AI Vulnerability
-
Microsoft restricts Chinese firms’ access to vulnerability warnings amid SharePoint attacks
Microsoft has restricted certain Chinese firms from its vulnerability early warning program after concerns that data could be linked to a wave of SharePoint server attacks, sparking debate over governance and the global sharing of threat intelligence.
-
Apple patches zero-day CVE-2025-43300 after highly targeted attack, urges immediate updates
Apple has issued security updates for CVE-2025-43300, a zero-day flaw in Apple’s Image I/O framework that was exploited in a highly targeted attack; users are urged to install the latest iOS, iPadOS and macOS updates.
-
CISA and Microsoft Alert on High-Severity Vulnerability in Exchange Servers
Federal agencies are alerted to a significant vulnerability in Microsoft Exchange servers. An emergency directive from CISA requires immediate actions to mitigate risks following insights revealed at the Black Hat conference, highlighting the potential for exploitation by attackers.
-
Adobe Issues Critical Updates to Address Zero-Day Vulnerabilities in AEM Forms
Adobe has released emergency updates to address critical zero-day vulnerabilities in AEM Forms after researchers revealed proof-of-concept exploit chains that could lead to remote code execution.
-
Critical Vulnerabilities Found in Dahua Smart Camera Firmware
Researchers have discovered serious vulnerabilities in Dahua smart camera firmware, allowing potential remote takeovers of these devices. Security experts warn of the risks associated with exposed devices and urge users to update their firmware.
-
Apple Addresses Critical Safari Vulnerability with Software Update
Apple has released crucial updates to counteract a significant Safari vulnerability, classified as CVE-2025-6558, that may allow for exploits through crafted HTML content. The patch aims to protect users across multiple devices and systems.
-
Security Flaw Discovered in Gemini CLI Tool: Users Urged to Update
A serious security vulnerability in the Gemini CLI coding tool has been uncovered, enabling the execution of harmful commands on user devices. Users are urged to update to version 0.1.14 to mitigate risks.
-
Vulnerability in macOS Spotlight Exposes User Data
A vulnerability in macOS, known as CVE-2025-31199, has been revealed, allowing attackers to exploit Spotlight plugins to access protected user data, including sensitive files cached by Apple Intelligence. Apple has issued a patch to address the flaw.
-
National Nuclear Security Administration Targeted in SharePoint Vulnerability Attacks
The National Nuclear Security Administration has been hacked as part of a widespread campaign exploiting a Microsoft SharePoint vulnerability, with the potential breach of numerous government and private sector organizations. No sensitive information appears compromised, according to officials.
-
Critical Flaw in CrushFTP Exploited as Cybersecurity Concerns Grow
A critical security flaw in CrushFTP, CVE-2025-54309, is actively being exploited, raising concerns about risk exposure, especially in sensitive environments like government and healthcare. Experts emphasize immediate action for mitigation following the company’s alerts.
