Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.
The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hundreds of organizations breached by SharePoint mass-hacks
July 23, 2025
Security researchers say hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, signaling a sharp rise in the number of detected compromises since the bug was discovered last week. Eye Security, a Dutch cybersecurity firm that first identified the vulnerability in SharePoint, a popular server software that companies use to ...
- Microsoft releases urgent SharePoint security flaw patches
July 21, 2025
Microsoft has released an urgent patch to fix a zero-day vulnerability affecting on-premises SharePoint servers. The vulnerability is already being exploited in the wild, which is why users are urged to apply the patch immediately and secure their assets. Three Microsoft products were said to be affected: SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint ...
- CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild
July 18, 2025
On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.4_23 across all platforms. According to the public-facing vendor advisory, this vulnerability in the CrushFTP managed file transfer software web interface is being exploited in the ...
- Google Releases Security Update for Chrome
July 18, 2025
Google has released version 138.0.7204.157/.158 for Chrome for Windows and Mac and 138.0.7204.157 for Chrome for Linux, which will roll out over the coming days/weeks. The updates address three high severity vulnerabilities, including CVE-2025-6558, which has an exploit in the wild. CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU vulnerability – CVSSv3 score: 8.8 Read ...
- GhostContainer backdoor: Malware compromising Exchange servers of high-value organizations in Asia
July 17, 2025
In a recent incident response (IR) case, Kaspersky researchers discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Kaspersky in-depth analysis of the malware revealed a sophisticated, multi-functional backdoor that can be dynamically ...
- Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
July 16, 2025
Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances. GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access ...