Microsoft’s May 2025 Patch Tuesday rolls out critical security updates, addressing multiple vulnerabilities across Windows, Office, and other key products. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, May 2025 edition, Microsoft addressed 76 vulnerabilities. The updates include five critical and 66 important severity vulnerabilities. In this month’s … Continue reading “Microsoft Patch Tuesday, May 2025 Security Update Review”
Tag: CISA Known Exploitable Vulnerabilities Catalog
FreeType Out-of-Bounds Write Vulnerability Added to CISA Known Exploited Vulnerabilities Catalog (CVE-2025-27363)
Google released its May 2025 security updates for Android, addressing 45 security vulnerabilities. One of the 45 vulnerabilities is an actively exploited zero-click FreeType 2 code execution vulnerability. CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the flaw before May 27, 2025.
CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a critical severity vulnerability (CVE-2025-3248) impacting Langflow, a tool designed for building agentic AI workflows. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary system commands, leading to complete system compromise. CISA added the vulnerability to its Known Exploited … Continue reading “CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)”
Commvault Command Center Remote Code Execution Vulnerability (CVE-2025-34028)
A security researcher at watchTowr Labs discovered a critical vulnerability in Commvault Command Center that may allow an attacker to execute arbitrary code without authentication. Tracked as CVE-2025-34028, the vulnerability has a CVSS score of 9.0. CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities Catalog, urging users to patch it before May 23, 2025.
Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)
Apple and Google Threat Analysis Group discovered two security vulnerabilities impacting iOS devices. Tracked as CVE-2025-31200 and CVE-2025-31201, the vulnerabilities could allow an attacker to execute code. The Apple security advisory states that they are aware of a report that the vulnerabilities may have been exploited in an extremely sophisticated attack against specific targeted individuals on … Continue reading “Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)”
Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)
Ivanti released a security advisory to address a security flaw impacting Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways. Tracked as CVE-2025-22457, the vulnerability has a critical severity rating with a CVSS score of 9.0. Successful exploitation of the buffer overflow vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to critical … Continue reading “Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)”
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783)
Kaspersky researchers Boris Larin and Igor Kuznetsov discovered a high-severity vulnerability in Google Chrome. Tracked as CVE-2025-2783, the vulnerability is being exploited in the wild. This is the first actively exploited Chrome zero-day since the start of the year. Google has not released any technical information about the nature of the attacks. Some reports suggest the … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783)”
Apache Tomcat Remote Code Execution Vulnerability Exploited in the Wild (CVE-2025-24813)
Attackers started exploitation of Apache Tomcat vulnerability just 30 hours after its proof of concept was made public. Tracked as CVE-2025-24813, the vulnerability may allow an unauthorized attacker to view sensitive files or inject arbitrary content into those files utilizing a PUT request. The vulnerability originates from the use of a partial PUT used, a … Continue reading “Apache Tomcat Remote Code Execution Vulnerability Exploited in the Wild (CVE-2025-24813)”
Apple Addressed WebKit Zero-day Vulnerability Impacting iOS Devices (CVE-2025-24201)
Apple released fixes for an actively exploited vulnerability in attacks against iOS devices. Tracked as CVE-2025-24201, the vulnerability also affects macOS Sequoia and Safari web browser. The out-of-bounds write flaw exists in the WebKit browser engine. An attacker may exploit the vulnerability by maliciously crafted web content to break out of the Web Content sandbox. … Continue reading “Apple Addressed WebKit Zero-day Vulnerability Impacting iOS Devices (CVE-2025-24201)”
Microsoft Patch Tuesday, March 2025 Security Update Review
March 2025 Patch Tuesday is here, and Microsoft has rolled out critical security updates that address multiple vulnerabilities across its product suite. Here’s a quick breakdown of what you need to know. Microsoft Patch’s Tuesday, March 2025 edition addressed 67 vulnerabilities, including six critical and 51 important severity vulnerabilities. In this month’s updates, Microsoft has … Continue reading “Microsoft Patch Tuesday, March 2025 Security Update Review”