All news with #security advisory tag

Prompt Injection Flaw in Anthropic Claude Desktop Exts

🔒Anthropic's official Claude Desktop extensions for Chrome, iMessage and Apple Notes were found vulnerable to web-based prompt injection that could enable remote code execution. Koi Security reported unsanitized command injection in the packaged Model Context Protocol (MCP) servers, which run unsandboxed on users' devices with full system permissions. Unlike browser extensions, these connectors can read files, execute commands and access credentials. Anthropic released a fix in v0.1.9, verified by Koi Security on September 19.

October Windows Updates Can Trigger BitLocker Recovery

🔒 Microsoft warned that installing Windows security updates released on or after October 14, 2025 can cause some systems to boot into BitLocker recovery, prompting users to enter their recovery key on first restart. The issue mainly affects Intel devices that support Connected Standby (Modern Standby) and occurs during restart or startup on Windows 11 24H2/25H2 and Windows 10 22H2. Microsoft says devices should boot normally after the key is entered and offers a Group Policy mitigation via Known Issue Rollback (KIR), with affected customers advised to contact Microsoft Support for Business.

Hackers Exploit Post SMTP Plugin to Hijack Admin Accounts

⚠️ WordPress sites using Post SMTP (≤3.6.0) are under active attack after disclosure of CVE-2025-11833, a critical (9.8) email log disclosure that lets unauthenticated actors read password-reset messages and hijack administrator accounts. A vendor patch, Post SMTP 3.6.1, was released Oct 29, but roughly 210,000 sites remain unpatched. Wordfence observed exploitation beginning Nov 1 and has blocked over 4,500 attempts; site owners should update or disable the plugin immediately.

Talos Discloses TruffleHog, Fade In, and BSAFE Flaws

🔒 Cisco Talos’ Vulnerability Discovery & Research team disclosed multiple vulnerabilities affecting TruffleHog, Fade In, and Dell BSAFE Crypto-C, including arbitrary code execution, out-of-bounds write/use-after-free, and integer/stack overflow issues. The issues were reported by Talos researchers and external collaborators and vendors have issued patches following Cisco’s disclosure policy. Users should apply vendor updates, deploy updated detection rules such as Snort signatures, and consult Talos advisories for indicators and recommended mitigations.

Critical React Native CLI Flaw Enables Remote OS Commands

⚠ A critical vulnerability in the @react-native-community/cli ecosystem could let remote, unauthenticated attackers execute arbitrary OS commands on machines running the React Native development server. JFrog researcher Or Peles reported that the Metro dev server binds to external interfaces by default and exposes a vulnerable /open-url endpoint that passes user input to the unsafe open() call. The flaw (CVE-2025-11953, CVSS 9.8) affected versions 4.8.0–20.0.0-alpha.2 and is fixed in 20.0.0.

Microsoft Teams Bugs Enable Message and Caller Spoofing

🔒 Check Point researchers disclosed four vulnerabilities in Microsoft Teams that let attackers alter message content, spoof senders, and manipulate notifications to impersonate colleagues. The issues were reported in March 2024 and remediated across multiple updates beginning with an August 2024 fix for CVE-2024-38197, followed by patches in September 2024 and October 2025. Exploitable by external guests and internal actors alike, the flaws could trick users into clicking malicious links, sharing sensitive data, or accepting fraudulent calls by making messages and caller notifications appear to originate from trusted executives or coworkers.

Windows 10 update bug shows incorrect end-of-support alerts

⚠️Microsoft says installing the October 2025 updates can cause some Windows 10 systems with active coverage to display an incorrect "Your version of Windows has reached the end of support" message in Windows Update settings. The cosmetic issue affects Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, and Windows 10 22H2 devices enrolled in ESU. Microsoft has deployed a cloud configuration update to correct the message automatically, but devices that are offline or block dynamic updates may not receive it. Administrators can use Known Issue Rollback (KIR) by setting the KB5066791 251020_20401 value to Disabled to remove the alert on managed systems until a permanent fix ships in a future Windows update.

Microsoft Teams Vulnerabilities Expose Trust Abuse Today

🔒 Check Point Research identified multiple vulnerabilities in Microsoft Teams that could let attackers impersonate executives, manipulate message content, and spoof in-app notifications. The flaws exploit trust mechanisms built into real-time collaboration features used by more than 320 million monthly active users, turning expectations of authenticity into an attack vector. Researchers emphasize that trust alone isn’t a security strategy and urge rapid remediation by vendors and mitigations by organizations. Administrators should prioritize updates, review messaging policies, and increase user awareness to reduce exposure.

CISA Adds Two Vulnerabilities to KEV Catalog — Nov 2025

🔔 CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-11371 affecting Gladinet CentreStack and Triofox (files or directories exposed to external parties), and CVE-2025-48703 affecting CWP Control Web Panel (OS command injection). These entries reflect evidence of active exploitation and elevated risk. CISA urges timely remediation under BOD 22-01 and recommends organizations prioritize patching, mitigations, and compensating controls.

Radiometrics VizAir: Critical Authentication Flaws

⚠️ CISA warns that Radiometrics VizAir systems (versions prior to 08/2025) contain multiple critical vulnerabilities — including missing authentication for admin functions and an exposed REST API key — assigned CVE-2025-61945, CVE-2025-54863, and CVE-2025-61956 and rated CVSS v4 10.0. Remote attackers could alter weather parameters, disable alerts, manipulate runway settings, and extract sensitive meteorological data, potentially disrupting airport operations. Radiometrics has deployed updates to affected systems; CISA recommends minimizing network exposure, isolating control networks, and using secure remote access methods.

CISA Releases Five Industrial Control Systems Advisories

🔔 CISA released five Industrial Control Systems (ICS) advisories on November 4, 2025, providing timely information on vulnerabilities, impacts, and mitigations for affected products. The advisories address Fuji Electric Monitouch V-SFT-6, Survision License Plate Recognition Camera, Delta Electronics CNCSoft-G2, Radiometrics VizAir, and IDIS ICM Viewer. Users and administrators are urged to review the technical details and implement recommended mitigations and compensating controls to reduce exposure and protect operational systems.

CISA: Survision LPR Camera Missing Authentication Flaw

⚠️ Survision's License Plate Recognition (LPR) Camera contains a missing authentication for critical function, allowing unauthenticated access to the configuration wizard. The issue affects all versions and is tracked as CVE-2025-12108 with a CVSS v4 base score of 9.3 and a CVSS v3.1 score of 9.8, indicating remote, low-complexity exploitation with high impact. Survision released firmware v3.5 to address the vulnerability and recommends enabling configuration passwords, defining minimal-right user roles, and enforcing client certificate authentication where possible.

IDIS ICM Viewer Argument Injection Vulnerability Reported

🔒 An argument injection vulnerability (CWE-88) in ICM Viewer v1.6.0.10 (CVE-2025-12556) could allow remote attackers to execute arbitrary code on the host system. CISA assigns a CVSS v3 score of 8.8 and a CVSS v4 score of 8.7, noting remote exploitability with low attack complexity and limited privileges required. IDIS requires immediate upgrade to v1.7.1 or uninstallation; Claroty Team82 researchers reported the issue and CISA reports no known public exploitation to date.

Fuji Electric Monitouch V-SFT-6 Buffer Overflow Advisory

⚠️ Fuji Electric Monitouch V-SFT-6 (v6.2.7.0) contains two buffer overflow vulnerabilities — a heap-based and a stack-based overflow — triggered by specially crafted project files. Identified as CVE-2025-54496 and CVE-2025-54526, both carry CVSS v3.1 scores of 7.8 and CVSS v4 scores of 8.4. Successful exploitation could crash the HMI and may permit code execution; the vendor issued fixes in V6.2.8.0 and recommends updating to V6.2.9.0 or later.

Delta Electronics CNCSoft-G2 Stack Overflow Advisory

⚠️ Delta Electronics and CISA warn of a stack-based buffer overflow in CNCSoft-G2 (CVE-2025-58317) affecting versions 2.1.0.27 and earlier. When a user opens a specially crafted file, an attacker could execute arbitrary code in the context of the affected process; the vulnerability received a CVSS v4 base score of 8.5 and is characterized by low attack complexity. Delta recommends updating to Version 2.1.0.34 or later. CISA advises minimizing network exposure for control systems, isolating control networks, and using secure remote access methods.

Google AI 'Big Sleep' Finds Five WebKit Flaws in Safari

🔒 Google’s AI agent Big Sleep reported five vulnerabilities in Apple’s WebKit used by Safari, including a buffer overflow, two memory-corruption issues, an unspecified crash flaw, and a use-after-free (CVE-2025-43429 through CVE-2025-43434). Apple issued patches across iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1 and Safari 26.1. Users are advised to install the updates promptly to mitigate crash and memory-corruption risks.

Critical Auth Bypass in JobMonster WordPress Theme Attack

🔒 Threat actors are actively exploiting a critical authentication bypass in the JobMonster WordPress theme (CVE-2025-5397) that can lead to administrator account takeover under specific conditions. The flaw affects all versions up to 4.8.1 and is caused by the theme's check_login() function trusting external social login data without proper verification. To succeed, attackers typically need social login enabled and knowledge of an admin username or email. The issue is fixed in 4.8.2; immediate mitigations include upgrading, disabling social login, enabling two‑factor authentication, rotating credentials, and reviewing access logs.

CISA, NSA and Partners Issue Exchange Server Best Practices

🔐 CISA, the NSA and international partners have published the Microsoft Exchange Server Security Best Practices to help organisations reduce exposure to attacks against hybrid and on‑premises Exchange deployments. The guidance reinforces Emergency Directive 25-02 and prioritises restricting administrative access, enforcing multi‑factor and modern authentication, tightening TLS and transport security, and applying Microsoft's Exchange Emergency Mitigation service. It also urges migration from unsupported or end‑of‑life systems and recommends use of secure baselines such as CISA's SCuBA. Agencies stress ongoing collaboration and a prevention-focused posture despite political and operational challenges.

OpenAI Aardvark: Autonomous GPT-5 Agent for Code Security

🛡️ OpenAI Aardvark is an autonomous GPT-5-based agent that scans, analyzes and patches code by emulating a human security researcher. Rather than only flagging suspicious patterns, it maps repositories, builds contextual threat models, validates findings in sandboxes and proposes fixes via Codex, then rechecks changes to prevent regressions. OpenAI reports it found 92% of benchmark vulnerabilities and has already identified real issues in open-source projects, offering free coordinated scanning for selected non-commercial repositories.

GDI Vulnerabilities in Windows Enable RCE and Data Leak

🔒 Microsoft has issued updates to address three previously unknown flaws in the Windows Graphics Device Interface (GDI) that could permit remote code execution and information disclosure. The issues, rooted in malformed EMF/EMF+ records, cause out-of-bounds memory access in GdiPlus.dll and gdi32full.dll during image rendering, thumbnailing and print initialization. Patches were released across the May, July and August 2025 Patch Tuesdays (KB5058411, KB5062553, KB5063878); administrators should apply updates promptly and avoid opening untrusted EMF files.