Google has rolled out Chrome 143 to the stable channel for Windows, Mac, and Linux, addressing 13 security vulnerabilities in versions 143.0.7499.40 (Linux) and 143.0.7499.40/41 (Windows/Mac).
The update, announced on December 2, 2025, via the Chrome Releases blog, deploys gradually over days or weeks....
A critical flaw in the popular open-source eCommerce platform nopCommerce exposes users to session hijacking attacks.
Security researchers at CERT have issued Vulnerability Note VU#633103, detailing how the platform fails to invalidate session cookies after logout or session termination.
Tracked as CVE-2025-11699, this issue...
A security flaw in Microsoft Azure API Management's Developer Portal allows attackers to register accounts across tenants, bypassing admin controls that turn off user signups.
Even when administrators hide the signup form via the Azure Portal, the backend API endpoint stays active.
This issue...
OpenVPN, a popular open-source VPN solution, has patched multiple flaws in its recent releases that expose users to denial-of-service (DoS) attacks and security bypasses.
Versions 2.6.17 and 2.7_rc3, released on November 28, 2025, address issues including a local DoS on Windows systems and remote...
Google released the Android Security Bulletin for December 2025 on December 1, with an update on December 4 the advisory patches more than 107 vulnerabilities across Android 13 through 16 and later.
Security patch levels of 2025-12-01 or 2025-12-05 fix these issues completely. Two...
A new denial-of-service vulnerability in Apache Struts exposes web applications to disk exhaustion attacks, in which hackers flood servers with temporary files until storage runs out.
Tracked as CVE-2025-64775, the flaw affects multiple versions of the popular Java web framework. It carries an "Important"...