All news with #patch tag

CISA Adds Two Vulnerabilities to KEV Catalog (Sept 2025)

⚠️ CISA added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog: CVE-2020-24363 affecting the TP-Link TL-WA855RE (missing authentication for a critical function) and CVE-2025-55177 affecting Meta Platforms' WhatsApp (incorrect authorization). These entries reflect evidence of active exploitation and significant risk to federal networks. Under BOD 22-01, FCEB agencies must remediate listed KEVs by the specified due dates. CISA urges all organizations to prioritize timely remediation.

Silver Fox Abuses Signed WatchDog Driver to Disable AV

🚨 Check Point attributes a BYOVD campaign to the Silver Fox actor that leverages a Microsoft-signed WatchDog kernel driver (amsdk.sys v1.0.600) to neutralize endpoint defenses. The operation uses a dual-driver approach—an older Zemana-based driver on Windows 7 and the WatchDog driver on Windows 10/11—to terminate processes and escalate privileges. An all-in-one loader bundles anti-analysis checks, embedded drivers, AV-killer logic, and a ValleyRAT downloader to establish persistent remote access.

Critical SQLi in Paid Memberships Subscriptions Plugin

🔒 A critical unauthenticated SQL injection vulnerability (CVE-2025-49870) was discovered in the WordPress Paid Memberships Subscriptions plugin affecting versions up to 2.15.1, used by over 10,000 sites. Patchstack Alliance researcher ChuongVN reported the flaw, which stems from unsafe handling of PayPal IPN payment IDs. The vendor released 2.15.2 to enforce numeric validation of payment IDs, adopt prepared statements and strengthen input handling; administrators should update immediately.

Weekly Recap: WhatsApp 0-Day, Docker Bug, Breaches

🚨 This weekly recap highlights multiple cross-cutting incidents, from an actively exploited WhatsApp 0‑day to a critical Docker Desktop bug and a Salesforce data-exfiltration campaign. It shows how attackers combine stolen OAuth tokens, unpatched software, and deceptive web content to escalate access. Vendors issued patches and advisories for numerous CVEs; defenders should prioritize patching, token hygiene, and targeted monitoring. Practical steps include auditing MCP integrations, enforcing zero-trust controls, and hunting for chained compromises.

WhatsApp Patches Zero-Click Zero-Day Exploit in iOS

🔒 WhatsApp has patched a critical zero-day (CVE-2025-55177) affecting linked-device synchronization that could allow processing of content from an arbitrary URL on a target device. The vendor says the flaw, when combined with an Apple OS-level out-of-bounds write (CVE-2025-43300), may have been exploited in a targeted, sophisticated zero-click attack. Apple patched the related OS issue on August 20. Users should apply the updated WhatsApp and WhatsApp Business iOS and Mac clients immediately.

BSI Urges Users to Assess Outage Risks in Digital Products

🔒 The German Federal Office for Information Security (BSI) recommends that consumers consider potential outage risks when selecting digital products and services. Users should evaluate how manufacturers handle security incidents, what happens to personal or family data, and whether vendors have a solid security reputation or trustworthy seals. The BSI also advises checking published information about incidents, remediation measures and contact options. Given the end of free Windows 10 updates from October 14, the agency urges timely upgrades or migration to alternatives such as macOS or Linux to help preserve confidentiality, integrity and availability.

WhatsApp Emergency Update Fixes Zero-Click iOS/macOS Bug

🔒 WhatsApp has issued emergency updates for iOS and macOS to fix CVE-2025-55177, a high-severity authorization flaw that may have been exploited alongside an Apple ImageIO zero-day (CVE-2025-43300). The bug could allow processing of content from an arbitrary URL on a target device and affects specific iOS, Business iOS, and Mac app versions. Users are urged to update immediately; confirmed targets were advised to perform a full factory reset.

Windows 11 KB5064081 Clarifies Task Manager CPU Metrics

🔧 Microsoft published the optional KB5064081 preview cumulative update for Windows 11 24H2, moving affected systems to build 26100.5074 and rolling out thirty-six new features and fixes. The update standardizes CPU reporting in Task Manager so the Processes tab now uses the same calculation as Performance and Users: (Δ Process CPU Time) ÷ (Δ Elapsed Time × Logical Processors), making metrics consistent and aligning them with third‑party monitors. Users who want the legacy view can enable an optional CPU Utility column in the Details tab. The release also bundles UI, File Explorer, Taskbar, Windows Hello, backup, and numerous bug fixes, while Microsoft lists two known issues (CertEnroll errors and NDI streaming lag).

Microsoft Fixes Bug Causing Certificate Enrollment Errors

🔧 Microsoft has addressed a known issue that produced false CertificateServicesClient (CertEnroll) error events after the July 2025 non-security preview (KB5062660) and subsequent Windows 11 24H2 updates. The events referenced the Microsoft Pluton Cryptographic Provider not being loaded but were benign and caused by a partially integrated feature still under development. The fix is rolling out automatically and requires no user action.

Sitecore Vulnerabilities Enable Cache Poisoning to RCE

🔒 Three vulnerabilities affecting the Sitecore Experience Platform can be chained to escalate from HTML cache poisoning to remote code execution. Researchers describe a pre-auth HTML cache reflection (CVE-2025-53693) combined with an insecure deserialization RCE (CVE-2025-53691) and an ItemService API information-disclosure bug (CVE-2025-53694) that permits cache key enumeration and poisoned HTML injection. Sitecore issued patches in June and July 2025; administrators should apply updates, restrict ItemService exposure to trusted networks, and consider WAF rules and other mitigations to reduce the chaining risk.

Microsoft: August KB5063878 not tied to SSD failures

🔍 Microsoft says its August 2025 security update, KB5063878, is not connected to recent reports of SSD and HDD failures. After internal testing and telemetry analysis, Redmond said it could not reproduce the corruption or drive losses and found no increase in disk failures following the Windows 11 24H2 update. Microsoft is working with storage partners and controller vendors and will continue to monitor customer feedback while investigating any new reports.

Click Studios Patches Passwordstate Authentication Bypass

🔒 Click Studios released Passwordstate 9.9 (Build 9972) on August 28, 2025, to remediate a high-severity authentication bypass that could be triggered via a carefully crafted URL against the product's Emergency Access page. The update also introduces enhanced safeguards in the web interface and browser extension to mitigate DOM-based clickjacking attacks. The company noted that no CVE has been assigned yet and emphasized that customers should apply the update promptly. Passwordstate is used by thousands of organizations globally, increasing the urgency of patching.

Critical FreePBX Zero-Day Under Active Exploitation

🚨 The Sangoma FreePBX project has issued an advisory for an actively exploited zero-day (CVE-2025-57819) that allows unauthenticated access to the Administrator control panel, enabling arbitrary database manipulation and remote code execution. The flaw stems from insufficiently sanitized user input in the commercial endpoint module and impacts FreePBX 15, 16, and 17 prior to their listed patched releases. Administrators should apply the emergency updates immediately, restrict public ACP access, and scan for indicators of compromise.

Amazon RDS Custom Adds New GDRs for SQL Server 2019/2022

🔔 Amazon RDS Custom for SQL Server now supports new General Distribution Releases for Microsoft SQL Server 2019 (RDS version 15.00.4435.7.v1) and 2022 (RDS version 16.00.4200.1.v1). The new GDRs address vulnerabilities tracked as CVE-2025-49717, CVE-2025-49718, and CVE-2025-49719 and correspond to Microsoft's KB5058722 and KB5058721 release notes. AWS recommends upgrading affected Amazon RDS Custom for SQL Server instances using the Amazon RDS Management Console, or programmatically via the AWS SDK or CLI, and consulting the Amazon RDS Custom User Guide for upgrade procedures.

CISA Publishes Nine ICS Advisories on August 28, 2025

🔔 On August 28, 2025, CISA released nine Industrial Control Systems (ICS) advisories that detail vulnerabilities, impacts, and recommended mitigations for multiple vendors and product families. The advisories cover Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, and Hitachi Energy, and include several updates to prior notices. Operators and administrators are encouraged to review each advisory for affected versions, vendor patches, and configuration mitigations, and to prioritize remediation and monitoring to reduce operational risk.

GE Vernova CIMPLICITY: Uncontrolled Search Path Element Risk

⚠️ GE Vernova's CIMPLICITY HMI/SCADA software is affected by an Uncontrolled Search Path Element vulnerability (CVE-2025-7719) in versions 2024, 2023, 2022, and 11.0. CISA reports this flaw could enable a low-privileged local attacker to escalate privileges; a CVSS v4 score of 7.0 and a CVSS v3.1 score of 7.8 were calculated. The issue is not remotely exploitable and no public exploitation has been reported; GE Vernova recommends upgrading to CIMPLICITY 2024 SIM 4 and following the Secure Deployment Guide while CISA advises network isolation and secure remote access.

Delta Electronics COMMGR: Remote Code Execution Risks

⚠️ Delta Electronics has identified two critical vulnerabilities in COMMGR (v2.9.0 and earlier) — a stack-based buffer overflow (CVE-2025-53418) and a code injection flaw (CVE-2025-53419) — that can enable arbitrary code execution via crafted .isp files. Delta and CISA rate the combined risk as high (CISA lists CVSS v4 8.8) and recommend upgrading to v2.10.0 or later. Additional mitigations include network segmentation, limiting Internet exposure, and using secure remote access methods. CISA reports no known public exploitation at this time.

Schneider Electric Saitel RTU Privilege Escalation Advisory

⚠ Schneider Electric disclosed an improper privilege management vulnerability (CVE-2025-8453, CVSS 6.7) affecting Saitel DR and Saitel DP Remote Terminal Units that could allow an authenticated privileged engineer with console access to escalate privileges and potentially execute arbitrary code. Schneider released HUe firmware 11.06.30 for Saitel DR to remediate the issue; a remediation plan for Saitel DP is pending. CISA notes the vulnerability is not remotely exploitable and recommends limiting physical and console access, enforcing root ownership and restrictive permissions on configuration files, and following ICS defensive guidance.

Delta Electronics CNCSoft-G2: Out-of-Bounds Write Advisory

⚠️ Delta Electronics disclosed an CNCSoft-G2 out‑of‑bounds write vulnerability (CVE-2025-47728) in DPAX file parsing that can cause memory corruption and enable arbitrary code execution in the affected process. CISA assigns a CVSS v4 base score of 8.5 and notes low attack complexity but requires user interaction such as opening a malicious file or visiting a malicious page. Affected versions include v2.1.0.20 and earlier; Delta recommends updating to v2.1.0.27 or later per advisory Delta-PCSA-2025-00007. CISA advises applying the update, isolating control systems, avoiding untrusted attachments, and following ICS recommended practices; no public exploitation has been reported to date.

Chinese Tech Firms Linked to Salt Typhoon Espionage

🔍 A joint advisory from the UK, US and allied partners attributes widespread cyber-espionage operations to the Chinese APT group Salt Typhoon and alleges assistance from commercial vendors that supplied "cyber-related products and services." The report names Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology. It warns attackers exploited known vulnerabilities in edge devices to access routers and trusted provider connections, and urges immediate patching, proactive hunting using supplied IoCs, and regular review of device logs.