CyberSecurity news
FlagThis - #vulnerabilities
|
Field Effect@Blog
//
References:
Blog
, securityaffairs.com
Multiple security vulnerabilities are being actively exploited across various systems, posing significant risks to organizations and individuals. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Linux Kernel vulnerability to its Known Exploited Vulnerabilities catalog, emphasizing the urgency of addressing this flaw. Furthermore, researchers have uncovered a vulnerability chain affecting a wide range of Linux distributions that could allow an unprivileged user to gain full root access. These vulnerabilities, CVE-2025-6018 and CVE-2025-6019, reside in the Pluggable Authentication Modules (PAM) configuration and libblockdev, respectively.
Proof-of-concept (POC) code has been published for the Linux vulnerability chain, raising the potential for widespread exploitation. The libblockdev flaw is exploitable through the udisks daemon, a tool commonly deployed in Linux distributions such as Ubuntu, Debian, Fedora, openSUSE, Arch Linux, and Red Hat Enterprise Linux (RHEL). In addition to Linux vulnerabilities, there is also an increase in infostealer malware such as Lumma Stealer with new rules being added to detect associated command and control (CnC) domains. This highlights the diverse and evolving nature of cyber threats. The constant discovery and exploitation of vulnerabilities underscore the critical importance of timely patching and robust security awareness. Organizations are advised to prioritize patching the Linux Kernel flaw added to CISA's Known Exploited Vulnerabilities catalog, as well as the vulnerability chain affecting multiple Linux distributions. In addition to addressing Linux flaws, organizations need to also protect themselves from a range of malware, including the Lumma Stealer. The Cybersecurity community continues to identify and address many more vulnerabilities in a range of products including Apple products, TP-Link routers and Zyxel products. Regular security audits and proactive threat hunting are also essential for mitigating risks and maintaining a strong security posture. Recommended read:
References :
@research.checkpoint.com
//
Microsoft's June 2025 Patch Tuesday has addressed a total of 66 vulnerabilities across its product range, with one zero-day vulnerability, CVE-2025-33053, being actively exploited in the wild. This critical flaw exists in the Web Distributed Authoring and Versioning (WebDAV) implementation, and its exploitation could lead to remote code execution. Microsoft has issued an urgent security update to mitigate this threat, even for outdated systems like Windows Server 2008 and components of the long-retired Internet Explorer. The urgency of this patch is underscored by the ongoing exploitation of the vulnerability by the Stealth Falcon APT group.
The actively exploited zero-day, CVE-2025-33053, poses a significant risk because attackers can achieve remote code execution at the local level simply by tricking a user into following a malicious link. This vulnerability has been exploited since March 2025 by Stealth Falcon, a hacking group known for targeted attacks in the Middle East. Researchers at Check Point discovered the flaw being used against a Turkish defense company, where malware was inserted to facilitate data exfiltration and the installation of a custom keylogger. The attack involves a .url file disguised as a PDF, which, when clicked, redirects to a WebDAV server controlled by the attacker, causing a legitimate Windows diagnostic tool to execute a malicious file. Alongside the actively exploited zero-day, Microsoft's June 2025 Patch Tuesday addresses a range of other vulnerabilities, including ten that are rated as "Critical". Another notable flaw, CVE-2025-33073, affects the Windows Server Message Block (SMB) client and could allow attackers to gain SYSTEM privileges. This vulnerability is considered less likely to be exploited but can be mitigated by enforcing server-side SMB signing via Group Policy. The updates also include fixes for vulnerabilities in Microsoft Office, .NET, Visual Studio, and other products, highlighting the breadth of the security update. Recommended read:
References :
info@thehackernews.com (The@The Hacker News
//
Qualcomm has issued security updates to address three zero-day vulnerabilities affecting its Adreno Graphics Processing Unit (GPU) drivers. These flaws, identified as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038, impact numerous Qualcomm chipsets and have reportedly been exploited in limited, targeted attacks. The vulnerabilities involve memory corruption issues stemming from unauthorized command execution in the GPU microcode and a use-after-free condition during graphics rendering in Chrome. Google's Threat Analysis Group (TAG) alerted Qualcomm to these security lapses, emphasizing the urgency of addressing them to protect against potential exploitation.
Qualcomm swiftly responded by releasing patches to device vendors in May, urging them to deploy the updates to affected devices as soon as possible. The company states that CVE-2025-21479 and CVE-2025-21480 are critical flaws involving incorrect authorization in the Graphics component, leading to memory corruption. CVE-2025-27038 is a high-severity vulnerability concerning a use-after-free condition in the Graphics component that could also result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome. Affected chipsets include those in the Snapdragon 888, 8 Gen 2, and 8 Gen 3 families, as well as some entry-level and medium-tier chips like the Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 4 Gen 2, and Snapdragon 680. While the specific details of how these vulnerabilities are being exploited remain unclear, Qualcomm stresses the importance of installing the patches promptly. The fact that exploiting these flaws requires local access to the device suggests potential use by surveillance companies or law enforcement agencies to unlock confiscated Android phones. Users are advised to check for security updates from their Android device providers to ensure they are protected against these zero-day exploits. Qualcomm's rapid response underscores the critical need for ongoing vigilance and proactive cybersecurity measures to safeguard against emerging threats. Recommended read:
References :
Bill Toulas@BleepingComputer
//
References:
securityaffairs.com
, BleepingComputer
,
Critical vulnerabilities have been disclosed in several software products, raising concerns about potential security breaches. Two significant flaws have been identified in vBulletin forum software, tracked as CVE-2025-48827 and CVE-2025-48828. These vulnerabilities, with CVSS v3 scores of 10.0 and 9.0 respectively, enable API abuse and remote code execution. One of the flaws is reportedly being actively exploited in the wild, posing an immediate threat to vBulletin users. The vulnerabilities affect vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 when running on PHP 8.1 or later, however the vulnerabilities were likely patched last year in Patch Level 1 of the 6.* release branch.
Exploit details for a serious vulnerability in Cisco IOS XE Wireless Controller, designated CVE-2025-20188, have been publicly released, increasing the risk of exploitation. This vulnerability allows an attacker to take over devices by uploading files, performing path manipulation, and executing arbitrary commands with root privileges. The issue stems from a hardcoded JSON Web Token (JWT) which allows unauthenticated, remote attackers to generate valid tokens without knowing any secret information. Cisco has advised affected users to take immediate action to secure their systems. Horizon3's analysis shows the Cisco IOS XE WLC vulnerability is caused by a hardcoded JWT fallback secret ('notfound'). If the file ‘/tmp/nginx_jwt_key’ is missing, the script uses ‘notfound’ as the secret key to verify JWTs, allowing attackers to generate valid tokens without knowing any secret information. They can then send an HTTP POST request with a file upload to the ‘/ap_spec_rec/upload/’ endpoint via port 8443 using path manipulation in the file name to place an innocent file (foo.txt) outside the intended directory. To escalate the file upload vulnerability to remote code execution, an attacker can overwrite configuration files loaded by backend services, place web shells, or abuse monitored files to perform unauthorized actions. Users are advised to upgrade to a patched version (17.12.04 or newer) as soon as possible. Recommended read:
References :
@cyberscoop.com
//
CISA has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This action follows Microsoft's May 2025 Patch Tuesday, which addressed a total of 72 vulnerabilities, including these five zero-day exploits. The vulnerabilities affect various Windows components, posing a significant risk to systems if left unpatched. The addition to the KEV catalog underscores the urgency for organizations to apply the relevant Microsoft patches.
The zero-day vulnerabilities include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709. CVE-2025-30397 is a memory corruption vulnerability in the Windows scripting engine, while CVE-2025-30400 affects the Microsoft DWM Core Library. CVE-2025-32701 and CVE-2025-32706 are defects in the Windows Common Log File System (CLFS) Driver, which are particularly concerning as they can lead to elevation of privilege to SYSTEM. CVE-2025-32709 resides in the Windows Ancillary Function Driver for WinSock. Security experts recommend immediate patching, especially for the CLFS driver vulnerabilities. Mike Walters of Action1 warned that attackers could exploit the CLFS zero-days to gain full control of systems, allowing them to run arbitrary code, install malware, modify data, or disable security protections. The Cybersecurity and Infrastructure Security Agency (CISA) encourages all organizations to review and apply the necessary updates to mitigate the risk of exploitation. Recommended read:
References :
Bill Mann@CyberInsider
//
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.
Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem. Recommended read:
References :
Laura French@scmagazine.com
//
Microsoft's AI tool, Security Copilot, has identified 20 critical vulnerabilities in open-source bootloaders, including GRUB2, U-Boot, and Barebox. These bootloaders are vital for initializing operating systems, especially in Linux environments and embedded systems. The findings highlight the potential for attackers to bypass UEFI Secure Boot, a security standard designed to ensure that only trusted software runs during startup. Security updates addressing these flaws were released in February 2025.
The discovered vulnerabilities, including an exploitable integer overflow, could allow attackers to execute arbitrary code and install persistent malware that may survive OS reinstallation. In the case of GRUB2, attackers could potentially bypass Secure Boot, install stealthy bootkits, and evade enterprise security mechanisms. This could grant threat actors complete control over devices, compromise additional devices on the network, and enable persistent threats. Microsoft used traditional discovery methods, including static code analysis, manual code analysis and fuzzing, with assistance from Microsoft Security Copilot. Recommended read:
References :
|