Vulnerabilities
-
Fortra patches critical GoAnywhere MFT flaw; admins urged to restrict internet exposure of Admin Console
Fortra has issued patches for a critical GoAnywhere MFT vulnerability (CVE-2025-10035) that could enable remote command injection via deserialization. The company urges administrators to secure Admin Console access and apply the latest updates, as Shadowserver tracks hundreds of GoAnywhere instances and exposure continues to be a concern.
-
Google patches Chrome zero-day exploited in the wild; updates rolled out across Windows, macOS and Linux
Google released security updates for Chrome to fix four vulnerabilities, including a zero-day exploited in the wild (CVE-2025-10585) in the V8 engine, with patches available for Windows, macOS and Linux and guidance to update across Chromium-based browsers.
-
WatchGuard patches critical remote-code vulnerability in Firebox firewalls (CVE-2025-9242)
WatchGuard issued patches for a critical remote-code execution flaw in Firebox firewalls (CVE-2025-9242) caused by an out-of-bounds write in the Fireware OS iked process, affecting several Fireware versions; admins are urged to patch or apply temporary mitigations.
-
Critical Chaos Mesh Flaws Could Allow Kubernetes Cluster Takeover; Patch Released
Cybersecurity researchers warned of four critical vulnerabilities in Chaos Mesh that could enable an in-cluster attacker to seize control of Kubernetes clusters, potentially exfiltrating data or disrupting services. Chaos Mesh issued a patch with version 2.7.3 and urges users to update or apply mitigations to limit exposure.
-
Self-propagating npm supply-chain attack hits at least 187 packages in ‘Shai-Hulud’ worm
Security researchers warn of a self-propagating supply-chain attack on npm that has compromised at least 187 packages in a campaign dubbed ‘Shai-Hulud.’ The worm begins with the widely used @ctrl/tinycolor package and spreads to other maintainers’ packages, using a bundle.js payload that leverages TruffleHog to exfiltrate secrets and forge GitHub Actions workflows.
-
FileFix: New Facebook security alert spoof hijacks victims into downloading StealC infostealer, researchers warn
Security researchers have uncovered a campaign dubbed FileFix that masquerades as a Facebook security alert to trick users into executing a malicious payload, culminating in the StealC infostealer. The operation, a variant of the ClickFix social-engineering technique, shows global reach, steganography-based delivery, and a Go-based loader that drops StealC v2, with researchers noting evolving infrastructure…
-
ETH Zurich researchers reveal Phoenix DDR5 Rowhammer defeats TRR, enabling privilege escalation on commodity systems
Researchers from ETH Zurich and Google have disclosed Phoenix, a DDR5 Rowhammer variant that bypasses TRR protections and enables privilege escalation on commodity systems within minutes, affecting most DDR5 modules produced between 2021 and 2024. The work includes a proof-of-concept showing root access and other exploits, and provides links to the technical paper and a…
-
Samsung patches critical CVE-2025-21043 Android vulnerability exploited in the wild
Samsung has issued a September 2025 security update to patch CVE-2025-21043, a critical remote code execution flaw in a Quramsoft image parsing library used on Android devices, underscoring the need for immediate patching across affected devices.
-
HybridPetya ransomware emerges with UEFI Secure Boot bypass, encrypts MFT and demands Bitcoin ransom
A new ransomware strain named HybridPetya has been identified by ESET, combining traits of Petya/NotPetya with a UEFI Secure Boot bypass. The threat encrypts the Master File Table on NTFS partitions via a bootkit installed on the EFI System Partition, and demands Bitcoin ransom while offering a decryption mechanism contingent on payment. Researchers warn that…
-
CISA Adds Critical CVE-2025-5086 in DELMIA Apriso to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2025-5086, a critical remote-code-execution flaw in DELMIA Apriso, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation emerged, prompting urgent patching across affected deployments.
