Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

May 19, 2025
No Comments

Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution.
The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below –

CVE-2025-4918 – An out-of-bounds access vulnerability when resolving Promise objects that could allow an

Leave a Reply Cancel reply

Organizational Resilience: Safeguarding Against Emerging Cyber Threats May 19, 2025
External and insider cyber threats are evolving. Externally, cybercriminals are increasingly adopting AI-enabled tools, which enable them to manipulate human behavior more effectively. Their tactics are more personalized and convincing, making traditional cybersecurity measures insufficient. Similarly, insider threats are becoming more significant as workers access sensitive data and AI tools continue to evolve. Organizations must […]
John Brushwood
From Firefighting to Focus: How Proactive Automation Solves Operational Fatigue May 16, 2025
Every new tool promises better visibility. But instead of clarity, IT and security teams receive more dashboards, alerts, and fatigue. Sound familiar? Modern infrastructure generates more data than ever, but without smart automation, that data becomes noise. It buries your teams in false positives and redundant logs, slowing response times and leading to burnout. Here’s […]
Chris Brill
PowerShell Meets Remcos: The Rise of Fileless RAT Attacks May 16, 2025
The Qualys TRU has discovered a new PowerShell-based shellcode loader, designed to load and execute a variant of Remcos RAT. The attack begins with malicious .LNK files embedded in ZIP archives, often disguised as Office documents. When opened, these shortcuts trigger mshta.exe to execute an obfuscated HTA file. This file contains VBScript that bypasses Windows […]
Kirsten Doyle
Coinbase Flips the Script on Ransom Demand, Offers $20M Bounty Instead May 16, 2025
Coinbase has uncovered a targeted insider attack involving rogue overseas support agents bribed by malicious actors to steal customer data to extort the company. While a small subset of users was impacted, no passwords, private keys, or funds were compromised. Coinbase Prime accounts were also unaffected. The malefactors demanded a $20 million ransom, which Coinbase […]
Kirsten Doyle
Scattered Spider Hackers Shift Focus to U.S. Retailers After M&S Breach May 16, 2025
Google has warned that the bad actors linked to the recent cyberattack on British retailer Marks & Spencer (M&S) is now setting its sights on U.S. retail companies. The group, known as “Scattered Spider,” is described by cybersecurity analysts as a loosely connected network of hackers with varying levels of sophistication. Despite their decentralized structure, […]
Kirsten Doyle
How to Tell If Your Security Camera Has Been Hacked May 15, 2025
The Internet of Things (IoT) is expanding dramatically, underpinning and connecting modern surveillance cameras and devices together for enhanced security in organizations. Connecting these various systems together promises greater efficiency, productivity, and reassurance for organizations as they continue to scale operationally, but the disruption and worry that can be caused should such a device be […]
Chester Avey
32 Million Records Allegedly Linked to The Epoch Times Surface on Clear Web Forum May 15, 2025
SafetyDetectives’ cybersecurity team has discovered a forum post on the clear web where a threat actor claimed to be selling a database connected to The Epoch Times. The dataset reportedly includes 32 million records. The Epoch Times is a multilingual media company founded in 2000. It was launched to provide uncensored news, particularly for readers […]
Kirsten Doyle
Critical Flaws in WordPress Theme Leave 82,000+ Sites Open to Full Takeover May 15, 2025
Two serious security vulnerabilities have been discovered in TheGem, a premium WordPress theme used by more than 82,000 websites worldwide. Researchers warn that when exploited together, these flaws can lead to remote code execution (RCE), potentially giving attackers full control over affected websites. Security researchers at Wordfence identified the vulnerabilities in versions 5.10.3 and earlier […]
Kirsten Doyle
The Devil Wears Data: Dior Admits to Customer Data Leak in China May 15, 2025
Luxury fashion brand Dior has alerted customers to a data breach involving its Chinese customer database. The company revealed that an unauthorised external party had gained access to sensitive customer information, though financial data was not affected. The breach came to light after Dior sent an internal memo to affected consumers on 13 May. According […]
Kirsten Doyle
Zoom Discloses Security Issues in Workplace Apps May 14, 2025
Zoom Video Communications has disclosed several security vulnerabilities in its Workplace Apps for Windows, macOS, Linux, iOS, and Android platforms. These flaws, which range from medium to high severity, could lead to issues like unauthorized access, denial-of-service (DoS), or remote code execution if exploited. One of the more serious vulnerabilities (CVE-2025-30663) is a time-of-check to […]
Kirsten Doyle

Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

Share :

Leave a Reply Cancel reply