ACTIVE THREATS: Chrome zero-day CVE-2025-0971 under active exploitation — update immediately • CISA ED-25-02: Ivanti Connect Secure emergency directive issued • VoltZite ransomware targeting North American power grid operators ACTIVE THREATS: Chrome zero-day CVE-2025-0971 under active exploitation — update immediately • CISA ED-25-02: Ivanti Connect Secure emergency directive issued • VoltZite ransomware targeting North American power grid operators
Latest cybersecurity vulnerabilities news, analysis, and intelligence.
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. [...]
Google has released an emergency Chrome update addressing CVE-2025-0971, a type confusion vulnerability in the V8 JavaScript engine being actively exploited in the wild. The flaw allows remote code execution with no user interaction beyond visiting a malicious web page.
Researchers at Forescout have discovered seven critical memory corruption vulnerabilities in ThreadX, the most widely-deployed real-time operating system for embedded and IoT devices. The flaws affect an estimated 6.2 billion devices including medical equipment, industrial controllers, and consumer electronics.