Google on Tuesday announced the release of Chrome 145 to the stable channel with fixes for 11 vulnerabilities, including three high-severity bugs. First in line is CVE-2026-2313, a high-severity use-after-free issue in CSS that earned the reporting researchers an $8,000 bug bounty reward. The two other high-severity defects, tracked as CVE-2026-2314 and CVE-2026-2315, were found and reported by Google and are described as a heap buffer overflow in Codecs and an inappropriate implementation in WebGPU, respectively.
Cybercrime is a serious threat to the global economy, destroying livelihoods, sowing distrust, and undermining growth. One forecast has it costing more than $15 trillion annually by the end of the decade. If so, only the GDPs of the U.S. and China are bigger. There's cause for hope, though. As cyberthreats evolve, innovation is meeting the challenge. New solutions are leveraging AI, real-time threat intelligence, collaborative networks, and advanced authentication technologies.
On Monday, Google security engineering managers Jason Parsons and Zak Bennett said in a blog post that the new program, an extension of the tech giant's existing Abuse Vulnerability Reward Program (VRP), will incentivize researchers and bug bounty hunters to focus on "high-impact abuse issues and security vulnerabilities" in Google products and services.
Visualize any system's defenses against failure-a biological immune system, or a healthcare delivery system, or an aircraft control system-as a series of slices of delicious, creamy Emmentaler cheese. Each layer has a couple of holes (vulnerabilities) in it, of varying size, here and there, but as long as the holes are not aligned with each other, no threat to the system can pass all the way through all the layers,
Based on over 4,400 Java tasks, the report finds that depending on which of the four levels of reasoning capabilities that OpenAI now makes available, the overall quality of the code, especially in terms of the vulnerabilities generated, significantly improves. However, the overall volume of code being generated per task also substantially increases, which creates additional maintenance challenges for application developers that are not going to be familiar with how code might have been constructed in the first place.
CISA analysed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.
A leak happened here somewhere,” Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register. “And now you’ve got a zero-day exploit in the wild, and worse than that, you’ve got a zero-day exploit in the wild that bypasses the patch, which came out the next day.
Cisco updated its advisory regarding critical vulnerabilities in Identity Services Engine, acknowledging active exploitation. Some vulnerabilities were attempted to be exploited in the wild as of July 2025.
CVE-2025-32462 has received a lower CVSS score due to the conditions that are needed. Namely, successful execution would require someone to make a misconfiguration and deploy a Sudoers file with an incorrect host for this vulnerability to work.
Cybersecurity researchers revealed that a critical vulnerability, CVE-2025-5777, in Citrix network management devices has been exploited for over a month, contradicting Citrix's claims.
