Tag Archives: ZeroDay

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2017 Sitecore guides. Some customers reused this key in production, allowing attackers with knowledge of the key to craft valid, but malicious …

WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. The company says this zero-click flaw (tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. “Incomplete authorization of linked device synchronization messages in WhatsApp [..] could have allowed …

Apple issues emergency update to fix zero-day exploit in iPhone and macOS  TechSpot All Apple users should update after company patches zero-day vulnerability in all platforms  Malwarebytes Apple releases iOS 18.6.2 for iPhone, here’s what’s new  9to5Mac Apple Rushes Out Fix for Zero-Day Attack on iPhones, Macs  PCMag You Need to Download iOS 18.6.2 Now to Patch This Zero-Day Exploit  CNET Source link

Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks. Logged as CVE-2025-43300, the bug is an out-of-bounds write issue in ImageIO, the component apps rely on to read and write standard image formats. Apple warned that the flaw could let miscreants hijack devices …

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an “extremely sophisticated attack.” Tracked as CVE-2025-43300, this security flaw is caused by an out-of-bounds write weakness discovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats. An out-of-bounds write occurs when attackers successfully exploit …

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks  The Hacker News Apple Rushes Out Fix for Zero-Day Attack on iPhones, Macs  PCMag Apple releases iOS 18.6.2 for iPhone, here’s what’s new  9to5Mac Apple fixes new zero-day flaw exploited in targeted attacks  BleepingComputer Update your iPhone now to protect it from ‘extremely sophisticated’ attack  Mashable Source link

Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws  The Hacker News Microsoft Patch Tuesday, August 2025 Edition  Krebs on Security Microsoft’s Patch Tuesday gives sys admins a baker’s dozen  theregister.com Windows 10 KB5063709 update fixes extended security updates enrollment  BleepingComputer Microsoft Teams RCE Vulnerability Let Attackers Read, Write and Delete Messages  CyberSecurityNews Source link

Tag CVE ID CVE Title Severity Azure File Sync CVE-2025-53729 Microsoft Azure File Sync Elevation of Privilege Vulnerability Important Azure Stack CVE-2025-53793 Azure Stack Hub Information Disclosure Vulnerability Critical Azure Stack CVE-2025-53765 Azure Stack Hub Information Disclosure Vulnerability Important Azure Virtual Machines CVE-2025-49707 …

ESET researchers have discovered a previously unknown vulnerability in WinRAR, being exploited in the wild by Russia-aligned group RomCom. This is at least the third time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild. Previous examples include the abuse of CVE-2023-36884 via Microsoft Word in June 2023, and the combined vulnerabilities assigned CVE‑2024‑9680 chained with …

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately  The Hacker News WinRAR zero-day exploited to plant malware on archive extraction  BleepingComputer Newly discovered WinRAR exploit linked to Russian hacking group, can plant backdoor malware — zero day hack requires manual update to fix  Tom’s Hardware Patch Now: New WinRAR Flaw Used to Deliver Malware  PCMag Phishing attacks exploit WinRAR flaw CVE-2025-8088 …