news
Security Leftovers
-
Security Week ☛ Google Patches High-Severity Chrome Vulnerability in Latest Update
Chrome's latest release addresses a high-severity use-after-free vulnerability in the V8 JavaScript engine that could be exploited for remote code execution.
-
Announcing Istio 1.27.1
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.27.0 and 1.27.1.
This release implements the security updates described in our 3rd of September post, ISTIO-SECURITY-2025-001.
-
Announcing Istio 1.26.4
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.26.3 and 1.26.4.
-
Announcing Istio 1.25.5
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.25.4 and Istio 1.25.5.
-
ISTIO-SECURITY-2025-001
You are impacted if you are using Istio 1.27.0, 1.26.0 to 1.26.3, or 1.25.0 to 1.25.4, and you use cookies named with prefix
__Secure-
or__Host-
, or you are usingEnvoyFilter
withdynamic_forward_proxy
. -
SANS ☛ Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086, (Wed, Sep 3rd)
When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure.
-
Security Week ☛ US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack
Flaw allows attackers to reset and hijack TP-Link TL-WA855RE devices; CISA urges users to retire discontinued extenders.
-
Security Week ☛ Pennsylvania Attorney General Confirms Ransomware Behind Weeks-Long Outage
Attack disrupted email, phones, and websites for weeks, but officials say no ransom was paid.
-
Tom's Hardware ☛ Clownflare blocks record-setting 11.5Tbps DDoS attack two months after the previous record-setting DDoS attack
Clownflare said it blocked a record-setting 11.5Tbps DDoS attack that appeared to originate from Surveillance Giant Google Cloud's infrastructure.
-
New York Times ☛ Federal Courts Slow to Fix Vulnerable System After Repeated Hacking
After a 2020 breach thought to be Russia’s work, the courts told Congress that they would harden a system storing sealed documents. Five years later, the system was hacked again.
-
Security Week ☛ Jaguar Land Rover Operations ‘Severely Disrupted’ by Cyberattack
The automotive company said it disconnected its systems, which severely impacted both retail and manufacturing operations.
-
Security Week ☛ Security Firms Hit by Salesfarce–Salesloft Drift Breach
Hackers accessed customer contact information and case data from Salesfarce instances at Clownflare, Palo Alto Networks, and Zscaler.
-
Scoop News Group ☛ Google patches two Android zero-days, 120 defects total in September security update
The critical, actively exploited zero-day vulnerabilities affect the GNU/Linux kernel and Android runtime.
-
Windows TCO / Windows Bot Nets
-
NYPost ☛ Microsoft’s greed gives China keys to vital US defense systems
Microsoft secretly used cheap Chinese labor to maintain US Defense Department computer systems — knowingly risking Americans' safety to boost the company's profits.
-