May 06, 2025Ravie LakshmananVulnerability / Mobile Security Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local … Read more
Google fixed a vulnerability in Cloud Composer 2 that could have led to privilege escalation through exploitation of the default Cloud Build service account, Tenable researchers reported Tuesday.Cloud Composer is an Apache Airflow-based fully managed workflow orchestration service within the Google Cloud Platform that can be used to create, schedule and monitor data pipelines.Cloud Composer … Read more
GitLab posted updates to its platform following the disclosure of a pair of critical security vulnerabilities.The company said that both the Enterprise and Community Edition platforms should be updated as soon as possible to protect against any potential exploit attempts.“We are committed to ensuring all aspects of GitLab that are exposed to customers or that … Read more
Feb 05, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-45195 (CVSS score: 7.5/9.8) – A forced browsing vulnerability in Apache … Read more
Microsoft has fixed a critical vulnerability in its Azure AI Face service deemed worthy of a CVSS score of 9.9 potentially leading to elevation of privileges over a network. Azure AI Face is a cloud-based facial recognition service that is capable of detecting, analyzing and recognizing human faces. The service can be used by developers … Read more