Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hackers are targeting one very new vulnerability, and one that is more than five years old.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a pair of freshly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog.
CVE-2018-4063 is an old vulnerability impacting an even older device, the Sierra Wireless AirLink ES450 wireless gateway, specifically firmware version 4.9.3. This device, commonly used to connect point-of-sale devices, went end-of-life in August 2021, and the vulnerability was first disclosed in 2019.
According to the CVE record, this vulnerability could lead to remote code execution via a specially crafted HTTP request. Cyber security firm Talos found the bug in late 2018.
CVE-2025-14174, on the other hand, was only given a CVE record on 12 December 2025 and is already being exploited. This is an out-of-bounds memory access vulnerability in Google Chrome on macOS prior to version 143.0.7499.110.
The vulnerability could allow a remote attacker to perform out-of-bounds memory access via a crafted HTML page. The issue has been addressed in the latest stable channel update for desktop, and was first reported by Apple Security Engineering and Architecture (SEAR) and Google Threat Analysis Group on 5 December.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
