vulnerabilidad - Softonic English

A hacker discovers a vulnerability in NASA's systems and the organization ignores him the first time

A hacker known as 7h3h4ckv157 has once again drawn attention after discovering new vulnerabilities in NASA’s systems. This is the second time he has managed to detect security flaws in the space agency, following an initial report in 2022, where he used the Cross-Site Scripting (XSS) technique to exploit weaknesses in their website. Despite NASA’s recognized security, the hacker has shown that their systems are susceptible to attacks similar to those that can affect other organizations. The second time’s the charm XSS refers to a […]

A hacker known as 7h3h4ckv157 has once again drawn attention after discovering new vulnerabilities in NASA’s systems. This is the second time he has managed to detect security flaws in the space agency, following an initial report in 2022, where he used the Cross-Site Scripting (XSS) technique to exploit weaknesses in their website. Despite NASA’s well-known security, the hacker has shown that their systems are susceptible to attacks similar to those that can affect other organizations.

The second time is the charm

XSS refers to a type of attack that allows hackers to inject malicious code into users’ browsers, which can result in the theft of sensitive information, such as passwords. This attack occurs when the page does not properly handle the data entered by users. In his first foray, the hacker received neither recognition nor reward for his finding, which generated some discontent in the ethical hacking community.

Nevertheless, on this occasion, NASA has decided to acknowledge its work by sending a letter of thanks signed by Mike Witt, the agency’s information security officer. This action highlights the importance of recognition within the field of cybersecurity and reinforces the value of security research conducted by external individuals.

Despite the fact that the hacker has not revealed details about the newly identified vulnerability, this situation underscores the need for constant security reviews in critical systems such as those of NASA. The agency has chosen not to provide specific information about the type of vulnerability, indicating that it must ensure the flaw is completely resolved before making a public disclosure. Rumors suggest that it may offer more information on its blog in the future.

Avast Free Antivirus DOWNLOAD

Discover a vulnerability in the architecture of Chrome and Google rewards him with 250,000 dollars

Google has awarded a historic reward of $250,000 to the security researcher known as Micky for discovering a critical vulnerability in the architecture of the Chrome browser. This vulnerability made it easier for malicious websites to escape Chrome’s sandbox protection, allowing arbitrary code execution on victims’ systems. A historic reward The flaw was due to an error in Chrome’s Inter-Process Communication system, particularly within the IPCZ transport mechanism. According to the details provided, the error was in the Transport::Deserialize function, where the system did not properly validate the header.destination_type parameters before […]

Google has awarded a historic reward of $250,000 to the security researcher known as Micky for discovering a critical vulnerability in the architecture of the Chrome browser. This vulnerability made it easier for malicious websites to escape Chrome’s sandbox protection, allowing arbitrary code execution on victims’ systems.

A historic reward

The failure was due to an error in Chrome’s Inter-Process Communication system, particularly within the IPCZ transport mechanism. According to the details provided, the error was in the Transport::Deserialize function, where the system did not adequately validate the header.destination_type parameters before creating transport objects. This allowed a malicious rendering process to manipulate this parameter to impersonate a privileged broker process.

The required attack vector was a multi-step process in which a compromised renderer sent manipulative messages to take control of the browser process resources. The proof of concept of the exploit demonstrated the ability to bypass the sandbox by duplicating handles of privileged browser processes, which included full permissions to execute system commands.

The decision to grant such a high reward reflects not only the sophistication of the exploit but also Google’s commitment to incentivizing security research, especially in critical areas of its browser. The vulnerability was responsibly disclosed on April 22, 2025, and Google’s security team, led by Alex Gough, implemented fixes in May 2025. These included the removal of transitive trust from transports and the implementation of stricter validation of the reliability of endpoints within the IPCZ system.

This event underscores the importance of collaboration between security researchers and technology companies to maintain the integrity and security of digital platforms.

Google DOWNLOAD

Microsoft fixes 111 vulnerabilities that exposed your computer to all kinds of threats

Microsoft has released updates to address a total of 111 vulnerabilities in its software portfolio, of which 16 have been classified as critical. Among these are significant flaws such as CVE-2025-53786, which affects hybrid implementations of Microsoft Exchange Server, and CVE-2025-53779, a privilege escalation vulnerability in Windows Kerberos that was publicly disclosed during the announcement. A solution so you don’t have to suffer from unforeseen issues The recently identified BadSuccessor vulnerability allows an attacker who already has access to certain attributes of Active Directory to compromise a domain, although it only affects 0.7% of […]

Microsoft has released updates to address a total of 111 vulnerabilities in its software portfolio, of which 16 have been classified as critical. Among these are significant flaws such as CVE-2025-53786, which affects hybrid implementations of Microsoft Exchange Server, and CVE-2025-53779, a privilege escalation vulnerability in Windows Kerberos that was publicly disclosed during the announcement.

A solution so you don’t have to suffer from unforeseen events

The BadSuccessor vulnerability, recently identified, allows an attacker who already has access to certain attributes of Active Directory to compromise a domain, although it only affects 0.7% of the domains in circulation. Experts point out that this flaw can enable an attacker, starting from limited administrative rights, to gain full control of the domain, using techniques such as Kerberoasting or Silver Ticket.

In addition, Microsoft has fixed four remote code execution vulnerabilities that allowed attackers to execute arbitrary commands and compromise systems without client intervention. The firm Check Point has revealed a flaw related to a Rust-based component of the Windows kernel that can cause system crashes and has warned that it could pose a significant risk for companies with large or remote templates.

A relevant aspect is the vulnerability CVE-2025-50154, which allows an attacker to extract NTLM hashes without user interaction, even on fully updated systems. This facilitates relay attacks and unauthorized access, raising concerns about security in corporate environments.

The updates not only address existing vulnerabilities, but also strengthen security measures in applications like Azure OpenAI and Microsoft 365 Copilot BizChat, which have already been mitigated without any action required from users.

Windows 11 DOWNLOAD

Google Chrome receives a critical update without which you could lose control of your computer

Google has released a critical update for its Chrome browser that fixes several severe vulnerabilities, including one that could allow attackers to manipulate memory and execute arbitrary code on users’ systems. The latest version, Chrome 138.0.7204.183 for Linux and 138.0.7204.183/.184 for Windows and Mac, addresses these urgent security issues and all users are advised to update their browser immediately. Update your browser right now The most significant vulnerability in this update is CVE-2025-8292, a ‘use-after-free’ type flaw found in Chrome’s Media Stream component. This type of vulnerability of […]

Update your browser right now

The most significant vulnerability in this update is CVE-2025-8292, a ‘use-after-free’ type flaw found in the Media Stream component of Chrome. This type of memory corruption vulnerability is particularly dangerous, as a remote attacker can exploit it through a malicious HTML page. If successful, the attacker could crash the browser or execute malicious code, which could result in the installation of unauthorized programs, theft or alteration of data, or the creation of new user accounts with full privileges.

The anonymous security researcher who discovered the vulnerability CVE-2025-8292 reported it to Google on June 19, 2025, and received a reward of $8,000 through the Chrome Vulnerability Reward Program. Google has restricted access to the full details of the bug to allow most users to apply the patch, a standard practice to prevent the active exploitation of vulnerabilities.

This update is part of a series of security patches for Chrome 138. Previously, in July, Google addressed other serious vulnerabilities, including CVE-2025-6558, a zero-day exploit that was actively being used in attacks. Throughout June and July, Chrome 138 has received multiple updates to fix various security flaws, including type confusion in the V8 JavaScript engine and other memory-related errors.

Google’s security teams are constantly working to discover and resolve vulnerabilities through internal audits and other security initiatives. Users can ensure that their browser is up to date by going to “Help” and then “About Google Chrome” in the browser menu.

Google Chrome DOWNLOAD

A security problem in Windows could allow your computer to be hijacked

A critical vulnerability in Microsoft Remote Desktop Client, identified as CVE-2025-48817, could allow attackers to execute arbitrary code on victim systems. This flaw affects multiple versions of Windows, posing a significant threat to organizations that rely on connections through the Remote Desktop Protocol (RDP). Although simple, it requires us to do our part Classified as a “relative path traversal” vulnerability and inadequate access control, CVE-2025-48817 has a CVSS score of 8.8, placing it in a high severity category. The attack vector is identified as low complexity and […]

A critical vulnerability in Microsoft Remote Desktop Client, identified as CVE-2025-48817, could allow attackers to execute arbitrary code on victims’ systems. This flaw affects multiple versions of Windows, posing a significant threat to organizations that rely on connections through the Remote Desktop Protocol (RDP).

Although simple, it requires us to do our part

Classified as a “relative path traversal” vulnerability and inadequate access control, CVE-2025-48817 has a CVSS score of 8.8, placing it in a high severity category. The attack vector is identified as low complexity and requires user interaction; no prior privileges are necessary for exploitation. However, the success of an attack depends on the victim connecting to a compromised remote desktop server.

The attack is carried out through a man-in-the-middle scenario, where malicious actors control the server. Once the victim establishes a connection with the compromised server, the vulnerability allows attackers to escape the intended directory restrictions and execute code remotely, which can seriously impact the confidentiality, integrity, and availability of the data.

Microsoft has released security updates to mitigate this vulnerability, recommending that organizations apply the patches KB5062553 and KB5062552 that cover a wide range of systems, from Windows Server 2008 to Windows 11. As no real-world exploitations have been reported, there is a critical window for organizations to remedy the situation before mass exploitation attempts occur.

Customers should be aware that this vulnerability represents an inversion of the traditional security model, where they normally trust their servers. Users and administrators are urged to update their systems and software to protect against this emerging threat.

Windows 11 DOWNLOAD