FlagThis

Apple has released emergency security updates to address a zero-day vulnerability, CVE-2025-24085, that is actively being exploited. The vulnerability affects iOS, iPadOS, macOS, tvOS, watchOS, and visionOS and has been patched. This highlights the constant threat of zero-day exploits and the importance of promptly applying security updates.

A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall’s SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). This flaw, classified under CWE-502 (Deserialization of Untrusted Data), carries a severity score of 9.8 (Critical), indicating its potential for a devastating impact. SonicWall has confirmed active exploitation of this vulnerability by malicious actors, allowing them to execute arbitrary OS commands on affected appliances. The vulnerability stems from the improper handling of data during deserialization processes. This flaw can be exploited by attackers to inject malicious code into the targeted appliances, ultimately leading to complete system compromise. SonicWall has issued an urgent security advisory and released a patch for this vulnerability. The company strongly urges users to update their SMA1000 appliances immediately.

Tesla’s vehicle and charging infrastructure have been repeatedly compromised at the Pwn2Own Automotive 2025 hacking competition. Researchers demonstrated the lack of effective security, managing to exploit vulnerabilities in charging stations and infotainment systems. The consistent success of these attacks underscores the pressing need for enhanced security measures within connected vehicles.

The successful exploits in the Pwn2Own contests highlights the need for better security protocols for automotive tech. The fact that multiple systems were compromised should raise concerns for consumers and car manufacturers about the overall security of connected vehicles.

A zero-day vulnerability in Fortinet firewalls is being actively exploited by attackers. The flaw allows attackers to compromise systems with exposed interfaces. There is a mass exploitation campaign against Fortinet firewalls that peaked in December 2024. Fortinet has released a patch (CVE-2024-55591). It is suspected that the attackers may have been exploiting a zero-day vulnerability before the patch was released. Organizations using Fortinet firewalls are strongly advised to apply the patch as soon as possible.

A new hacking group has leaked configuration files and VPN credentials for over 15,000 FortiGate devices. This includes full configuration dumps and VPN passwords, exposing sensitive technical information to other cybercriminals. The affected devices appear to be primarily Fortigate 7.x and 7.2.x devices. The data was likely collected using a zero day exploit in 2022 but just released in Jan 2025.

A critical zero-day vulnerability, tracked as CVE-2025-0282, has been discovered in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow allows unauthenticated remote attackers to achieve remote code execution. This is in addition to CVE-2025-0283 which is another stack-based buffer overflow, which requires a local authenticated attacker. This vulnerability is currently being actively exploited in the wild. Organizations are advised to apply the available patches immediately and perform factory resets to ensure complete removal of any potential malware. Ivanti has a long history of being targeted.

A new version of the Banshee macOS stealer has been identified by Check Point Research. This malware, linked to Russian-speaking cyber criminals, employs a string encryption algorithm identical to that used by Apple’s XProtect antivirus engine. The stealer, which operates as a ‘stealer-as-a-service’, targets macOS users, stealing browser and login credentials, cryptocurrency wallets, and other sensitive information. Its distribution methods include malicious GitHub repositories and phishing websites. This incident highlights the increasing sophistication of macOS malware and the use of legitimate security algorithms for malicious purposes.

Multiple vulnerabilities have been discovered in Palo Alto Networks’ Expedition migration tool, including an OS command injection flaw and a vulnerability that exposes sensitive firewall credentials. These vulnerabilities could allow attackers to execute arbitrary code and access usernames, cleartext passwords, device configurations, and API keys. The vulnerabilities pose a significant risk to organizations using the tool for firewall migration and optimization.

Multiple vulnerabilities were found in various products including a zero-day in industrial routers which were leveraged by a Mirai based botnet, a vulnerability in the Nuclei vulnerability scanner that allows code execution, and an OpenVPN vulnerability which leaks private keys. The vulnerabilities allow attackers to gain unauthorized access, execute code, or steal sensitive information. These incidents highlight the continuous need for robust security measures and timely patching.

A zero-day exploit was discovered in the OAuth implementation for Google Chrome extensions. This vulnerability allowed malicious actors to insert malicious code into Chrome extensions via a phishing campaign. The security flaw was identified by SquareX researchers just days before a widespread attack, highlighting the critical need for improved browser security and proactive detection methods for zero day vulnerabilities. This incident led to the hijacking of multiple Chrome extensions, compromising user security.

A critical path traversal vulnerability, identified as CVE-2024-53961, has been discovered in Adobe ColdFusion versions 2023 and 2021. This flaw allows attackers to read arbitrary files from the server. A proof-of-concept (PoC) exploit is already publicly available, significantly increasing the risk of exploitation. ColdFusion users must immediately apply the security updates to mitigate this vulnerability, as attackers are expected to weaponize this vulnerability very quickly. The vulnerability is due to an incomplete mitigation for CVE-2024-50379.