Latest news with #zero-day
Forbes
4 days ago
- Forbes
Google Confirms Chrome Attacks—You Must Restart Your Browser
Chrome is under attack—again. Here we go again. Google has just confirmed that Chrome is under attack from another zero-day vulnerability that affects Windows PCs. Again, this has been discovered by Google's own Threat Analysis Group, triggering an emergency update. Google warns it is 'aware that an exploit for CVE-2025-6558 exists in the wild.' This specific vulnerability exploits the browser's graphics rendering engine, which is likely being exploited by sophisticated threat actors given the nature of the discovery. Google says the stable channel 'has been updated to 138.0.7204.157/.158 for Windows, Mac and 138.0.7204.157 for Linux. This, it says, 'will roll out over the coming days/weeks.' But that's boilerplate. In reality, you can expect this over the next small number of days, and you should restart your browser as soon as it downloads. Such is the shortness of gap between this zero-day and the last, that the U.S. government's cyber defence agency's update mandate is still ongoing. CISA has warned federal employees to update or stop using Chrome by July 23. You can now expect another CISA mandate to be issued in the next few days. As ever, Google says 'access to bug details and links may be kept restricted until a majority of users are updated with a fix.' The latest Chrome update addresses other vulnerabilities as well as the zero-day, including two externally reported high-severity bugs. All told, this is definitely an update you should apply as soon as you can. Chrome remains the de facto default browser on Windows, and so is one of the most prized attack surfaces available. Google takes credit for its quickness in developing and rolling out updates as new flaws are discovered. But attackers will know the clock is now ticking, making this the time of utmost risk for users. Remember, when you restart Chrome your private (Incognito) windows will not reopen. So, make sure you save anything you need before applying the update.
Yahoo
26-06-2025
- Business
- Yahoo
SentinelOne (NYSE:S) Enhances AI-Powered Defense Capabilities Through OEM Partnership With OPSWAT
SentinelOne recently announced an OEM partnership with OPSWAT, enhancing its AI-powered detection capabilities to improve malware detection across multiple platforms. This collaboration is a significant development, offering stronger defenses against ransomware and zero-day threats, and is expected to benefit joint enterprise customers with enhanced security solutions. Over the past week, SentinelOne's stock price remained relatively flat, while the broader market rose 1.7%. The new partnership and improvements in technology would likely support broader market trends. With the market performing well, SentinelOne's price stability reflects a tempered investor reaction to recent strategic advancements. We've spotted 2 warning signs for SentinelOne you should be aware of. The end of cancer? These 24 emerging AI stocks are developing tech that will allow early identification of life changing diseases like cancer and Alzheimer's. The new partnership with OPSWAT is a pivotal development for SentinelOne, potentially enhancing the company's AI-driven cybersecurity offerings. This move could positively influence the revenue trajectory outlined in the narrative, supporting expectations of growth driven by AI-powered innovations and expanded market reach through strategic alliances. While earnings remain a challenge, with a forecast of continued unprofitability over the next three years, improved efficiencies could contribute to long-term profitability. Despite the exciting news, SentinelOne's stock has not experienced a significant uplift in the immediate aftermath. Over the past year, the company's total return was a 7.46% decline, contrasting with the broader US market's 12% increase within the same period. Furthermore, the company's performance lagged behind the US Software industry, which returned 19.7% over the past year. This relative underperformance might reflect investor caution regarding the company's financial outlook and industry standing. The announcement's implications for revenue growth are substantial, given the consensus analyst forecast of a 21.6% annual revenue increase over three years. However, with the current share price at US$18.78, there remains a discount to the analyst price target of US$24.33, suggesting room for upward movement should the anticipated improvements materialize. As SentinelOne aims to align with market expectations, the ongoing focus on AI and partnerships will be crucial to achieving the desired financial outcomes. Understand SentinelOne's earnings outlook by examining our growth report. This article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned. Companies discussed in this article include NYSE:S. This article was originally published by Simply Wall St. Have feedback on this article? Concerned about the content? with us directly. Alternatively, email editorial-team@
Forbes
11-06-2025
- Forbes
Microsoft Issues Windows 10 And 11 Update As Attacks Already Underway
Microsoft issues security update as Windows attacks begin. Users of the Windows operating system, be that Windows 10, Windows 11 or any of the Windows Server variants, are used to reading Microsoft cyberattack warnings. Some warnings, however, are more critical than others. Whenever a Windows zero-day exploit is involved, then you really need to start paying close attention. These are the vulnerabilities that have not only been found by threat actors, but also exploited and are under attack already by the time that the vendor, in this case Microsoft, becomes aware of them. Microsoft, and by extension you, are then playing catch-up to get protected against the cyberattacks in question. Here's what you need to know about CVE-2025-33053 and what you need to do right now. Don't wait, update Windows right now. The June 10 Patch Tuesday security rollout has brought with it a few unwelcome surprises, as is often the case. None more so than CVE-2025-33053, which is not only a zero-day, in that it is already known to have been exploited by threat actors, but is also being leveraged widely by cyberattacks, and that's very worrying indeed for all Windows users. A Microsoft executive summary describes the threat from CVE-2025-33053 as 'external control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.' Or, in other words, a remote code execution vulnerability that can do some very bad things indeed. Tenable Research Special Operations has analyzed the threat, and Satnam Narang, the senior staff research engineer at Tenable, said that it has been confirmed in a Check Point Research report, a known threat group, Stealth Falcon, has 'launched a social engineering campaign to convince targets to open a malicious .url file, which would then exploit this vulnerability, giving them the ability to execute code.' That's problematical, as Narang explained, 'it is rare to hear of a zero-day reported during Patch Tuesday as being leveraged widely. We typically expect these types of zero-days to be used sparingly, with an intention to remain undetected for as long as possible.' All the more reason to get your systems updated as soon as possible. The attackers are not waiting, and neither should you. 'The advisory also has attack complexity as low,' Adam Barnett, lead software engineer at Rapid7, said, 'which means that exploitation does not require preparation of the target environment in any way that is beyond the attacker's control.' Indeed, exploitation just requires a user to click on a malicious link, oh what a surprise. 'It's not clear how an asset would be immediately vulnerable if the service isn't running,' Barnett concluded, adding 'but all versions of Windows receive a patch.' You know what to do, go and do it know.
