CyberSecurity news
FlagThis - #vulnerabilities
|
info@thehackernews.com (The@The Hacker News
//
Qualcomm has issued security updates to address three zero-day vulnerabilities affecting its Adreno Graphics Processing Unit (GPU) drivers. These flaws, identified as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038, impact numerous Qualcomm chipsets and have reportedly been exploited in limited, targeted attacks. The vulnerabilities involve memory corruption issues stemming from unauthorized command execution in the GPU microcode and a use-after-free condition during graphics rendering in Chrome. Google's Threat Analysis Group (TAG) alerted Qualcomm to these security lapses, emphasizing the urgency of addressing them to protect against potential exploitation.
Qualcomm swiftly responded by releasing patches to device vendors in May, urging them to deploy the updates to affected devices as soon as possible. The company states that CVE-2025-21479 and CVE-2025-21480 are critical flaws involving incorrect authorization in the Graphics component, leading to memory corruption. CVE-2025-27038 is a high-severity vulnerability concerning a use-after-free condition in the Graphics component that could also result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome. Affected chipsets include those in the Snapdragon 888, 8 Gen 2, and 8 Gen 3 families, as well as some entry-level and medium-tier chips like the Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 4 Gen 2, and Snapdragon 680. While the specific details of how these vulnerabilities are being exploited remain unclear, Qualcomm stresses the importance of installing the patches promptly. The fact that exploiting these flaws requires local access to the device suggests potential use by surveillance companies or law enforcement agencies to unlock confiscated Android phones. Users are advised to check for security updates from their Android device providers to ensure they are protected against these zero-day exploits. Qualcomm's rapid response underscores the critical need for ongoing vigilance and proactive cybersecurity measures to safeguard against emerging threats. Recommended read:
References :
Bill Toulas@BleepingComputer
//
References:
securityaffairs.com
, BleepingComputer
,
Critical vulnerabilities have been disclosed in several software products, raising concerns about potential security breaches. Two significant flaws have been identified in vBulletin forum software, tracked as CVE-2025-48827 and CVE-2025-48828. These vulnerabilities, with CVSS v3 scores of 10.0 and 9.0 respectively, enable API abuse and remote code execution. One of the flaws is reportedly being actively exploited in the wild, posing an immediate threat to vBulletin users. The vulnerabilities affect vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 when running on PHP 8.1 or later, however the vulnerabilities were likely patched last year in Patch Level 1 of the 6.* release branch.
Exploit details for a serious vulnerability in Cisco IOS XE Wireless Controller, designated CVE-2025-20188, have been publicly released, increasing the risk of exploitation. This vulnerability allows an attacker to take over devices by uploading files, performing path manipulation, and executing arbitrary commands with root privileges. The issue stems from a hardcoded JSON Web Token (JWT) which allows unauthenticated, remote attackers to generate valid tokens without knowing any secret information. Cisco has advised affected users to take immediate action to secure their systems. Horizon3's analysis shows the Cisco IOS XE WLC vulnerability is caused by a hardcoded JWT fallback secret ('notfound'). If the file ‘/tmp/nginx_jwt_key’ is missing, the script uses ‘notfound’ as the secret key to verify JWTs, allowing attackers to generate valid tokens without knowing any secret information. They can then send an HTTP POST request with a file upload to the ‘/ap_spec_rec/upload/’ endpoint via port 8443 using path manipulation in the file name to place an innocent file (foo.txt) outside the intended directory. To escalate the file upload vulnerability to remote code execution, an attacker can overwrite configuration files loaded by backend services, place web shells, or abuse monitored files to perform unauthorized actions. Users are advised to upgrade to a patched version (17.12.04 or newer) as soon as possible. Recommended read:
References :
@cyberscoop.com
//
CISA has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This action follows Microsoft's May 2025 Patch Tuesday, which addressed a total of 72 vulnerabilities, including these five zero-day exploits. The vulnerabilities affect various Windows components, posing a significant risk to systems if left unpatched. The addition to the KEV catalog underscores the urgency for organizations to apply the relevant Microsoft patches.
The zero-day vulnerabilities include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709. CVE-2025-30397 is a memory corruption vulnerability in the Windows scripting engine, while CVE-2025-30400 affects the Microsoft DWM Core Library. CVE-2025-32701 and CVE-2025-32706 are defects in the Windows Common Log File System (CLFS) Driver, which are particularly concerning as they can lead to elevation of privilege to SYSTEM. CVE-2025-32709 resides in the Windows Ancillary Function Driver for WinSock. Security experts recommend immediate patching, especially for the CLFS driver vulnerabilities. Mike Walters of Action1 warned that attackers could exploit the CLFS zero-days to gain full control of systems, allowing them to run arbitrary code, install malware, modify data, or disable security protections. The Cybersecurity and Infrastructure Security Agency (CISA) encourages all organizations to review and apply the necessary updates to mitigate the risk of exploitation. Recommended read:
References :
Bill Mann@CyberInsider
//
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.
Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem. Recommended read:
References :
Laura French@scmagazine.com
//
Microsoft's AI tool, Security Copilot, has identified 20 critical vulnerabilities in open-source bootloaders, including GRUB2, U-Boot, and Barebox. These bootloaders are vital for initializing operating systems, especially in Linux environments and embedded systems. The findings highlight the potential for attackers to bypass UEFI Secure Boot, a security standard designed to ensure that only trusted software runs during startup. Security updates addressing these flaws were released in February 2025.
The discovered vulnerabilities, including an exploitable integer overflow, could allow attackers to execute arbitrary code and install persistent malware that may survive OS reinstallation. In the case of GRUB2, attackers could potentially bypass Secure Boot, install stealthy bootkits, and evade enterprise security mechanisms. This could grant threat actors complete control over devices, compromise additional devices on the network, and enable persistent threats. Microsoft used traditional discovery methods, including static code analysis, manual code analysis and fuzzing, with assistance from Microsoft Security Copilot. Recommended read:
References :
Anna Ribeiro@Industrial Cyber
//
Cybersecurity researchers have uncovered 46 new vulnerabilities in solar inverters from leading vendors Sungrow, Growatt, and SMA. These flaws could be exploited by malicious actors to seize control of the devices remotely, posing severe risks to electrical grids. The vulnerabilities, collectively named SUN:DOWN by Forescout Vedere Labs, can enable attackers to execute arbitrary commands, take over accounts, and gain a foothold in vendor infrastructure, potentially leading to control of inverter owners' devices.
Researchers found that these flaws could be used to conduct coordinated large-scale cyber-attacks that target power generation and ultimately, grid failures. The vulnerabilities impact various components within solar power systems, including panels, PV inverters, and communication dongles. While Sungrow and SMA have patched the reported issues, Growatt's response was slower, and the researchers believe an attacker gaining control of a large number of inverters could cause instability to power grids, leading to potential blackouts. Recommended read:
References :
Microsoft Threat@Microsoft Security Blog
//
References:
Microsoft Security Blog
, Schneier on Security
The U.S. Department of Justice has indicted 12 Chinese individuals for over a decade of global hacking intrusions, including a breach of the U.S. Treasury last year. The individuals include eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security, and two other alleged hackers belonging to the APT27 group, also known as Silk Typhoon. The group is accused of targeting U.S. state and federal agencies, foreign ministries across Asia, Chinese dissidents, and U.S.-based media outlets critical of the Chinese government.
Microsoft Threat Intelligence has detected a new variant of XCSSET, a macOS malware targeting Xcode projects, since 2022. This variant features enhanced obfuscation, updated persistence mechanisms, and new infection strategies. It steals and exfiltrates files and system/user information, including digital wallet data and notes. The malware's modular approach and encoded payloads make detection and removal challenging, even allowing it to remain fileless. Recommended read:
References :
|