Google Chrome 148 Released with 127 Security Fixes

Google Chrome 148 patched 127 security vulnerabilities, including three critical flaws in Blink, Mobile, and Chromoting that could allow arbitrary code execution. The update also patches dozens of high-severity issues in V8, ANGLE, and WebRTC to prevent memory corruption and data leaks.

**A huge patch for Chrome and Chromium based browsers (Edge, Opera, Brave, Vivaldi...). Don't delay, it has three critical flaws and a whole list bunch of others. Don't wait. Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-chrome-148-released-with-127-security-fixes-9-r-e-9-6/gD2P6Ple2L

DoD Contractor Schemata Patches API Flaw Exposing Military Training Data

Schemata, a DoD contractor, patched a critical API flaw that allowed low-privilege users to access sensitive military training manuals and PII of U.S. service members across multiple tenants.

****
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/dod-contractor-schemata-patches-api-flaw-exposing-military-training-data-a-2-e-i-a/gD2P6Ple2L

Critical Sandbox Escape Vulnerabilities Disclosed in vm2 Node.js Library

The Node.js sandboxing library vm2 has disclosed 12 critical vulnerabilities that allow attackers to escape the sandbox and execute arbitrary code on the host. Public proof-of-concept exploits are available.

**If you use vm2 to run untrusted code, update to version 3.11.2 ASAP. Given the repeated sandbox escapes in this library, consider moving high-risk script execution to more secure isolation layers like gVisor or lightweight virtual machines.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sandbox-escape-in-vm2-library-allows-remote-code-execution-2-l-q-y-s/gD2P6Ple2L

Researchers Report RCE Vulnerabilities in PostgreSQL and MariaDB

Researchers uncovered critical RCE vulnerabilities in PostgreSQL and MariaDB, including 20-year-old heap buffer overflows in core extensions and JSON validation logic. The flaws allow authenticated users to escalate privileges and execute arbitrary OS commands, affecting a vast majority of cloud-hosted database environments.

**Make sure your PostgreSQL and MariaDB databases are isolated from the internet and accessible only from trusted networks. Then update PostgreSQL to 18.2, 17.8, 16.12, 15.16, or 14.21 (and MariaDB to 11.4.10 or 11.8.6). Audit user permissions to remove any unnecessary CREATE or FILE privileges.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/researchers-report-rce-vulnerabilities-in-postgresql-and-mariadb-k-g-q-6-j/gD2P6Ple2L

Bleeding Llama Vulnerability Exposes Ollama AI Servers to Data Theft

Ollama patched a critical unauthenticated memory leak (CVE-2026-7482) that allows attackers to steal sensitive data, including API keys and user prompts.

**If you're running Ollama, make sure your instances are isolated from the internet and only accessible from trusted networks, then immediately upgrade to version 0.17.1 or later. If your instance was previously exposed without authentication, assume credentials and secrets in memory are compromised and rotate all API keys, tokens, and secrets that passed through it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/bleeding-llama-vulnerability-exposes-ollama-ai-servers-to-data-theft-v-p-w-7-u/gD2P6Ple2L

#OT #Advisory VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
#CVE CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

https://certvde.com/en/advisories/vde-2026-005/

#CSAF https://ifm.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-005.json