimed at iPhone users.

Notably, CVE-2021-30869, a type confusion vulnerability within Apple’s XNU kernel, could allow malicious apps to execute arbitrary code with elevated privileges. Apple has improved state handling to mitigate this issue. Google’s Threat Analysis Group, which reported the vulnerability, noted it was being exploited alongside a remote code execution vulnerability affecting WebKit.

Additionally, Apple addressed two more vulnerabilities, CVE-2021-30858 and CVE-2021-30860, which were patched earlier this month.

Apple Issues Critical Updates to Address Zero-Day Vulnerabilities in iOS and macOS September 24, 2021 Apple has issued important security updates for older versions of iOS and macOS in response to vulnerabilities that are currently being actively exploited. The company identified these issues during its ongoing security monitoring and reported…

Read More

Critical Security Updates for Apple iOS and macOS Released to Address Actively Exploited Vulnerabilities

September 24, 2021

On Thursday, Apple launched important security updates to tackle multiple vulnerabilities in older iOS and macOS versions, which have been exploited in real-world attacks. This release also expands on previous patches for a security flaw targeted by NSO Group’s Pegasus spyware aimed at iPhone users.

Notably, CVE-2021-30869, a type confusion vulnerability within Apple’s XNU kernel, could allow malicious apps to execute arbitrary code with elevated privileges. Apple has improved state handling to mitigate this issue. Google’s Threat Analysis Group, which reported the vulnerability, noted it was being exploited alongside a remote code execution vulnerability affecting WebKit.

Additionally, Apple addressed two more vulnerabilities, CVE-2021-30858 and CVE-2021-30860, which were patched earlier this month.

Anthropic’s Mythos Will Spark a Cybersecurity Reckoning—But Not How You Expect

Anthropic Launches Claude Mythos Preview: A New Development in Cybersecurity Risks This week, Anthropic unveiled its Claude Mythos Preview model, heralded as a significant milestone in the evolution of cybersecurity. The company asserts that this new technology poses an unprecedented existential threat to current software defense mechanisms, sparking debates about…

Read MoreAnthropic’s Mythos Will Spark a Cybersecurity Reckoning—But Not How You Expect

Critical Chrome Update Released to Fix Actively Exploited Zero-Day Flaw

On September 25, 2021, Google issued an urgent security patch for its Chrome web browser to address a vulnerability that is currently being exploited. Identified as CVE-2021-37973, the issue is categorized as a “use after free” flaw within the Portals API, a system that facilitates seamless navigation between web pages. Clément Lecigne from Google’s Threat Analysis Group reported the vulnerability. While detailed information about the flaw has not been shared to protect users, Google confirmed that an exploit for CVE-2021-37973 is known to be in use. This update comes shortly after Apple patched a related exploit affecting older versions of iOS and macOS (CVE-2021-30869).

Urgent Chrome Update Released to Address Actively Exploited Zero-Day Vulnerability On September 25, 2021, Google released an urgent security update for its Chrome web browser to rectify a critical flaw that has been actively exploited in the wild. Identified as CVE-2021-37973, this vulnerability is categorized as a “use after free”…

Read More

Critical Chrome Update Released to Fix Actively Exploited Zero-Day Flaw

On September 25, 2021, Google issued an urgent security patch for its Chrome web browser to address a vulnerability that is currently being exploited. Identified as CVE-2021-37973, the issue is categorized as a “use after free” flaw within the Portals API, a system that facilitates seamless navigation between web pages. Clément Lecigne from Google’s Threat Analysis Group reported the vulnerability. While detailed information about the flaw has not been shared to protect users, Google confirmed that an exploit for CVE-2021-37973 is known to be in use. This update comes shortly after Apple patched a related exploit affecting older versions of iOS and macOS (CVE-2021-30869).

Urgent: Update Google Chrome Now to Fix 2 New Actively Exploited Zero-Day Vulnerabilities

On October 1, 2021, Google released critical security updates for its Chrome browser, addressing two newly discovered vulnerabilities currently being exploited. These mark the fourth and fifth zero-day flaws resolved this month. The vulnerabilities, identified as CVE-2021-37975 and CVE-2021-37976, relate to a use-after-free issue in the V8 JavaScript and WebAssembly engine, as well as an information leak in the core. As is standard practice, Google has withheld specific details about the attacks to ensure that users can quickly install the necessary updates. However, the company confirmed that “exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.” CVE-2021-37975 was reported by an anonymous researcher, while CVE-2021-37976 was identified by Clément Lecigne from Google’s Threat Analysis Group.

Update Your Google Chrome Browser Immediately to Address Two New Actively Exploited Zero-Day Vulnerabilities On October 1, 2021, Google announced the release of critical security updates for its Chrome web browser, responding to two newly identified vulnerabilities that are presently being exploited by malicious actors. These vulnerabilities mark the fourth…

Read More

Urgent: Update Google Chrome Now to Fix 2 New Actively Exploited Zero-Day Vulnerabilities

On October 1, 2021, Google released critical security updates for its Chrome browser, addressing two newly discovered vulnerabilities currently being exploited. These mark the fourth and fifth zero-day flaws resolved this month. The vulnerabilities, identified as CVE-2021-37975 and CVE-2021-37976, relate to a use-after-free issue in the V8 JavaScript and WebAssembly engine, as well as an information leak in the core. As is standard practice, Google has withheld specific details about the attacks to ensure that users can quickly install the necessary updates. However, the company confirmed that “exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.” CVE-2021-37975 was reported by an anonymous researcher, while CVE-2021-37976 was identified by Clément Lecigne from Google’s Threat Analysis Group.

Google Alerts on Active Exploitation of New Android Zero-Day Vulnerability

November 3, 2021

Google has released its latest monthly security updates for Android, addressing 39 vulnerabilities, including a zero-day exploit that is currently being targeted in limited attacks. Identified as CVE-2021-1048, this zero-day flaw is characterized as a use-after-free vulnerability in the kernel, which could allow local privilege escalation. Use-after-free vulnerabilities pose significant risks, enabling attackers to access or reference memory that has already been freed. This could lead to a “write-what-where” scenario, allowing arbitrary code execution and potential control over a victim’s device. “There are indications that CVE-2021-1048 may be under limited, targeted exploitation,” Google stated in its November advisory, while withholding specific technical details about the exploit, the nature of the attacks, and the identities of any potential perpetrators. The security patch also addresses two critical vulnerabilities among the other fixes.

Google Alerts on Newly Discovered Android Zero-Day Exploited in Targeted Attacks November 3, 2021 Google has announced the release of its monthly security updates for the Android operating system, which include fixes for 39 vulnerabilities. Among these is a critical zero-day vulnerability identified as CVE-2021-1048, which the company has confirmed…

Read More

Google Alerts on Active Exploitation of New Android Zero-Day Vulnerability

November 3, 2021

Google has released its latest monthly security updates for Android, addressing 39 vulnerabilities, including a zero-day exploit that is currently being targeted in limited attacks. Identified as CVE-2021-1048, this zero-day flaw is characterized as a use-after-free vulnerability in the kernel, which could allow local privilege escalation. Use-after-free vulnerabilities pose significant risks, enabling attackers to access or reference memory that has already been freed. This could lead to a “write-what-where” scenario, allowing arbitrary code execution and potential control over a victim’s device. “There are indications that CVE-2021-1048 may be under limited, targeted exploitation,” Google stated in its November advisory, while withholding specific technical details about the exploit, the nature of the attacks, and the identities of any potential perpetrators. The security patch also addresses two critical vulnerabilities among the other fixes.

Anthropic Collaborates with Competitors to Prevent AI from Compromising Security

In late March, leaked reports revealed that Anthropic has developed a new AI model named Mythos, which they formally announced on Tuesday. Alongside this announcement, the company introduced an industry consortium called Project Glasswing, aimed at addressing the cybersecurity implications associated with this advanced model and the evolving capabilities across…

Read MoreAnthropic Collaborates with Competitors to Prevent AI from Compromising Security

Anthropic Declares Its New Model Too Risky for Public Release

AI-Driven Security Operations, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Anthropic Restricts Access to New AI Model Due to Misuse Concerns David Perera (@daveperera), Chris Riotta (@chrisriotta) • April 7, 2026 Image: Shutterstock In a significant development for cybersecurity, Anthropic announced the creation of an artificial intelligence…

Read MoreAnthropic Declares Its New Model Too Risky for Public Release

New Phoenix RowHammer Attack Overcomes DDR5 Memory Protections in Just 109 Seconds

A research team from ETH Zürich and Google has unveiled a new variant of the RowHammer attack, named Phoenix, specifically targeting DDR5 memory chips produced by SK Hynix. This attack (CVE-2025-6202, CVSS score: 7.1) effectively circumvents advanced security measures designed to protect against such vulnerabilities. “Our findings confirm that it is possible to consistently trigger RowHammer bit flips on a wider scale with SK Hynix’s DDR5 devices,” stated ETH Zürich’s Computer Security Group (COMSEC). “We also demonstrated that on-die ECC fails to prevent RowHammer attacks, making end-to-end RowHammer exploits feasible on DDR5.” RowHammer is a critical hardware vulnerability where repetitive access to a memory row can induce bit flips in neighboring rows, leading to data corruption that malicious actors can exploit to access sensitive information or elevate privileges.

New Phoenix RowHammer Attack Compromises DDR5 Memory Protections A recent discovery made by researchers from ETH Zürich and Google has brought to light a new variant of the RowHammer attack, specifically targeting DDR5 memory chips from South Korean semiconductor manufacturer SK Hynix. This variant, dubbed Phoenix (CVE-2025-6202, CVSS score: 7.1),…

Read More

New Phoenix RowHammer Attack Overcomes DDR5 Memory Protections in Just 109 Seconds

A research team from ETH Zürich and Google has unveiled a new variant of the RowHammer attack, named Phoenix, specifically targeting DDR5 memory chips produced by SK Hynix. This attack (CVE-2025-6202, CVSS score: 7.1) effectively circumvents advanced security measures designed to protect against such vulnerabilities. “Our findings confirm that it is possible to consistently trigger RowHammer bit flips on a wider scale with SK Hynix’s DDR5 devices,” stated ETH Zürich’s Computer Security Group (COMSEC). “We also demonstrated that on-die ECC fails to prevent RowHammer attacks, making end-to-end RowHammer exploits feasible on DDR5.” RowHammer is a critical hardware vulnerability where repetitive access to a memory row can induce bit flips in neighboring rows, leading to data corruption that malicious actors can exploit to access sensitive information or elevate privileges.

🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More

Cybersecurity Weekly Update: New Vulnerabilities and Persistent Threats This week, the cybersecurity landscape revealed alarming developments as multiple organizations fell victim to sophisticated attacks, highlighting the evolving tactics employed by cybercriminals. Notably, Fortinet disclosed a serious vulnerability affecting its FortiWeb application firewall, categorized as CVE-2025-58034. This flaw, assigned a medium…

Read More🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More