security updates
-
Drupal warns of critical security update later today
Drupal plans a core security update later today and warned that exploits could follow within hours. The advisory affects core versions 8 and later, with fixes planned for supported releases and hotfixes for some older branches.
-
JPCERT/CC confirms active exploitation of command injection in Array AG gateways
JPCERT/CC says a command injection vulnerability in Array Networks AG Series gateways has been exploited since August 2025 to drop web shells; Array fixed the flaw in May and users are urged to apply ArrayOS 9.4.5.9 or disable DesktopDirect and block semicolon-containing URLs if they cannot patch immediately.
-
Google issues December Android security updates, patches 107 flaws including two exploited in the wild
Google released December 2025 Android security patches that fix 107 vulnerabilities across multiple components, including two Framework flaws reported as exploited in the wild; users and manufacturers are urged to apply the 2025-12-01 or 2025-12-05 updates.
-
Grafana patches CVSS 10.0 SCIM flaw that could allow impersonation
Grafana released updates to fix CVE-2025-41115, a CVSS 10.0 vulnerability in its SCIM provisioning component that could allow privilege escalation or user impersonation when specific configuration options are enabled; affected Enterprise versions and fixed releases were listed and users are urged to apply patches.
-
Google issues Chrome security update for actively exploited V8 bug
Google released Chrome updates to fix two V8 type confusion vulnerabilities, including CVE-2025-13223 which is being actively exploited; users should update to the listed Chrome versions and other Chromium-based browser vendors should apply fixes when available.
-
Google patches Chrome zero-day exploited in the wild; updates rolled out across Windows, macOS and Linux
Google released security updates for Chrome to fix four vulnerabilities, including a zero-day exploited in the wild (CVE-2025-10585) in the V8 engine, with patches available for Windows, macOS and Linux and guidance to update across Chromium-based browsers.
-
Apple patches zero-day CVE-2025-43300 after highly targeted attack, urges immediate updates
Apple has issued security updates for CVE-2025-43300, a zero-day flaw in Apple’s Image I/O framework that was exploited in a highly targeted attack; users are urged to install the latest iOS, iPadOS and macOS updates.
-
Google Addresses Critical Vulnerabilities in Android with August Security Updates
Google has released crucial security updates for Android, addressing multiple vulnerabilities linked to Qualcomm chipsets, including serious flaws that have been flagged as actively exploited.
-
Apple Addresses Critical Safari Vulnerability with Software Update
Apple has released crucial updates to counteract a significant Safari vulnerability, classified as CVE-2025-6558, that may allow for exploits through crafted HTML content. The patch aims to protect users across multiple devices and systems.
-
Security Flaw Discovered in Gemini CLI Tool: Users Urged to Update
A serious security vulnerability in the Gemini CLI coding tool has been uncovered, enabling the execution of harmful commands on user devices. Users are urged to update to version 0.1.14 to mitigate risks.
