All Apple users should update after company patches zero-day vulnerability in all platforms

Apple has released security updates for iPhones, iPads and Macs to fix a zero-day vulnerability a vulnerability which Apple was previously unaware of that is reportedly being used in targeted attacks. The updates cover: iOS 18.6.2 and iPadOS 18.6.2 iPhone XS and later, iPad Pro 13-inch, iPad Pro...

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 CVSS score: 8.8, resides in the ImageIO framework and could result...

Invitation Is All You Need! Promptware Attacks against LLM-Powered Assistants in Production Are Practical and Dangerous

The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware - maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of these applications. While prior research warned about a potential shift in the threat...

Linux Distros Unpatched Vulnerability : CVE-2019-11707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware ...

Linux Distros Unpatched Vulnerability : CVE-2019-17026

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild...

Emerson ValveLink Products 安全漏洞

Emerson ValveLink Products is a diagnostic software from Emerson USA. A security vulnerability exists in Emerson ValveLink Products, which stems from an inadequate protection mechanism that makes it susceptible to targeted attacks...

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 CVSS score: 8.1, has been described as a type confusion flaw in the V8 JavaScript and WebAssembly engine. "Type...

Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks

Russian hackers have bypassed Google's multi-factor authentication MFA in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group GTIG. The hackers pulled this off by posing as US Department of State officials in advanced social engineering attack...

CVE-2025-43200

This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed...

NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU

iVerify's NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals…...

Explainer-Guided Targeted Adversarial Attacks against Binary Code Similarity Detection Models

Binary code similarity detection BCSD serves as a fundamental technique for various software engineering tasks, e.g., vulnerability detection and classification. Attacks against such models have therefore drawn extensive attention, aiming at misleading the models to generate erroneous predictions...

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below - CVE-2025-21479...

CVE-2023-41332

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

GHSA-W9Q3-G4P5-5Q2R sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

Summary Users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo. PoC The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2...

CVE-2025-46718

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

About the security content of iOS 18.4.1 and iPadOS 18.4.1

About the security content of iOS 18.4.1 and iPadOS 18.4.1 This document describes the security content of iOS 18.4.1 and iPadOS 18.4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

About the security content of iOS 18.4.1 and iPadOS 18.4.1

About the security content of iOS 18.4.1 and iPadOS 18.4.1 This document describes the security content of iOS 18.4.1 and iPadOS 18.4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

CVE-2025-0279

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and...

CVE-2025-0279

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and...

CVE-2025-0279

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and...