Tuesday , June 23 2026
exploited

20 Top Most Exploited Vulns of 2025

infosecbulletin Saturday , December 13 2025 Vulnerabilities

In 2025, many CVEs were exploited, averaging a CVSS severity rating of 8.5, with two hitting the maximum of 10.0, highlighting their critical importance.

Most Exploited Vulnerabilities of 2025:

LastPass says hackers stole customer data via Klue, supply chain breach

By infosecbulletin / Tuesday , June 23 2026
LastPass has reported a security issue with its vendor, Klue. This incident allowed an attacker unauthorized access to customer data....
Read More
LastPass says hackers stole customer data via Klue, supply chain breach

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

By infosecbulletin / Tuesday , June 23 2026
Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can get around main boot protections...
Read More
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record

By infosecbulletin / Tuesday , June 23 2026
A cyber attack seems to have affected one of India's top electronics companies. Tata Electronics has said there was a...
Read More
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record

Anthropic’s Mythos reportedly broke NSA classified systems in hours

By infosecbulletin / Monday , June 22 2026
The recent finding shows how powerful Mythos is: the AI can access the US government's secret networks in just a...
Read More
Anthropic’s Mythos reportedly broke NSA classified systems in hours

OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment

By infosecbulletin / Monday , June 22 2026
Test before going live is important for AI developers. But there's a problem: testing usually uses fake scenarios that often...
Read More
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment

AryStinger botnet infected thousands of D-Link routers globally

By infosecbulletin / Sunday , June 21 2026
AryStinger has taken control of over 4,000 old D-Link routers to use them as proxies for harmful traffic. The team...
Read More
AryStinger botnet infected thousands of D-Link routers globally

Hacker suspected of sending alerts across Brazil

By infosecbulletin / Sunday , June 21 2026
Brazil's government suspects a hacking attack triggered an unauthorized ‌alert sent to cell phones across parts of the country early...
Read More
Hacker suspected of sending alerts across Brazil

CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT

By infosecbulletin / Sunday , June 21 2026
A new open-source cybersecurity tool named CyberSentinel AI v3.0 has come out. It is an important step in self-operated security...
Read More
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT

Barracuda hosts Dhaka roundtable on cyber resilience

By infosecbulletin / Saturday , June 20 2026
Barracuda gathered industry people in Dhaka on 18 June 2026 for a roundtable talk about cyber resilience. The company shared...
Read More
Barracuda hosts Dhaka roundtable on cyber resilience

CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices

By infosecbulletin / Saturday , June 20 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) asked Fortinet users with FortiGate devices on Thursday to act to protect...
Read More
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices

CVE-2025-55182: React2Shell
CVE-2025-32433: Erlang/OTP SSH Zero-Day Crisis
CVE-2025-59287: Microsoft WSUS Deserialization Vulnerability
CVE-2025-62221: Windows Cloud Files Driver Zero-Day
CVE-2025-62215: Windows Kernel Race Condition Zero-Day
CVE-2025-48572 and CVE-2025-48633: Android Framework Zero-Days
CVE-2025-5777: CitrixBleed 2
CVE-2025-20333 and CVE-2025-20362: Cisco Firewall Exploitation Chain
CVE-2025-9242: WatchGuard Firebox Out-of-Bounds Catastrophe
CVE-2025-6218: WinRAR Path Traversal Exploitation
CVE-2025-48384: Git Arbitrary File Write Vulnerability
CVE-2025-12480: Gladinet Triofox Improper Access Control
CVE-2025-32463: Sudo Privilege Escalation via Chroot
CVE-2025-4664: Chrome Cross-Origin Data Leak
CVE-2025-10585: Chrome V8 Type Confusion Zero-Day
CVE-2025-5086: DELMIA Apriso Deserialization Catastrophe
CVE-2025-41244: VMware Privilege Escalation by State Actors
CVE-2025-53690: Sitecore Deserialization Attacks

# Bangladesh now 3rd largest global source of DDoS attacks in 2025 Q3

MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2025

Check Also

June

Microsoft June Patches 200 Vulnerabilities including 3 zero days

Microsoft’s June 2026 Patch Tuesday updates fix about 200 security flaws found in the company’s …

Mail: [email protected]
© Copyright 2026, All Rights Reserved InfoSecBulletin