Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account ta…Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. [...]
USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update
introduced a regression that prevented mod_http2 from loading on Ubuntu
18.04 LTS. This updat…USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update
introduced a regression that prevented mod_http2 from loading on Ubuntu
18.04 LTS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Apache HTTP Server incorrectly handled certain
response headers. An attacker could possibly use this issue to perform
HTTP response splitting attacks. This issue only affected Ubuntu 14.04
LTS. (CVE-2023-38709)
Will Dormann
A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based…A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction market. [...]
Hello Everyone! We've just released Chrome 149 (149.0.7827.48) for Android to a small percentage of users. It'll become available on Google Play over the next…Hello Everyone! We've just released Chrome 149 (149.0.7827.48) for Android to a small percentage of users. It'll become available on Google Play over the next few days. You can find more details about early Stable releases here . This release includes stability and performance improvements. You can see a full list of the changes in the Git log . If you find a new issue, please let us know by filing a bug . Harry Souders Google Chrome
Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private …Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software. [...]
De multiples vulnérabilités ont été découvertes dans Centreon Web. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et u…De multiples vulnérabilités ont été découvertes dans Centreon Web. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
De multiples vulnérabilités ont été découvertes dans les produits Mattermost. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié …De multiples vulnérabilités ont été découvertes dans les produits Mattermost. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
The Stable channel has been updated to 148.0.7778.216/217 for Windows and 148.0.7778.215/216 Mac and 148.0.7778.215 for Linux, which will roll out over the …The Stable channel has been updated to 148.0.7778.216/217 for Windows and 148.0.7778.215/216 Mac and 148.0.7778.215 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but
Hi everyone! We've just released Chrome Beta 149 (149.0.7827.48) for Android. It's now available on Google Play . You can see a partial list of the changes in …Hi everyone! We've just released Chrome Beta 149 (149.0.7827.48) for Android. It's now available on Google Play . You can see a partial list of the changes in the Git log . For details on new features, check out the Chromium blog , and for details on web platform updates, check here . If you find a new issue, please let us know by filing a bug . Chrome Release Team Google Chrome
Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly us…Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to gain unauthorized access to sensitive
information. (CVE-2026-22016)
It was discovered that the Networking component of OpenJDK 26 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to cause a denial of service.
(CVE-2026-34282)
It was discovered that the JSSE comp
It was discovered that pip incorrectly handled TLS certificate
verification in session connections. If a session was first used with
certificate verification di…It was discovered that pip incorrectly handled TLS certificate
verification in session connections. If a session was first used with
certificate verification disabled, subsequent requests to the same host
would also skip verification regardless of the session's current settings.
A remote attacker could possibly use this issue to perform a machine-in-the-middle
attack and expose sensitive information. (CVE-2024-35195)
It was discovered that pip's bundled urllib3 library did not limit the
number
USN-8229-1 fixed a vulnerability in sed. This update provides the
corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
…USN-8229-1 fixed a vulnerability in sed. This update provides the
corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
Michał Majchrowicz and Marcin Wyczechowski discovered that sed
incorrectly handled symbolic links when performing in-place edits.
A local attacker could possibly use this issue to overwrite
arbitrary files.
It was discovered that Vim did not properly handle backticks in tag
filenames. An attacker could possibly use this issue to execute
arbitrary commands.
It was discovered that multipart had an ambiguous regular expression
alternation when handling certain HTTP header values. A remote attacker
could possibly use …It was discovered that multipart had an ambiguous regular expression
alternation when handling certain HTTP header values. A remote attacker
could possibly use this issue to cause multipart to use excessive
resources, leading to a denial of service.
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented cred…Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]
Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly us…Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to gain unauthorized access to sensitive
information. (CVE-2026-22016)
It was discovered that the Networking component of OpenJDK 25 did not
correctly authenticate certain APIs. A remote unauthenticated attacker
could possibly use this issue to cause a denial of service.
(CVE-2026-34282)
It was discovered that the JSSE comp
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched
encryption salt parameters in crafted OOXML documents. An attacker could
use this issu…Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched
encryption salt parameters in crafted OOXML documents. An attacker could
use this issue to cause LibreOffice to crash, resulting in a denial of
service, or possibly execute arbitrary code.
It was discovered that Apache HTTP Server incorrectly handled certain
response headers. An attacker could possibly use this issue to perform
HTTP response split…It was discovered that Apache HTTP Server incorrectly handled certain
response headers. An attacker could possibly use this issue to perform
HTTP response splitting attacks. This issue only affected Ubuntu 14.04
LTS. (CVE-2023-38709)
Will Dormann and David Warren discovered that Apache HTTP Server's HTTP/2
implementation did not properly reclaim memory when streams were reset by
clients. A remote attacker could possibly use this issue to cause Apache
HTTP Server to consume resources, leading to
It was discovered that QtSvg incorrectly handled certain SVG images. An
attacker could possibly use this issue to cause QtSvg to crash, resulting in
a denial of…It was discovered that QtSvg incorrectly handled certain SVG images. An
attacker could possibly use this issue to cause QtSvg to crash, resulting in
a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2018-19869)
It was discovered that QtSvg incorrectly handled certain SVG images. An
attacker could use this issue to cause QtSvg to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-202
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [.…An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]
MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, …MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. [...]
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here.…The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here.
The post 2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface appeared first on Unit 42 .
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'édit…De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de l…De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
De multiples vulnérabilités ont été découvertes dans les produits Veeam. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distanc…De multiples vulnérabilités ont été découvertes dans les produits Veeam. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.
Hi everyone! We've just released Chrome Stable 149 (149.0.7827.45) for iOS; it'll become available on App Store in the next few hours. This release includes sta…Hi everyone! We've just released Chrome Stable 149 (149.0.7827.45) for iOS; it'll become available on App Store in the next few hours. This release includes stability and performance improvements. You can see a full list of the changes in the Git log . If you find a new issue, please let us know by filing a bug . Chrome Release Team Google Chrome
Hi everyone! We've just released Chrome Beta 149 (149.0.7827.46) for iOS; it'll become available on App Store in the next few days. You can see a partial list o…Hi everyone! We've just released Chrome Beta 149 (149.0.7827.46) for iOS; it'll become available on App Store in the next few days. You can see a partial list of the changes in the Git log . If you find a new issue, please let us know by filing a bug . Chrome Release Team Google Chrome
De multiples vulnérabilités ont été découvertes dans Symfony. Certaines d'entre elles permettent à un attaquant de provoquer une falsification de requêtes côté …De multiples vulnérabilités ont été découvertes dans Symfony. Certaines d'entre elles permettent à un attaquant de provoquer une falsification de requêtes côté serveur (SSRF), une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
M-148, ChromeOS version 16640.40.0 (Browser version 148.0.7778.174) has rolled out to ChromeOS devices on the Stable channel. If you find new issues, please le…M-148, ChromeOS version 16640.40.0 (Browser version 148.0.7778.174) has rolled out to ChromeOS devices on the Stable channel. If you find new issues, please let us know one of the following ways: File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta Help Community Report an issue or send feedback on Chrome Interested in switching channels? Find out how. Security Fixes ChromeOS Vulnerability Rewards Program Reported Bug Fixes: N/A Chrome
The ChromeOS Beta channel is being updated to OS version 16667.22.0 (Browser version 149.0.7827.40 ) for most ChromeOS devices. If you find new issues, pleas…The ChromeOS Beta channel is being updated to OS version 16667.22.0 (Browser version 149.0.7827.40 ) for most ChromeOS devices. If you find new issues, please let us know one of the following ways: File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta Help Community Report an issue or send feedback on Chrome Interested in switching channels? Find out how. Luis Menezes Google ChromeOS
Ce bulletin d'actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l'anal…Ce bulletin d'actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l'analyse de l'ensemble des avis et alertes publiés par le CERT-FR dans le cadre d'une analyse de risques pour prioriser l'application des...
A new LTS-144 version 144.0.7559.252 (Platform Version: 16503.84.0), is being rolled out for most ChromeOS devices. This version includes selected securi…A new LTS-144 version 144.0.7559.252 (Platform Version: 16503.84.0), is being rolled out for most ChromeOS devices. This version includes selected security fixes including: 495931147 High CVE-2026-5289: Use after free in Navigation. 497846428 High CVE-2026-6309: Use after free in Viz. 487117772 High CVE-2026-4449: Use after free in Blink. 488188166 High CVE-2026-4674: Out of bounds read in CSS. 497412658 High CVE-2026-6308: Out of bounds read in Media. 482828615 High CVE-2026-3916:
Hi everyone! We've just released Chrome Dev 150 (150.0.7847.3) for Android. It's now available on Google Play . You can see a partial list of the changes in th…Hi everyone! We've just released Chrome Dev 150 (150.0.7847.3) for Android. It's now available on Google Play . You can see a partial list of the changes in the Git log . For details on new features, check out the Chromium blog , and for details on web platform updates, check here . If you find a new issue, please let us know by filing a bug . Chrome Release Team Google Chrome
De multiples vulnérabilités ont été découvertes dans Tenable Sensor Proxy. Elles permettent à un attaquant de provoquer un déni de service à distance, une attei…De multiples vulnérabilités ont été découvertes dans Tenable Sensor Proxy. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'édi…De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans les produits Mattermost. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié …De multiples vulnérabilités ont été découvertes dans les produits Mattermost. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une élévation de privilèges et un co…De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une élévation de privilèges et un contournement de la politique de sécurité. Trend Micro indique que la vulnérabilité CVE-2026-34926 est activement exploitée
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un contournement de la politique de sé…De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une élévation de privilèges et un pro…De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une élévation de privilèges et un problème de sécurité non spécifié par l'éditeur.
The Dev channel has been updated to 150.0.7846.4 for Windows, Mac and Linux. A partial list of changes is available in the Git log . Interested in switching …The Dev channel has been updated to 150.0.7846.4 for Windows, Mac and Linux. A partial list of changes is available in the Git log . Interested in switching release channels? Find out how . If you find a new issue, please let us know by filing a bug . The community help forum is also a great place to reach out for help or learn about common issues. Chrome Release Team Google Chrome
The Stable channel has been updated to 149.0.7827.22/.23 for Windows and Mac ( 149.0.7827.29/.30) ,as part of our early stable release to a small percent…The Stable channel has been updated to 149.0.7827.22/.23 for Windows and Mac ( 149.0.7827.29/.30) ,as part of our early stable release to a small percentage of users. A full list of changes in this build is available in the log . You can find more details about early Stable releases here . Interested in switching release channels? Find out how here . If you find a new issue, please let us know by filing a bug . The community help forum is also a great place to reach out for help
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.
The post The npm Th…Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.
The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21) appeared first on Unit 42 .
Une vulnérabilité a été découverte dans Drupal. Elle permet à un attaquant de provoquer une injection SQL (SQLi). L'éditeur précise que la vulnérabilité CVE-202…Une vulnérabilité a été découverte dans Drupal. Elle permet à un attaquant de provoquer une injection SQL (SQLi). L'éditeur précise que la vulnérabilité CVE-2026-9082 affecte uniquement les applications qui utilisent PostgreSQL comme système de gestion de base de données. Cependant, il recommande...
The Beta channel has been updated to 149.0.7827.22 for Windows, Mac and Linux. A partial list of changes is available in the Git log . Interested in switching…The Beta channel has been updated to 149.0.7827.22 for Windows, Mac and Linux. A partial list of changes is available in the Git log . Interested in switching release channels? Find out how . If you find a new issue, please let us know by filing a bug . The community help forum is also a great place to reach out for help or learn about common issues. Chrome Release Team Google Chrome
CVSSv3 Score:
7.8
CVE-2026-31431In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla…CVSSv3 Score:
7.8
CVE-2026-31431In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Revised on 2026-05-13 00:00:00