Security researchers at Ruhr University Bochum discovered a security vulnerability in the Erlang/Open Telecom Platform (OTP) SSH implementation. Tracked as CVE-2025-32433, the vulnerability has a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code … Continue reading “Erlang/OTP SSH Server Remote Code Execution Vulnerability (CVE-2025-32433)”
Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)
Apple and Google Threat Analysis Group discovered two security vulnerabilities impacting iOS devices. Tracked as CVE-2025-31200 and CVE-2025-31201, the vulnerabilities could allow an attacker to execute code. The Apple security advisory states that they are aware of a report that the vulnerabilities may have been exploited in an extremely sophisticated attack against specific targeted individuals on … Continue reading “Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)”
Oracle Critical Patch Update, April 2025 Security Update Review
Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle … Continue reading “Oracle Critical Patch Update, April 2025 Security Update Review”
Microsoft Patch Tuesday, April 2025 Security Update Review
Microsoft’s April 2025 Patch Tuesday has arrived, delivering critical security updates and fixes across the various products, features, and roles. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, April 2025 edition, Microsoft addressed 134 vulnerabilities, including 11 critical and 110 important severity vulnerabilities. In this month’s updates, Microsoft … Continue reading “Microsoft Patch Tuesday, April 2025 Security Update Review”
Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)
Ivanti released a security advisory to address a security flaw impacting Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways. Tracked as CVE-2025-22457, the vulnerability has a critical severity rating with a CVSS score of 9.0. Successful exploitation of the buffer overflow vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to critical … Continue reading “Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)”
CrushFTP Authentication Bypass Vulnerability Exploited in Attacks (CVE-2025-31161)
Threat actors target an authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. Tracked as CVE-2025-31161, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow unauthenticated attackers to bypass authentication and gain unauthorized access. CISA added … Continue reading “CrushFTP Authentication Bypass Vulnerability Exploited in Attacks (CVE-2025-31161)”
Apple Backports Fixes for Three Zero-day Vulnerabilities (CVE-2025-24200, CVE-2025-24201, & CVE-2025-24085)
Apple released backported fixes to address three zero-day vulnerabilities exploited in targeted attacks against older iOS, iPadOS, and macOS versions. Tracked as CVE-2025-24200, CVE-2025-24201, & CVE-2025-24085, the vulnerabilities were initially patched in March. Apple mentioned in the advisory that they are aware of a report that the vulnerabilities may have been actively exploited against versions … Continue reading “Apple Backports Fixes for Three Zero-day Vulnerabilities (CVE-2025-24200, CVE-2025-24201, & CVE-2025-24085)”
Mozilla Firefox Addresses Sandbox Escape Vulnerability (CVE-2025-2857)
Mozilla released a security advisory for a security vulnerability impacting its web browser, Firefox. Tracked as CVE-2025-2857, the vulnerability may allow an attacker to escape the web browser’s sandbox on Windows systems. Mozilla described the vulnerability as an incorrect handle that could lead to sandbox escape. The vulnerability is similar to Chrome zero-day exploited in … Continue reading “Mozilla Firefox Addresses Sandbox Escape Vulnerability (CVE-2025-2857)”
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783)
Kaspersky researchers Boris Larin and Igor Kuznetsov discovered a high-severity vulnerability in Google Chrome. Tracked as CVE-2025-2783, the vulnerability is being exploited in the wild. This is the first actively exploited Chrome zero-day since the start of the year. Google has not released any technical information about the nature of the attacks. Some reports suggest the … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783)”
Next.js Middleware Authorization Bypass Vulnerability (CVE-2025-29927)
Next.js, a React framework, is vulnerable to a critical severity flaw, tracked as CVE-2025-29927. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to bypass authorization checks within a Next.js application.
