Vulnerabilities

Apple released security updates Tuesday fixing dozens of vulnerabilities, including CVE-2025-6558, a bug already exploited against Chrome users. Google patched this flaw in Chrome 138 last July after discovering active attacks targeting its graphics components. The vulnerability lets attackers escape browser sandboxes through malicious web pages.

Apple's updates cover iOS 18.6, macOS Sequoia 15.6, and other platforms, patching 87 CVEs in macOS alone. While there's no evidence Safari users were targeted, the flaw could crash the browser when visiting malicious sites. CISA previously flagged this as a critical threat requiring federal agencies to patch by August 12.

Source: Security Week

The Cybersecurity and Infrastructure Security Agency has added a cross-site request forgery vulnerability in PaperCut NG/MF print management software to its Known Exploited Vulnerabilities catalog. The flaw is currently being exploited by attackers in the wild.

CISA is requiring all federal agencies to patch their systems immediately to prevent potential security breaches. PaperCut NG/MF is widely used across government and enterprise environments for managing printing services, making this vulnerability particularly concerning for organizations running unpatched versions of the software.

Source: The Hacker News

CISA issued urgent security advisories Thursday covering vulnerabilities in devices from Honeywell, Medtronic, Mitsubishi, LG, and Network Thermostat that could allow attackers to execute malicious code or gain administrative access. The flaws affect critical infrastructure including manufacturing equipment, WiFi thermostats in commercial buildings, patient monitors, and security cameras.

Most concerning is a Network Thermostat vulnerability (CVE-2025-6260) with a 9.8 severity score that lets attackers reset credentials remotely. Medtronic's patient monitors contain three vulnerabilities requiring physical access, while Mitsubishi's manufacturing equipment faces DLL hijacking risks. Companies have released patches for most devices, though some older products won't receive fixes.

Source: Industrial Cyber

A Chinese cyberespionage group called Fire Ant has been targeting VMware and F5 vulnerabilities to breach supposedly secure, isolated networks. The hackers exploited critical flaws like CVE-2023-34048 in vCenter Server and CVE-2023-20867 in ESXi to gain complete control over virtualization infrastructure. They then used compromised systems as stepping stones to access guest virtual machines and tunnel between network segments that should've been separated.

Cybersecurity firm Sygnia found the group shows remarkable persistence, quickly adapting when defenders try to kick them out by deploying backup backdoors and changing tactics. The attack methods strongly resemble those used by another Chinese group, UNC3886.

Source: SecurityWeek

CISA has mandated that U.S. federal agencies urgently patch two critical Microsoft SharePoint vulnerabilities (CVE-2025-49706 and CVE-2025-49704) by July 23, following attacks by Chinese hackers. These flaws allow unauthorized access and remote code execution on SharePoint servers. Microsoft has released updates, urging all users to patch immediately.

Security experts warn of risks like data theft and persistent access. The directive underscores the persistent threat from APT groups, stressing the importance of swift patch management to protect government and critical infrastructure from cyber threats.

Source: The Hacker News