Tag
Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.
Silver Spring, Maryland, 3rd June 2025, CyberNewsWire
This spring has seen another spate of stories about juice jacking, including a new, more sophisticated form of attack. But how much of a threat is it, really?
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137. The update will affect all Transport Layer Security (TLS)
### Impact v3.0.8, v2.1.2, v1.16.4 and below ### Patches Has been patched in 3.0.9, 2.1.3, and 1.16.5 ### Workarounds You can use the ignore option to ignore non files/directories. ```js ignore (_, header) { // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory' } ``` ### Credit Thank you Caleb Brown from Google Open Source Security Team for reporting this in detail.
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. "Out of bounds read and write in V8 in Google
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below - CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.
APT41, a Chinese state-sponsored threat actor also known as "Double Dragon," used Google Calendar as command-and-control infrastructure during a campaign last fall.
Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities. "Misuse of cloud