Cloud Exploits
-
Google patches Chrome flaw in ANGLE library that is being actively exploited
Google released Chrome security updates on Dec. 11 that fix three vulnerabilities, including a high-severity flaw in the ANGLE graphics library tracked as Chromium issue 466192044 and reported to be exploited in the wild; users should update to the latest 143.0.7499 builds.
-
Critical privilege-escalation flaw in King Addons plugin under active exploitation
A high-severity privilege-escalation vulnerability (CVE-2025-8489, CVSS 9.8) in the King Addons for Elementor WordPress plugin is being actively exploited; administrators should update to version 51.1.35, audit for suspicious admin users, and monitor for unusual activity.
-
CISA adds OpenPLC ScadaBR XSS flaw to Known Exploited Vulnerabilities list amid active attacks
CISA added CVE-2021-26829, a cross-site scripting flaw in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation tied to a hacktivist operation; Forescout and VulnCheck reported related intrusions and a sustained OAST-driven exploit campaign.
-
Google issues Chrome security update for actively exploited V8 bug
Google released Chrome updates to fix two V8 type confusion vulnerabilities, including CVE-2025-13223 which is being actively exploited; users should update to the listed Chrome versions and other Chromium-based browser vendors should apply fixes when available.
-
Hackers exploit critical SessionReaper flaw in Adobe Commerce, Sansec says
E-commerce security firm Sansec reported active exploitation of the critical SessionReaper flaw (CVE-2025-54236) in Adobe Commerce, blocking over 250 attempts and warning that a majority of stores remain unpatched.
-
Microsoft tightens Edge’s Internet Explorer mode after reports of exploit chain
Microsoft said it has tightened Internet Explorer mode in Edge after reports that attackers used social engineering and unpatched Chakra 0-day exploits to gain remote code execution and escalate privileges, and the company removed easier IE mode launch options and now requires explicit enabling.
-
Critical Roundcube Webmail Exploit Sold on Dark Web, Security Experts Warn
Security experts warn of a critical vulnerability in Roundcube webmail, CVE-2025-49113, which has been exploited by hackers selling RCE exploits online. The flaw has led to a patch but concerns remain over its potential impact due to the application’s popularity.
-
Cisco Issues Urgent Patches for Critical Vulnerabilities in Cloud Services
Cisco has issued patches for critical vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP), warning of potential exploits that could allow unauthorized access and disruption of services in cloud deployments.
