Actively exploited Google Chrome zero-day addressed Out-of-band updates have been issued by Google to resolve a trio of security flaws impacting its Chrome browser, including the actively exploited high-severity zero-day out-of-bounds read and write vulnerability, tracked as CVE-2025-5419, The Hacker News reports.
All KEV entries should include not only platform-specific relevance indicators and CVE origin details but also attack chain and attack path context, said the OX team.
Brazil-based Unimed, which is the largest healthcare cooperative worldwide, had at least 14 million patient conversations with doctors and its chatbot "Sara" leaked by an unsecured instance of the open-source real-time data transmission platform Kafka, according to Cybernews.
Cyber Security News reports that malicious actors could exploit a new low-severity vulnerability in Apache Tomcat's CGI servlet, tracked as CVE-2025-46701, to circumvent security configuration under certain conditions.
More than 1.6 million files belonging to thousands of Etsy, Poshmark, Embroly, and TikTok shop customers, most of whom are located in the U.S., have been exposed as a result of a pair of unsecured Azure Blob Storage containers, Cybernews reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
