Oracle released a security advisory to address a critical zero-day vulnerability impacting the E-Business Suite. Tracked as CVE-2025-61882, the vulnerability has a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution. Security reports suggest the vulnerability is actively exploited in Clop data theft attacks.
Tag: CISA Known Exploitable Vulnerabilities Catalog
Cisco IOS and IOS XE Software Vulnerability Exploited in the Wild (CVE-2025-20352)
Cisco released a security advisory to address an actively exploited vulnerability, tracked as CVE-2025-20352, impacting Cisco IOS and IOS XE Software. Successful exploitation of the vulnerability may allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition. A high-privileged attacker may execute arbitrary code as the root user and … Continue reading “Cisco IOS and IOS XE Software Vulnerability Exploited in the Wild (CVE-2025-20352)”
GoAnywhere Managed File Transfer (MFT) Deserialization Vulnerability (CVE-2025-10035)
Fortra released security updates for a critical severity vulnerability impacting GoAnywhere MFT’s License Servlet. Tracked as CVE-2025-10035, the vulnerability has a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to achieve unauthenticated remote code execution. CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and … Continue reading “GoAnywhere Managed File Transfer (MFT) Deserialization Vulnerability (CVE-2025-10035)”
Another Zero-day Vulnerability impacting Google Chrome (CVE-2025-10585)
On Wednesday, Google rolled out security updates for a Chrome vulnerability actively exploited in the wild. Tracked as CVE-2025-10585, the vulnerability is a type confusion flaw in the V8 JavaScript and WebAssembly engine. Google Threat Analysis Group discovered and reported the vulnerability. CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and … Continue reading “Another Zero-day Vulnerability impacting Google Chrome (CVE-2025-10585)”
CISA Warns of Sitecore Experience Platform Zero-day Vulnerability (CVE-2025-53690)
Threat attackers exploit a zero-day vulnerability in Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) tracked as CVE-2025-53690. The vulnerability has a critical severity rating with a CVSS score of 9.0. Successful exploitation of the vulnerability may lead to remote code execution and unauthorized access to information. Mandiant Threat Defense identified active exploitation of … Continue reading “CISA Warns of Sitecore Experience Platform Zero-day Vulnerability (CVE-2025-53690)”
Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)
Apple has released updates to address a vulnerability that is being exploited in the wild. Tracked as CVE-2025-43300, the vulnerability impacts macOS Sequoia, macOS Ventura, macOS Sonoma, iOS, and iPadOS. CVE-2025-43300 is an out-of-bounds write flaw in Apple’s ImageIO framework. An attacker may exploit the vulnerability by processing a malicious image file, which could lead to … Continue reading “Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)”
WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088)
WinRAR released a security patch to address a vulnerability allowing attackers to hijack user extraction processes and plant malicious files in unintended system locations. Tracked as CVE-2025-8088, the vulnerability has a high severity rating with a CVSS score of 8.4. Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET discovered and reported the vulnerability to … Continue reading “WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088)”
Trend Micro Apex One (On-Prem) Zero-day Vulnerabilities Exploited in the Wild (CVE-2025-54948 & CVE-2025-54987)
Threat actors are exploiting two vulnerabilities impacting Trend Micro Apex One (on-prem) devices. Tracked as CVE-2025-54948 & CVE-2025-54987, the vulnerabilities may allow attackers to achieve remote code execution upon successful exploitation. Both vulnerabilities have a critical severity rating with a CVSS score of 9.4. Trend Micro mentioned in the advisory that they had observed at least … Continue reading “Trend Micro Apex One (On-Prem) Zero-day Vulnerabilities Exploited in the Wild (CVE-2025-54948 & CVE-2025-54987)”
PaperCut NG/MF Vulnerability added to CISA KEV and Active Exploitation (CVE-2023-2533)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity vulnerability to its Known Exploitable Vulnerabilities Catalog, urging users to patch it before August 18, 2025. Tracked as CVE-2023-2533, the vulnerability in PaperCut NG/MF may allow an attacker to alter security settings or execute arbitrary code.
Microsoft SharePoint Server Zero-day Vulnerability Exploited in the Wild (CVE-2025-53770)
Microsoft released patches for an actively exploited vulnerability impacting SharePoint Server. Tracked as CVE-2025-53770, the vulnerability was part of an “active, large-scale” exploitation campaign. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to critical data loss and possible system compromise. Viettel Cyber Security with Trend Zero Day … Continue reading “Microsoft SharePoint Server Zero-day Vulnerability Exploited in the Wild (CVE-2025-53770)”