Microsoft Patch Tuesday, June 2025 Security Update Review

Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, June 2025 edition, Microsoft addressed 69 vulnerabilities. The updates include 10 critical and 57 important severity vulnerabilities. In this … Continue reading “Microsoft Patch Tuesday, June 2025 Security Update Review”

ConnectWise ScreenConnect Command Injection Vulnerability Added to CISA KEV (CVE-2025-3935)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a high-severity vulnerability impacting ConnectWise ScreenConnect, tracked as CVE-2025-3935. Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code remotely or directly impact confidential data, leading to complete system compromise.

Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)

Clement Lecigne and Benoît Sevens of Google Threat Analysis Group discovered a high-severity vulnerability impacting the Chrome browser. Tracked as CVE-2025-5419, this is an out-of-bounds read and write vulnerability in V8. Google mentioned in the advisory that they are aware of the active exploitation of vulnerability in the wild. Google addressed the vulnerability with a … Continue reading “Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)”

Invision Community Remote Code Execution Vulnerability (CVE-2025-47916)

A critical remote code execution vulnerability (CVE-2025-47916) in the Invision Community has come to light. The vulnerability may allow attackers to execute arbitrary code on the target system. The vulnerability puts countless forums and online communities at serious risk because of the popularity of the Invision Community.

vBulletin Remote Code Execution Vulnerabilities Exploited in the Wild (CVE-2025-48827 & CVE-2025-48828)

Security researchers at Karma(In)Security discovered two unauthenticated remote code execution vulnerabilities in vBulletin, a popular commercial forum solution. Tracked as CVE-2025-48828, successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to critical data loss and complete system compromise.

Versa Concerto Zero-day Remote Code Execution Vulnerabilities (CVE-2025-34025, CVE-2025-34026, & CVE-2025-34027)

Security researchers at Project Discovery discovered two critical zero-day vulnerabilities in Versa Concerto, a popular SD-WAN and network orchestration platform. When exploited together, the vulnerabilities may allow attackers to fully compromise the application and the underlying host system. The vulnerabilities affect key elements of the platform, which are based on Docker containers, Spring Boot, and … Continue reading “Versa Concerto Zero-day Remote Code Execution Vulnerabilities (CVE-2025-34025, CVE-2025-34026, & CVE-2025-34027)”

CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)

Ivanti released security updates to address two high security vulnerabilities impacting its Endpoint Manager Mobile (EPMM). Tracked as CVE-2025-4427 and CVE-2025-4428, the vulnerabilities are being exploited in the wild. The advisory states, “When chained together, successful exploitation could lead to unauthenticated remote code execution.” CISA added the CVEs to its Known Exploited Vulnerabilities Catalog and … Continue reading “CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)”

Mozilla Fixes Two Actively Exploited Zero-day Vulnerabilities in Firefox (CVE-2025-4919 & CVE-2025-4918)

Mozilla released a security advisory to address two critical severity vulnerabilities in Firefox. Tracked as CVE-2025-4919 & CVE-2025-4918, the vulnerabilities may allow attackers to access sensitive data or execute code. Both vulnerabilities are exploited as a zero-day at Pwn2Own Berlin. Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. Contestants are … Continue reading “Mozilla Fixes Two Actively Exploited Zero-day Vulnerabilities in Firefox (CVE-2025-4919 & CVE-2025-4918)”

Google Releases Fix for Zero-day Vulnerability in Chrome (CVE-2025-4664)

Google released a security advisory to address a zero-day vulnerability tracked as CVE-2025-4664. CVE-2025-4664 is an insufficient policy enforcement in Loader. The vulnerability could allow attackers to bypass security policies within Chrome’s Loader logic, potentially leading to unauthorized code execution or sandbox escape. Google mentioned in the advisory that they are aware of the reports … Continue reading “Google Releases Fix for Zero-day Vulnerability in Chrome (CVE-2025-4664)”