Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.
The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
October 15, 2024
In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document. However, the email ...
- Critical Veeam Backup & Replication Vulnerability Under Active Exploitation
October 11, 2024
Security researchers have reported CVE-2024-40711 is under active exploitation by ransomware groups. These groups are reportedly exploiting CVE-2024-40711 as a second stage exploit to create new local Administrator accounts to facilitate further objectives on compromised networks. Reports warn of exploitation attempts since shortly after official disclosure by Veeam. Enterprise backup and disaster recovery applications are valuable ...
- Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
October 11, 2024
Today FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of the investigation, two out of the three identified vulnerabilities were not publicly known. This incident is a prime example of how threat actors chain zero-day ...
- Exploited Vulnerability in Multiple Fortinet Products
October 10, 2024
Fortinet has released a security advisory to address a critical vulnerability in the FortiOS fgfmd daemon. CVE-2024-23113 is a ‘use of externally-controlled format string’ vulnerability with a CVSSv3 score of 9.8. A remote unauthenticated attacker could send specially crafted requests to execute arbitrary code (ACE) or commands. Affected organisations are encouraged to review Fortinet PSIRT Advisory ...
- FBI: Update on SVR Cyber Operations and Vulnerability Exploitation
October 10, 2024
The Federal Bureau of Investigation (FBI) and pertners are releasing this joint Cybersecurity Advisory (CSA) to highlight the tactics, techniques, and procedures (TTPs) employed by the Russian Federation’s Foreign Intelligence Service (SVR) in recent cyber operations and provide network defenders with information to help counter SVR cyber threats. Since at least 2021, Russian SVR cyber actors ...
- API Security Exposed: The Role of API Vulnerabilities in Real-World Data Breaches
October 10, 2024
This Trend Micro research discusses real-world API vulnerabilities and shows the risks companies face every day. We start our journey with two popular API gateways: APISIX and Kong. The researchers found over 600 APISIX instances and hundreds of thousands of Kong gateways accessible online. Each one is a door waiting for attackers to knock. However, the ...