CyberSecurity news

FlagThis - #vulnerabilities

Bill Mann@CyberInsider //
References: bsky.app , CyberInsider , The Apple Post ...
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.

Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem.

Recommended read:
References :
  • bsky.app: EMERGENCY UPDATES Apple pushed additional updates for 3 zero-days that may have been actively exploited. CVE-2025-24200 (Accessibility) additional patches, CVE-2025-24201 (WebKit) additional patches: - iOS and iPadOS 15.8.4 - iOS and iPadOS 16.7.11
  • CyberInsider: Apple has issued a wide set of security updates, patching multiple zero-day vulnerabilities across its operating systems — including iOS, macOS, iPadOS, and Safari — and notably extended critical fixes to older software versions, addressing previously exploited flaws.
  • isc.sans.edu: Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st)
  • The Apple Post: Apple releases iOS 18.4 with Priority Notifications feature, Control Center updates, new emoji, more
  • bsky.app: NEW SECURITY CONTENT - macOS Sequoia 15.4 - 131 bugs fixed macOS Sonoma 14.7.5 - 91 bugs fixed macOS Ventura 13.7.5 - 85 bugs fixed iOS and iPadOS 18.4 - 62 bugs fixed visionOS 2.4 - 38 bugs fixed iPadOS 17.7.6 - 38 bugs fixed tvOS 18.4 - 36 bugs fixed
  • securityaffairs.com: Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices:
  • The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
  • thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
  • The Hacker News: Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices

Laura French@scmagazine.com //
Microsoft's AI tool, Security Copilot, has identified 20 critical vulnerabilities in open-source bootloaders, including GRUB2, U-Boot, and Barebox. These bootloaders are vital for initializing operating systems, especially in Linux environments and embedded systems. The findings highlight the potential for attackers to bypass UEFI Secure Boot, a security standard designed to ensure that only trusted software runs during startup. Security updates addressing these flaws were released in February 2025.

The discovered vulnerabilities, including an exploitable integer overflow, could allow attackers to execute arbitrary code and install persistent malware that may survive OS reinstallation. In the case of GRUB2, attackers could potentially bypass Secure Boot, install stealthy bootkits, and evade enterprise security mechanisms. This could grant threat actors complete control over devices, compromise additional devices on the network, and enable persistent threats. Microsoft used traditional discovery methods, including static code analysis, manual code analysis and fuzzing, with assistance from Microsoft Security Copilot.

Recommended read:
References :
  • The Hacker News: The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of
  • Microsoft Security Blog: Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot. Through a series of prompts, we identified and refined security issues, ultimately uncovering an exploitable integer overflow vulnerability in the GRUB2, U-boot, and Barebox bootloaders. The post appeared first on .
  • bsky.app: Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. https://www.bleepingcomputer.com/news/security/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders/
  • BleepingComputer: Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders
  • www.csoonline.com: Microsoft’s AI tool catches critical GRUB2, U-boot bootloader flaws
  • www.scworld.com: Microsoft touts bug finds from Security Copilot

Anna Ribeiro@Industrial Cyber //
Cybersecurity researchers have uncovered 46 new vulnerabilities in solar inverters from leading vendors Sungrow, Growatt, and SMA. These flaws could be exploited by malicious actors to seize control of the devices remotely, posing severe risks to electrical grids. The vulnerabilities, collectively named SUN:DOWN by Forescout Vedere Labs, can enable attackers to execute arbitrary commands, take over accounts, and gain a foothold in vendor infrastructure, potentially leading to control of inverter owners' devices.

Researchers found that these flaws could be used to conduct coordinated large-scale cyber-attacks that target power generation and ultimately, grid failures. The vulnerabilities impact various components within solar power systems, including panels, PV inverters, and communication dongles. While Sungrow and SMA have patched the reported issues, Growatt's response was slower, and the researchers believe an attacker gaining control of a large number of inverters could cause instability to power grids, leading to potential blackouts.

Recommended read:
References :
  • ciso2ciso.com: Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA – Source:thehackernews.com
  • The Hacker News: Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.
  • : Solar Power System Vulnerabilities Could Result in Blackouts
  • www.scworld.com: 46 new bugs in solar power inverters raise concerns over power grid stability
  • Industrial Cyber: Forescout SUN:DOWN research uncovers critical vulnerabilities in solar inverters that threaten power grid stability
  • www.cybersecuritydive.com: Solar power gear vulnerable to remote sabotage
  • www.techradar.com: Several top solar invertor products were found to have vulnerabilities that could lead to device takeover.
  • The DefendOps Diaries: Securing Solar Inverters: Addressing Vulnerabilities in Renewable Energy Systems
  • Cyber Security News: Critical security flaws in global solar power infrastructure could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale.
  • Cyber Security News: 46 New Vulnerabilities in Solar Inverters Let Attackers Manipulate Settings
  • www.techradar.com: Hackers could exploit weak security in solar inverters, manipulating energy production, stealing user data, and even disrupting entire power networks with alarming ease.

Microsoft Threat@Microsoft Security Blog //
The U.S. Department of Justice has indicted 12 Chinese individuals for over a decade of global hacking intrusions, including a breach of the U.S. Treasury last year. The individuals include eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security, and two other alleged hackers belonging to the APT27 group, also known as Silk Typhoon. The group is accused of targeting U.S. state and federal agencies, foreign ministries across Asia, Chinese dissidents, and U.S.-based media outlets critical of the Chinese government.

Microsoft Threat Intelligence has detected a new variant of XCSSET, a macOS malware targeting Xcode projects, since 2022. This variant features enhanced obfuscation, updated persistence mechanisms, and new infection strategies. It steals and exfiltrates files and system/user information, including digital wallet data and notes. The malware's modular approach and encoded payloads make detection and removal challenging, even allowing it to remain fileless.

Recommended read:
References :

Pierluigi Paganini@Security Affairs //
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), posing significant risks to organizations. The advisory issued by CISA strongly urges immediate remediation to mitigate the threat of potential exploitation.

These vulnerabilities include CVE-2017-3066 in Adobe ColdFusion and CVE-2024-20953 in Oracle Agile PLM. The agency has set a deadline of March 17, 2025, for federal agencies to secure their networks against these flaws. Active exploitation attempts have been reported, highlighting the urgency of applying necessary updates.

Recommended read:
References :
  • Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]
  • thecyberexpress.com: CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
  • cyble.com: Overview The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.
  • Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]

@www.bleepingcomputer.com //
Critical security vulnerabilities have been patched in Juniper Networks Session Smart Routers and several Atlassian products. A critical authentication bypass vulnerability, identified as CVE-2025-21589, affects Juniper's Session Smart Router, Conductor, and WAN Assurance Managed Routers. Juniper Networks has released a patch to address this flaw, which could allow attackers to bypass authentication and gain control of affected Session Smart Router devices.

Australian software firm Atlassian has also released security patches to address 12 critical and high-severity vulnerabilities across its product suite, including Bamboo, Bitbucket, Confluence, Crowd, and Jira. Among the most severe vulnerabilities fixed is CVE-2024-50379, which has a CVSS score of 9.8 and could lead to remote code execution. Users of these products are strongly advised to apply the available patches as soon as possible to mitigate potential risks.

Recommended read:
References :
  • Anonymous ???????? :af:: Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices.
  • securityaffairs.com: Australian software firm Atlassian patched 12 critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira. Software firm Atlassian released security patches to address 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira products. The most severe vulnerabilities addressed by the company are: CVE-2024-50379 – (CVSS score of 9.8) – RCE

@ciso2ciso.com //
A series of cyber incidents have been reported, highlighting the evolving nature of online threats. A concerning trend involves a sophisticated phishing campaign targeting users in Poland and Germany, using PureCrypter malware to deliver multiple payloads, including Agent Tesla and Snake Keylogger, as well as a novel backdoor called TorNet. This TorNet backdoor employs advanced detection evasion tactics, requiring immediate and proactive defense measures. The campaign, which has been active since at least mid-summer 2024, indicates financially motivated threat actors behind the attacks. Security tools are available with threat intelligence to assist in detecting and preventing such intrusions.

Multiple additional vulnerabilities have been discovered, including over 10,000 WordPress websites unknowingly delivering MacOS and Windows malware through fake Google browser update pages. This cross-platform malware attack is notable as it delivers AMOS for Apple users and SocGholish for Windows users, and is the first time these variants have been delivered through a client-side attack. Moreover, an OAuth redirect flaw in an airline travel integration system has exposed millions of users to account hijacking. By manipulating parameters within the login process, attackers can redirect authentication responses, gain unauthorized access to user accounts, and perform actions like booking hotels and car rentals. These incidents underscore the importance of constant vigilance and robust security measures across all platforms.

Recommended read:
References :
  • BleepingComputer: Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks.
  • securityaffairs.com: Attackers exploit SimpleHelp RMM software flaws for initial access.
  • Help Net Security: Attackers are leveraging vulnerabilities in SimpleHelp.
  • www.bleepingcomputer.com: Hackers are exploiting flaws in SimpleHelp RMM to breach networks
  • ciso2ciso.com: TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads – Source: socprime.com
  • cside.dev: 10,000 WordPress Websites Found Delivering MacOS and Microsoft Malware
  • The Hacker News: OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking