🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
6 FebChromium: CVE-2025-0444 Use after free in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
6 FebCVE-2025-21404 Microsoft Edge (Chromium-based) Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
6 FebCVE-2025-21267 Microsoft Edge (Chromium-based) Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
6 FebCVE-2025-21279 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
6 FebCVE-2025-21177 Microsoft Dynamics 365 Sales Elevation of Privilege VulnerabilityServer-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
6 FebCVE-2025-21396 Microsoft Account Elevation of Privilege VulnerabilityUpdated one or more CVSS scores for the affected products. This is an informational change only.MSRC.MICROSOFT.COM
6 FebChromium: CVE-2025-0451 Inappropriate implementation in Extensions APIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
6 FebChromium: CVE-2025-0445 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
6 FebCVE-2025-21253 Microsoft Edge for IOS and Android Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
6 FebCVE-2025-21283 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
6 FebCVE-2025-21408 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
6 FebCVE-2025-21342 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
6 FebA Vulnerability in Trimble Cityworks Could Allow for Remote Code ExecutionA vulnerability has been discovered in Trimble Cityworks that could allow for remote code execution. Trimble Cityworks is a system that helps manage the lifecycle of assets for public infrastructure. It uses GIS (geographic information systems) to help with tasks such as permitti…CISECURITY.ORG
6 Feb15+ Years of Loading Threat Intel into SIEM: Why Does This Still Suck?Unfortunately, I am old enough to remember how SIEM was done before the arrival of threat intelligence feeds. We had to write broad behavioral (well, “behavioral-ish”, if I am totally honest) rules without relying on any precise knowledge of attacker infrastructure and details of…MEDIUM.COM
6 FebShmooCon 2025submitted by ashar to security_cpe 3 points | 0 comments https://archive.org/details/shmoocon2025/ShmooCon2025-0wn+the+Con_Growing+Up+ShmooCon.mp4 ShmooCon 2025 talk videos. There are 51 videos ShmooCon 2025 Schedule DIFFERENT – ShmooCon is an annual east coast hacker convention …INFOSEC.PUB
🔥 INCIDENT REPORTING 1[−]
6 FebThe Cost of an Incident - ShmooCon 2025submitted by ashar to security_cpe 2 points | 0 comments https://infosec.exchange/@TindrasGrove/113952051365869587 The Cost of an Incident - ShmooCon 2025 by @TindrasGrove "It covers some of the lessons we’ve learned at from cyber insurance claims about why some incidents ar…INFOSEC.PUB
🕵️ THREAT INTELLIGENCE 1[−]
6 FebDarknet Diaries EP 154: Hijacked Linesubmitted by ashar to security_cpe 6 points | 0 comments https://darknetdiaries.com/episode/154/ Darknet Diaries EP 154: Hijacked Line Conor Freeman (x.com/conorfrmn) stole money online. Lots of it. In this episode we talk with him, and hear how he did it, why he did, and what he…INFOSEC.PUB
📡 INFOSEC NEWS 1[−]
6 FebDeepSeek iOS app sends data unencrypted to ByteDance-controlled serversApple's defenses that protect data from being sent in the clear are globally disabled.ARSTECHNICA.COM