22Articles
7Categories
2025-04-03Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 13[−]
3 AprCVE-2025-25001 Microsoft Edge for iOS Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
3 AprChromium: CVE-2025-3074 Inappropriate implementation in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
3 AprChromium: CVE-2025-3072 Inappropriate implementation in Custom TabsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
3 AprChromium: CVE-2025-3071 Inappropriate implementation in NavigationsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
3 AprChromium: CVE-2025-3070 Insufficient validation of untrusted input in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
3 AprChromium: CVE-2025-3069 Inappropriate implementation in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
3 AprChromium: CVE-2025-3068 Inappropriate implementation in IntentsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
3 AprChromium: CVE-2025-3067 Inappropriate implementation in Custom TabsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
3 AprCVE-2025-29815 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityUse after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
3 AprChromium: CVE-2025-3073 Inappropriate implementation in AutofillThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
3 AprChromium: CVE-2025-3066 Use after free in NavigationsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
3 AprCVE-2025-29796 Microsoft Edge for iOS Spoofing VulnerabilityUser interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
3 AprCVE-2025-24071 Microsoft Windows File Explorer Spoofing VulnerabilityAdded an FAQ and updated the CVSS score. This is an informational change only.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
3 AprA Vulnerability in Ivanti Products Could Allow for Remote Code ExecutionA Vulnerability has been discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways which could allow for remote code execution. Ivanti Connect Secure (formerly Pulse Connect Secure) is a widely deployed SSL VPN solution that provides secure and controlled access to cor…CISECURITY.ORG
3 AprCISA Releases Five Industrial Control Systems AdvisoriesCISA released five Industrial Control Systems (ICS) advisories on April 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-093-01 Hitachi Energy RTU500 Series ICSA-25-093-02 Hitachi Energy TRM…CISA.GOV
3 AprNSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on “Fast Flux,” a National Security ThreatToday, CISA—in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand’s National Cyber Security Centre (…CISA.GOV
📢 SECURITY ADVISORIES 1[−]
🔥 INCIDENT REPORTING 1[−]
3 AprHellCat ransomware: what you need to knowHellCat - the ransomware gang that has been known to demand payment... in baguettes! Are they rolling in the dough? Bread it and weep in my article on the Tripwire State of Security blog.TRIPWIRE.COM
🕵️ THREAT INTELLIGENCE 1[−]
3 AprOpenAI just made its first cybersecurity investmentOpenAI just co-led a $43 million Series A into deepfake defense startup Adaptive Security.TECHCRUNCH.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
3 AprThis sneaky Android spyware needs a password to uninstall. Here’s how to remove it without one.A simple trick can remove malicious Android spyware apps that require a password to uninstall.TECHCRUNCH.COM
📡 INFOSEC NEWS 2[−]
3 AprTed Schlein’s Ballistic Ventures is raising $100M for a new fundTed Schlein's cybersecurity-focused Ballistic Ventures is raising $100 million for a new fund, TechCrunch has exclusively learned.TECHCRUNCH.COM
3 AprThe good, the bad and the unknown of AI: A Q&A with Mária BielikováThe computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for usWELIVESECURITY.COM