0day

CVE-2025-6554 is a Type Confusion vulnerability in the Google Chrome V8 JavaScript engine. Type Confusion is a common class of memory corruption vulnerabilities that can lead to unsafe memory operations when a program incorrectly interprets one data type as another, allowing an attacker to execute arbitrary code on the victim's system.

The vulnerability stems from the V8 TurboFan compiler's incorrect handling of dynamic index loading when performing store-store elimination optimization, which leads to misclassification of alias relationships and incorrect elimination of critical store operations, which in turn leads to memory access out-of-bounds. An attacker can construct a specially crafted HTML page to induce user access, trigger malicious JavaScript code execution, exploit the vulnerability to achieve remote code execution and sandbox escape, and ultimately take full control of the victim's device.

More than 60 zero-day vulnerabilities (0day) that have been made public since 2016 are associated with commercial spyware vendors for government agencies, and vulnerabilities exist in products from a number of companies, including Apple, Adobe, Google, and others, where they have been used for attack purposes including targeting journalists and political dissidents. The report notes that a large number of vulnerabilities are actively exploited in 2023.

Recently, Google announced the HTTP/2 protocol vulnerability CVE-2023-44487.
Attackers can use this vulnerability to launch low-cost and very large-scale attacks (http2-rapid-reset-ddos-attack). Attackers used this method to launch attacks on Google Cloud Platform customers starting in August. In one attack, the attacker issued up to 398 million requests in 1 second, which is also the highest number of requests per second on record. an attack.

Description: cURL is a widely used multi-functional open source command line tool that uses URL syntax to transmit data and supports a variety of network protocols including SSL, TLS, HTTP, FTP, and SMTP. libcurl is…

A piece of spyware called Predator exploited Apple's new zero-day vulnerability to target a former Egyptian lawmaker. The discovery of this attack further emphasizes the importance of cybersecurity, especially for politicians and public figures.