Google paid over $3.7 million for Chrome vulnerabilities, and more than $3.5 million for cloud security defects.
The post Google Paid Out $17 Million in Bug Bounty Rewards in 2025 appeared first on SecurityWeek.
Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping
Evidence indicates that the attackers leveraged existing endpoint management software rather than malware to wipe devices.
The post Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping appeared first on SecurityWeek.
Onyx Security Launches With $40 Million in Funding
The startup is building a control pane to help organizations oversee autonomous AI agents and rapidly adopt them.
The post Onyx Security Launches With $40 Million in Funding appeared first on SecurityWeek.
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.
The list of vulnerabilities is as follows –
The list of vulnerabilities is as follows –
CVE-2026-3909 (CVSS score: 8.8) – An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML
Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet
Law enforcement agencies in the US and Europe targeted the cybercrime service that has impacted 360,000 devices since 2020.
The post Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet appeared first on SecurityWeek.
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel’s AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees.
The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The
The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The
Starbucks discloses data breach affecting hundreds of employees
Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. […]
Chrome 146 Update Patches Two Exploited Zero-Days
The flaws can be exploited to manipulate data and bypass security restrictions, potentially leading to code execution.
The post Chrome 146 Update Patches Two Exploited Zero-Days appeared first on SecurityWeek.
Google fixes two new Chrome zero-days exploited in attacks
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. […]
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud.
“SocksEscort infected home and small business internet routers with malware,” the U.S. Department of Justice (DoJ) said. “The malware allowed SocksEscort to direct internet
“SocksEscort infected home and small business internet routers with malware,” the U.S. Department of Justice (DoJ) said. “The malware allowed SocksEscort to direct internet