Vulnerabilities

Security researcher "Ynwarcs" has published proof-of-concept exploit code for CVE-2024-38063, a critical zero-click vulnerability affecting all Windows systems with IPv6 enabled. Originally discovered by XiaoWei of Kunlun Lab, this remote code execution flaw targets Windows 10, Windows 11, and Windows Server without requiring any user interaction.

The exploit code is now available on GitHub for researchers to study, but this also increases the risk of malicious actors exploiting the vulnerability. Microsoft is urging users to install the latest security updates immediately to protect against potential attacks. Organizations should prioritize patching and monitor for unusual IPv6 packet activity.

Source: Dark Reading

Attaullah Baig, WhatsApp's former head of security, filed a federal lawsuit Monday claiming Meta endangered billions of users by ignoring critical cybersecurity flaws. Baig alleges 1,500 engineers had unrestricted access to user data without oversight, potentially violating a 2020 government order that cost Meta $5 billion.

The 115-page complaint details how over 100,000 accounts were hacked daily while executives prioritized growth over security fixes. Baig says he repeatedly warned senior leadership, including CEO Mark Zuckerberg, that engineers could steal user data "without detection."

Meta dismissed the claims as "distorted" and said Baig was fired for poor performance, not retaliation. The case adds pressure on Meta's data practices across its platforms serving billions globally.

Source: The Guardian

Salesloft disclosed that hackers gained access to its GitHub account as early as March, leading to a massive supply-chain attack that compromised hundreds of organizations in August. The threat group, tracked as UNC6395 by Google, spent months lurking in Salesloft's systems before accessing Drift's AWS environment and stealing OAuth tokens to infiltrate customer data.

The company took Drift offline Friday and rotated security credentials, but many questions remain unanswered. Salesloft hasn't explained how attackers initially accessed GitHub or obtained the OAuth tokens. Security analysts criticize the company's lack of transparency, with some suggesting Drift's reputation may be permanently damaged by the breach.

Source: CyberScoop

A critical zero-day vulnerability in Sitecore (CVE-2025-53690) is being actively exploited by attackers using exposed machine keys from old documentation. The flaw affects Sitecore Experience Manager, Platform, and Commerce products through ViewState deserialization attacks.

Mandiant discovered attackers leveraging sample machine keys that Sitecore included in deployment guides from 2017 and earlier to execute remote code on servers. This continues a troubling trend of ViewState attacks in 2024, including breaches at ConnectWise and vulnerabilities in Microsoft SharePoint.

While these attacks appear unrelated, they highlight a persistent problem: organizations using default or sample keys instead of generating secure ones. Sitecore urges customers to rotate machine keys, encrypt web.config files, and monitor for suspicious activity targeting the /sitecore/blocked.aspx page.

Source: Dark Reading

IBM disclosed a serious blind SQL injection vulnerability (CVE-2025-0165) in its Watsonx Orchestrate Cartridge for Cloud Pak Data, earning a 7.6 CVSS score. The flaw stems from improper input sanitization, allowing attackers with low-level access to inject malicious SQL commands through exposed API endpoints.

Attackers could potentially read confidential data, modify user permissions, delete critical information, or insert malicious entries into backend databases. The vulnerability affects versions 4.8.4-4.8.5 and 5.0.0-5.2.

IBM urges immediate upgrades to version 5.2.0.1, which includes strict input validation and parameterized queries. No workarounds exist, making prompt patching essential for protecting AI-driven workflows.

Source: Cyber Security News

Citrix is dealing with another security crisis as attackers actively exploit a zero-day vulnerability in its NetScaler products. The critical flaw, CVE-2025-7775, scores 9.2 out of 10 on the severity scale and allows remote attackers to hijack systems or crash them without needing credentials.

The vulnerability affects NetScaler ADC and Gateway devices used by organizations for secure remote access. Two additional flaws were also disclosed, bringing the total to three new security holes. What's particularly concerning is that nearly 20% of NetScaler devices run on unsupported, end-of-life versions that can't be patched.

This marks yet another blow for Citrix, whose NetScaler products have become a favorite target for cybercriminals. The US government currently lists 10 NetScaler vulnerabilities in its catalog of actively exploited flaws, with six discovered in just the past two years.

Source: Dark Reading

Security researcher Felix Boulet discovered a critical vulnerability in Docker Desktop that allows hackers to escape container isolation and gain complete control of Windows systems. The flaw, rated 9.3 out of 10 in severity, requires just two simple HTTP requests from any running container to exploit.

Attackers can mount the entire C: drive into a privileged container, essentially giving them full access to the host system. The vulnerability works regardless of security settings and affects both Windows and macOS systems, though Linux remains unaffected.

Docker has released a patch in version 4.44.3. Users should update immediately to protect their systems from potential attacks.

Source: Cybernews

Researchers at Adversa AI discovered a major flaw in GPT-5's internal routing system that creates serious security risks. When users ask GPT-5 questions, an internal router decides which model actually responds – it might be GPT-5 Pro, but could equally be older versions like GPT-3.5 or GPT-4o.

Hackers can manipulate this router using specific trigger phrases, forcing queries to weaker, less secure models that are easier to jailbreak. This "PROMISQROUTE" vulnerability means GPT-5 is only as secure as its weakest predecessor.

While the routing saves costs and improves speed, it allows old jailbreaks to work again by targeting vulnerable older models instead of GPT-5's stronger safeguards.

Source: Security Week

China is demanding Nvidia prove its H20 AI chips don't contain backdoors or security flaws, escalating tensions in the global chip trade. Chinese state media warned that backdoor risks could become Nvidia's "self-dug grave," potentially driving away customers worldwide who fear remote shutdowns or data theft.

This comes after the Trump administration recently allowed less sophisticated AI chip exports to China with a 15% fee, reversing stricter 2022 restrictions. Nvidia's chief security officer firmly denied any backdoors exist in their chips, calling such claims harmful to global digital infrastructure.

The dispute reflects deeper US-China tensions over AI technology and national security, with China working to build its own chip ecosystem while reportedly obtaining 140,000 AI chips despite previous US bans.

Source: Dark Reading

Microsoft's August 2025 Patch Tuesday addresses 111 vulnerabilities, with 44 elevation-of-privilege (EoP) flaws that let attackers escalate from initial access to full system control. The update marks the second consecutive month with no actively exploited bugs.

Key concerns include a maximum-severity Azure OpenAI vulnerability (already mitigated by Microsoft), the publicly known "BadSuccessor" Windows Kerberos flaw, and four critical SQL Server bugs enabling injection attacks. The patch also fixes 34 remote code execution vulnerabilities and 16 information disclosure issues.

Security researchers highlight two near-maximum severity flaws: CVE-2025-50165 in Windows Graphics and CVE-2025-53766 in GDI+, both exploitable without user interaction. Organizations should prioritize patching SharePoint, SQL Server, and graphics-related vulnerabilities immediately.

Source: Dark Reading