Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.
The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Releases Eight Industrial Control Systems Advisories
March 16, 2023
CISA released eight Industrial Control Systems (ICS) advisories on March 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-075-01 Siemens SCALANCE, RUGGEDCOM Third-Party ICSA-23-075-02 Siemens RUGGEDCOM CROSSBOW V5.3 Read more… Source: U.S. Cybersecurity and Infrastructure ...
- Threat Actors Exploited Progress Telerik Vulnerability in U.S. Government IIS Server
March 15, 2023
Today, the CISA, Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server. This joint CSA provides IT infrastructure defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect ...
- Hands up who DIDN’T exploit this years-old flaw to ransack a US govt web server…
March 15, 2023
Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency’s Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution. The snafu happened between November 2022 and early January, according to a joint alert from the FBI, CISA, and America’s Multi-State Information ...
- Magniber ransomware actors used a variant of Microsoft SmartScreen bypass
March 14, 2023
Google’s Threat Analysis Group (TAG) recently discovered usage of an unpatched security bypass in Microsoft’s SmartScreen security feature, which financially motivated actors are using to deliver the Magniber ransomware without any security warnings. The attackers are delivering MSI files signed with an invalid but specially crafted Authenticode signature. The malformed signature causes SmartScreen to return ...
- SAP releases security updates fixing five critical vulnerabilities
March 14, 2023
Software vendor SAP has released security updates for 19 vulnerabilities, five rated as critical, meaning that administrators should apply them as soon as possible to mitigate the associated risks. The flaws fixed this month impact many products, but the critical severity bugs affect SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver. Read more… Source: Bleeping Computer
- Microsoft fixes Windows zero-day exploited in ransomware attacks
March 14, 2023
Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags. The attackers have been using malicious MSI files signed with a specially crafted Authenticode signature to exploit this security feature bypass vulnerability (tracked as CVE-2023-24880). Read more… Source: Bleeping Computer Related story: ...