On Wednesday, Google rolled out security updates for a Chrome vulnerability actively exploited in the wild. Tracked as CVE-2025-10585, the vulnerability is a type confusion flaw in the V8 JavaScript and WebAssembly engine. Google Threat Analysis Group discovered and reported the vulnerability.
Multiple npm Packages affected by the Ongoing Supply Chain Attack (Shai-Hulud Malware)
This is a supply chain attack that has impacted over 180 unique npm packages spanning multiple maintainers. The malware campaign (part of the “Shai-Hulud” attack) has compromised npm packages in a worm-like manner. The malware affects various packages from different maintainers. Some are public; others belong to popular vendors like CrowdStrike. Altogether, these packages have … Continue reading “Multiple npm Packages affected by the Ongoing Supply Chain Attack (Shai-Hulud Malware)”
Ivanti September Security Updates Address Multiple Vulnerabilities in Popular Products
Ivanti released its security bulletin for September, addressing 13 vulnerabilities. The vulnerabilities impact Ivanti Endpoint Manager, Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. As per the Ivanti advisory, no proof exists for any of the vulnerabilities being exploited in the wild.
Microsoft Patch Tuesday, September 2025 Security Update Review
It’s the second Tuesday of September, and Microsoft has rolled out its latest security updates. Microsoft’s September 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, the September 2025 … Continue reading “Microsoft Patch Tuesday, September 2025 Security Update Review”
CISA Warns of Sitecore Experience Platform Zero-day Vulnerability (CVE-2025-53690)
Threat attackers exploit a zero-day vulnerability in Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) tracked as CVE-2025-53690. The vulnerability has a critical severity rating with a CVSS score of 9.0. Successful exploitation of the vulnerability may lead to remote code execution and unauthorized access to information. Mandiant Threat Defense identified active exploitation of … Continue reading “CISA Warns of Sitecore Experience Platform Zero-day Vulnerability (CVE-2025-53690)”
Citrix Warns of Active Exploitation: CVE-2025-7775 in NetScaler ADC/Gateway
A critical memory overflow bug in NetScaler ADC/Gateway is being exploited in the wild. It can lead to remote code execution (RCE) or denial of service. Since there are no workarounds, it is highly recommended to patch immediately. CISA added CVE-2025-7775 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Citrix shipped … Continue reading “Citrix Warns of Active Exploitation: CVE-2025-7775 in NetScaler ADC/Gateway”
Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)
Apple has released updates to address a vulnerability that is being exploited in the wild. Tracked as CVE-2025-43300, the vulnerability impacts macOS Sequoia, macOS Ventura, macOS Sonoma, iOS, and iPadOS. CVE-2025-43300 is an out-of-bounds write flaw in Apple’s ImageIO framework. An attacker may exploit the vulnerability by processing a malicious image file, which could lead to … Continue reading “Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)”
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability (CVE-2025-20265)
Cisco addressed a critical severity vulnerability impacting its Secure Firewall Management Center Software. Tracked as CVE-2025-20265, the vulnerability has a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to inject arbitrary shell commands executed by the device.
Microsoft Patch Tuesday, August 2025 Security Update Review
It’s the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft’s August 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, the August 2025 … Continue reading “Microsoft Patch Tuesday, August 2025 Security Update Review”
WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088)
WinRAR released a security patch to address a vulnerability allowing attackers to hijack user extraction processes and plant malicious files in unintended system locations. Tracked as CVE-2025-8088, the vulnerability has a high severity rating with a CVSS score of 8.4. Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET discovered and reported the vulnerability to … Continue reading “WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088)”