Millions of Chrome, Safari, and Edge Users at Risk from New Browser Exploit  A critical security vulnerability is threatening millions of users of popular web browsers including Google Chrome, Apple Safari, and Microsoft Edge. Security researchers have uncovered a sophisticated exploit that allows attackers to hijack sessions and steal sensitive data directly from affected browsers. The flaw, actively exploited in the wild, bypasses traditional defenses and targets core rendering engines shared across these platforms. This vulnerability stems from a zero-day flaw in the WebKit and Chromium rendering engines, which power Safari and large portions of Chrome and Edge respectively. Attackers can craft malicious web pages that trigger the bug when visited, leading to remote code execution without user interaction. Cybersecurity firm Glasgowlive reports that the issue has already impacted over 2.5 billion devices worldwide, urging immediate patching.Early indicators show campaigns originating from state-sponsored actors aiming at high-value targets like journalists and activists. Browser vendors have responded swiftly with emergency updates. Google rolled out Chrome 131.0.6778.100 for Windows, Mac, and Linux, while Apple pushed Safari 18.2 via macOS and iOS updates. Microsoft Edge users should navigate to Settings > Help and Feedback > About Microsoft Edge for auto-updates. Failing to apply these patches leaves systems exposed to drive-by downloads and persistent malware infections. Experts recommend enabling automatic updates and avoiding suspicious links during this period. The incident highlights ongoing risks in browser monoculture, where Chromium-based browsers dominate 80% of the market. Chrome alone commands 66% of global web traffic, amplifying the blast radius of such flaws. Privacy advocates note that while features like sandboxing mitigate some damage, shared codebases create systemic weaknesses.Users of older versions, especially on enterprise networks, face heightened threats from phishing sites mimicking legitimate updates. To stay safe, reboot devices post-update, clear browser caches, and deploy endpoint detection tools. Security firms advise scanning for indicators of compromise, such as unusual network activity. This incident underscores the need for diversified browser usage and vigilant patch management in 2026's threat landscape. As cyber threats evolve, proactive updates remain the first line of defense for billions online.

Millions of Chrome, Safari, and Edge Users at Risk from New Browser Exploit #ChromeBrowser #SafariSecurity #VulnerabilitiesandExploits

Cisco Patches ISE XML Flaw with Public Exploit Code  Cisco has recently addressed a significant security vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), tracked as CVE-2026-20029. This medium-severity issue, scored at 4.9 out of 10, stems from improper XML parsing in the web-based management interface. Attackers with valid admin credentials could upload malicious XML files, enabling arbitrary file reads from the underlying operating system and exposing sensitive data. The flaw poses a substantial risk to enterprise networks, where ISE is widely deployed for centralized access control. Enterprises rely on ISE to manage who and what accesses their infrastructure, making it a prime target for cybercriminals seeking to steal credentials or configuration files.Although no wild exploitation has been confirmed, public proof-of-concept (PoC) exploit code heightens the urgency, echoing patterns from prior ISE vulnerabilities. Past incidents underscore ISE's appeal to threat actors. In November 2025, sophisticated attackers exploited a maximum-severity zero-day (CVSS 10/10) to deploy custom backdoor malware, bypassing authentication entirely. Similarly, June 2025 patches fixed critical flaws with public PoCs, including arbitrary code execution risks in ISE and related platforms. These events highlight persistent scrutiny on Cisco's network access tools. Mitigation demands immediate patching, as no workarounds exist. Affected versions require specific updates: migrate pre-3.2 releases to fixed ones; apply Patch 8 for 3.2 and 3.3; use Patch 4 for 3.4; and note 3.5 is unaffected.Administrators must verify their ISE version and apply the precise patch to prevent data leaks, especially given the admin-credential prerequisite that insiders or compromised accounts could fulfill. Organizations should prioritize auditing ISE deployments amid rising enterprise-targeted attacks. Regular vulnerability scans, credential hygiene, and monitoring for anomalous XML uploads are essential defenses. As PoC code circulates, patching remains the sole bulwark, reinforcing the need for swift action in securing network identities.

Cisco Patches ISE XML Flaw with Public Exploit Code #CiscoISEC #VE202620029 #VulnerabilitiesandExploits

Chrome WebView Flaw Lets Hackers Bypass Security, Update Urgently Advised  Google has rolled out an urgent security fix for the Chrome browser to address a high severity flaw in the browser’s WebView tag. According to the tech firm, the flaw allows hackers to evade major browser security features to gain access to user data. Identified as CVE-2026-0628, the vulnerability in the browser occurs due to inadequate policy enforcement in the browser’s WebView tag.  WebView is a very common feature in applications, and its primary purpose is to display web pages within those applications without having to launch a web browser. Therefore, it becomes a major entry point for hackers if not handled appropriately. This weakness in WebView has a high potential to cause malicious web content to transcend its security boundaries and compromise any sensitive data that applications within those security boundaries are processing.  To fix the issue, Google has released Chrome version 143.0.7499.192/.193, targeting Windows and Mac users, as well as Linux users, through the stable channel, denoted as version 143.0.7499.192. However, users should not expect to get the update immediately, as it will be rolled out over the next few days and weeks. Instead, users should manually check and install the update as quickly as possible. Until a majority of users have installed the patch, Google will not release detailed information regarding the vulnerability, as this will prevent hackers from exploiting the problem. End users are strongly advised to update Chrome by navigating to Settings > Help > About Google Chrome, where the browser will automatically look for and install the latest security fixes. Organizations managing fleets of Chrome installations should prioritize rapid deployment of this patch across their infrastructure to minimize exposure in WebView‑dependent applications. Failing to update promptly could leave both consumer and enterprise applications open to targeted attacks leveraging this vulnerability.  Additionally, Google credits external security researchers who reported the bug and points to its continued investment in high-fidelity detectors such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, AFL to find bugs in early stages. The company also reiterates the importance of its bug bounty program, and invites the security community to responsibly disclose vulnerabilities to help make Chrome more secure for billions of users. This event goes to show that continual collaboration between vendors and researchers is the key to keeping pace with emerging threats.

Chrome WebView Flaw Lets Hackers Bypass Security, Update Urgently Advised #SecurityPatch #TechFirm #VulnerabilitiesandExploits

React2Shell Exploited Within Hours as Firms Rush to Patch  Two hacking groups linked to China have started exploiting a major security flaw in React Server Components (RSC) only hours after the vulnerability became public.  The flaw, tracked as CVE-2025-55182 and widely called React2Shell, allows attackers to gain unauthenticated remote code execution, potentially giving them full control over vulnerable servers.  The security bug has a maximum CVSS score of 10.0, which represents the highest level of severity. It has been fixed in React versions 19.0.1, 19.1.2 and 19.2.1, and developers are being urged to update immediately. According to a report shared by Amazon Web Services, two China-nexus groups named Earth Lamia and Jackpot Panda were seen attempting to exploit the flaw through AWS honeypot systems.  AWS said the activity was coming from infrastructure previously tied to state-linked cyber actors. Earth Lamia has previously targeted organizations across financial services, logistics, retail, IT, universities and government sectors across Latin America, the Middle East and Southeast Asia.  Jackpot Panda has mainly focused on sectors connected to online gambling in East and Southeast Asia and has used supply chain attacks to gain access. The group was tied to the 2022 compromise of the Comm100 chat application and has used trojanized installers to spread malware.  AWS also noted that attackers have been exploiting the React vulnerability alongside older bugs, including flaws in NUUO camera systems. Early attacks have attempted to run discovery commands, create files and read sensitive information from servers.  Security researchers say the trend shows how fast attackers now operate: they monitor new vulnerability announcements and add exploits to their scanning tools immediately to increase their chances of finding unpatched systems.  A brief global outage at Cloudflare this week added to industry concern. Cloudflare confirmed that a change to its Web Application Firewall, introduced to help protect customers from the newly disclosed React flaw, caused disruption that led many websites to return “500 Internal Server Error” messages.  The company stressed that the outage was not the result of a cyberattack. The scale of the React vulnerability is a major concern because millions of websites rely on React and Next.js, including large brands such as Airbnb and Netflix.  Security researchers estimate that about 39 percent of cloud environments contain vulnerable React components. A working proof-of-concept exploit is already available on GitHub, raising fears of mass exploitation. Experts warn that even projects that do not intentionally use server-side functions may still be exposed because the affected components can remain enabled by default.  Cybersecurity firms and cloud providers are urging organizations to take action immediately:  * Apply official patches for React, Next.js and related RSC frameworks. * Enable updated Web Application Firewall rules from providers including AWS, Cloudflare, Google Cloud, Akamai and Vercel. * Review logs for signs of compromise, including suspicious file creation, attempts to read sensitive data or reconnaissance behavior. Although widespread exploitation has not yet been confirmed publicly, experts warn that attackers are already scanning the internet at scale. 

React2Shell Exploited Within Hours as Firms Rush to Patch #cyberattack #React2Shell #VulnerabilitiesandExploits