top of page
ALL POSTS
Chrome 149 and Spring HATEOAS Security Updates Address Critical Vulnerabilities and UAF Bugs
Key Findings Chrome 149 addresses 28 security vulnerabilities across desktop platforms, with 5 critical flaws that could enable arbitrary code execution Critical use-after-free bugs dominate the patch set, affecting Core, DigitalCredentials, WebMIDI, and GPU components One critical flaw involves insufficient input validation in Accessibility features, while another is a heap buffer overflow in GPU 23 high-severity issues span Network, Media, Cast, Autofill, DevTools, and Exte
Jun 122 min read
PAN-OS RCE Exploit Actively Exploited for Root Access and Surveillance Operations
Key Findings CVE-2026-0300, a critical buffer overflow in PAN-OS User-ID Authentication Portal, is under active exploitation by suspected state-sponsored actors Unsuccessful exploitation attempts began April 9, 2026, with successful remote code execution achieved a week later Attackers achieved root-level access and injected shellcode into nginx worker processes Post-exploitation activities included Active Directory enumeration and deployment of EarthWorm and ReverseSocks5 to
May 83 min read
bottom of page
