Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, June 2025 edition, Microsoft addressed 69 vulnerabilities. The updates include 10 critical and 57 important severity vulnerabilities. In this … Continue reading “Microsoft Patch Tuesday, June 2025 Security Update Review”
Tag: CISA Known Exploitable Vulnerabilities Catalog
ConnectWise ScreenConnect Command Injection Vulnerability Added to CISA KEV (CVE-2025-3935)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a high-severity vulnerability impacting ConnectWise ScreenConnect, tracked as CVE-2025-3935. Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code remotely or directly impact confidential data, leading to complete system compromise.
Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)
Clement Lecigne and Benoît Sevens of Google Threat Analysis Group discovered a high-severity vulnerability impacting the Chrome browser. Tracked as CVE-2025-5419, this is an out-of-bounds read and write vulnerability in V8. Google mentioned in the advisory that they are aware of the active exploitation of vulnerability in the wild. Google addressed the vulnerability with a … Continue reading “Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)”
CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)
Ivanti released security updates to address two high security vulnerabilities impacting its Endpoint Manager Mobile (EPMM). Tracked as CVE-2025-4427 and CVE-2025-4428, the vulnerabilities are being exploited in the wild. The advisory states, “When chained together, successful exploitation could lead to unauthenticated remote code execution.” CISA added the CVEs to its Known Exploited Vulnerabilities Catalog and … Continue reading “CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)”
Google Releases Fix for Zero-day Vulnerability in Chrome (CVE-2025-4664)
Google released a security advisory to address a zero-day vulnerability tracked as CVE-2025-4664. CVE-2025-4664 is an insufficient policy enforcement in Loader. The vulnerability could allow attackers to bypass security policies within Chrome’s Loader logic, potentially leading to unauthorized code execution or sandbox escape. Google mentioned in the advisory that they are aware of the reports … Continue reading “Google Releases Fix for Zero-day Vulnerability in Chrome (CVE-2025-4664)”
Fortinet Addresses Code Execution Vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder & FortiCamera (CVE-2025-32756)
Fortinet released a security advisory to address a critical severity vulnerability impacting FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. Tracked as CVE-2025-32756, the vulnerability has a CVSS score of 9.6. A remote unauthenticated attacker may exploit the stack-based overflow vulnerability to execute arbitrary code or commands via crafted HTTP requests.
Microsoft Patch Tuesday, May 2025 Security Update Review
Microsoft’s May 2025 Patch Tuesday rolls out critical security updates, addressing multiple vulnerabilities across Windows, Office, and other key products. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, May 2025 edition, Microsoft addressed 76 vulnerabilities. The updates include five critical and 66 important severity vulnerabilities. In this month’s … Continue reading “Microsoft Patch Tuesday, May 2025 Security Update Review”
FreeType Out-of-Bounds Write Vulnerability Added to CISA Known Exploited Vulnerabilities Catalog (CVE-2025-27363)
Google released its May 2025 security updates for Android, addressing 45 security vulnerabilities. One of the 45 vulnerabilities is an actively exploited zero-click FreeType 2 code execution vulnerability. CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the flaw before May 27, 2025.
CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a critical severity vulnerability (CVE-2025-3248) impacting Langflow, a tool designed for building agentic AI workflows. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary system commands, leading to complete system compromise. CISA added the vulnerability to its Known Exploited … Continue reading “CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)”
Commvault Command Center Remote Code Execution Vulnerability (CVE-2025-34028)
A security researcher at watchTowr Labs discovered a critical vulnerability in Commvault Command Center that may allow an attacker to execute arbitrary code without authentication. Tracked as CVE-2025-34028, the vulnerability has a CVSS score of 9.0. CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities Catalog, urging users to patch it before May 23, 2025.
