U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google Big Sleep found five vulnerabilities in Safari

Google’s AI agent, Big Sleep, helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption. Google’s AI agent Big Sleep helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption if exploited. Big Sleep is an AI agent developed by Google […]

Google Big Sleep

Google’s AI agent, Big Sleep, helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption.

Google’s AI agent Big Sleep helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption if exploited.

Big Sleep is an AI agent developed by Google DeepMind and Project Zero to automate the discovery of real-world software vulnerabilities.

Below is the list of vulnerabilities identified by Google:

  • CVE-2025-43434: A use-after-free flaw that could cause Safari to crash when handling malicious web content. Fixed through improved state management.
  • CVE-2025-43429: A buffer overflow issue that might trigger a process crash with crafted web content. Resolved via better bounds checking.
  • CVE-2025-43430: An unspecified bug that could cause unexpected crashes when processing malicious input. Fixed with enhanced state management.
  • CVE-2025-43431 & CVE-2025-43433: Two unspecified vulnerabilities that could result in memory corruption while processing malicious content. Addressed through improved memory handling.

None of the above vulnerabilities has been actively exploited in attacks in the wild.

Apple released the following updates to address the issues:

  • iOS 26.1 and iPadOS 26.1 – iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
  • macOS Tahoe 26.1 – Macs running macOS Tahoe
  • tvOS 26.1 – Apple TV 4K (2nd generation and later)
  • visionOS 26.1 – Apple Vision Pro (all models)
  • watchOS 26.1 – Apple Watch Series 6 and later
  • Safari 26.1 – Macs running macOS Sonoma and macOS Sequoia

In August, Google released Chrome 139 to address a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8 that was discovered by Big Sleep AI.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Big Sleep AI)