Protecting Privacy Build Trust
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
on February 18, 2026 at 2:00 am — CVE-2026-2318 Read More »
Cisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink. The VoidLink compile-on-demand feature lays down the foundations for AI-enabled attack frameworks, which can create tools on-demand for their operators. Cisco Talos found clear indications that implants also exist for
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Access of resource using incompatible type (‘type confusion’) in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Improper neutralization of special elements used in a command (‘command injection’) in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
