News • Insights • Analysis
Google has released updates to Chrome stable channels to address a high severity vulnerability. CVE-2025-6554 is a “type confusion” vulnerability in the V8 JavaScript browser engine. An attacker could exploit this vulnerability to perform arbitrary read/write by convincing a user Read More …
Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range Read More …
BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure Read More …
During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability (CVE-2025-4365) Read More …
Researchers revealed on Thursday that two European journalists had their iPhones hacked with spyware made by Paragon. Apple says it has fixed the bug that was used to hack their phones. The Citizen Lab wrote in its report, shared with Read More …
Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for Read More …
ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions. In addition to issuing new certificates, ConnectWise Read More …
Cisco has released software updates for its Identity Service Engine (ISE). The updates address a critical severity vulnerability in the ISE product. Cisco Identity Services Engine (ISE) is a context-aware policy service to control access and threats across wired, wireless, Read More …
Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns. Qualcomm cited Google’s Threat Analysis Group, or TAG, Read More …
Google has released version 137.0.7151.68/.69 for Chrome for Windows and Mac and 137.0.7151.68 for Chrome for Linux which will roll out over the coming days/weeks. The updates address two high severity vulnerabilities in the V8 JavaScript engine. CVE-2025-5419 has a Read More …
