Chrome 0-Day in the Wild Dominates a Week of Exploits, Phishing, and Malware
TL;DR Summary
Chrome’s active exploitation of CVE-2026-11645 headlines a week of widespread security news, from UniFi OS flaws and an Oracle PeopleSoft compromise to a large Arch Linux AUR package taint, npm/PyPI malware campaigns, and phishing kits. The roundup also covers the Outsider phishing-as-a-service takedown, VPN/auth-bypass flaws, cloud-logging abuse, and ransomware campaigns (Gentlemen, Akira), illustrating attackers’ reliance on old code, weak defaults, and misconfigurations. Patch quickly, watch for unusual login activity, and strengthen defense-in-depth.
- ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More The Hacker News
- Update Chrome ASAP to Protect Yourself From This Active Exploit Lifehacker
- Update Chrome: Google patches actively exploited vulnerability and 73 others Malwarebytes
- Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year The Register
- Active Exploitation Alert: Google Chrome 149 Critical Vulnerabilities Patched Amid Ongoing CVE-2026-11645 Attacks Rescana
Reading Insights
Total Reads
0
Unique Readers
7
Time Saved
19 min
vs 20 min read
Condensed
98%
3,857 → 72 words
Want the full story? Read the original article
Read on The Hacker News