Apple has issued urgent security updates to fix a zero-day vulnerability that is being actively exploited, warning that attackers may have used it in targeted campaigns. CVE-2025-43300 is a flaw in Apple’s Image I/O framework that allows out-of-bounds writing, affecting how applications manage common image file formats. According to Apple’s …
Read More »CVE-2025-43300
Copilot Breaks Your Audit Log, but Microsoft Won’t Tell the customer
A significant security vulnerability has been discovered in Microsoft’s Copilot for M365 that allowed users, including potential malicious insiders, to access and interact with sensitive files without leaving any record in the official audit logs. After patching the flaw, Microsoft has reportedly decided against issuing a formal CVE or notifying …
Read More »0-Day Clickjacking Vuls Found in Password Managers like 1Password, LastPass
A cybersecurity researcher revealed zero-day clickjacking vulnerabilities in eleven major password managers, risking credential theft for millions of users with just one malicious click. The new attack technique, dubbed “DOM-based Extension Clickjacking,” represents a significant evolution from traditional web-based clickjacking attacks. This technique targets user interface elements created by password …
Read More »
(CVE-2025-54948)
CISA Adds Actively Exploited Trend Micro Apex One Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the critical Trend Micro Apex One vulnerability, CVE-2025-54948, in its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation. Trend Micro Apex One is a popular endpoint security platform that detects and responds to malware and other security threats. However, …
Read More »F5 Fixes HTTP/2 Vuln Enabling Massive DoS Attacks
F5 Networks has revealed a new HTTP/2 vulnerability impacting several BIG-IP products, which could enable remote attackers to conduct denial-of-service attacks on corporate networks. The security flaw named CVE-2025-54500, known as the “HTTP/2 MadeYouReset Attack,” was announced on August 13, 2025, with updates on August 15. The vulnerability exploits malformed …
Read More »
(CVE-2025-49457)
Zoom Patches Critical Flaw Allowing Privilege Escalation Risk
Zoom has released security updates for its Windows clients to fix two major vulnerabilities, CVE-2025-49456 and CVE-2025-49457, which could allow attackers to exploit race conditions and untrusted search paths. The first flaw, CVE-2025-49456 (CVSS 6.2), is a race condition in the installer for certain Zoom Clients for Windows. According to …
Read More »Adobe Patched 60+ Vulnerabilities Across 13 Products
Adobe’s August 2025 Patch Tuesday updates fix over 60 vulnerabilities in 3D design, content creation, publishing, and other products. The software giant has released 13 new advisories, including five for vulnerabilities in Substance 3D products: Viewer, Modeler, Painter, Sampler, and Stager. Adobe fixed critical code execution vulnerabilities and several medium-severity …
Read More »WinRAR Zero-Day and 7-Zip Vulnerability actively exploited
ESET researchers found a zero-day vulnerability in WinRAR for Windows, tracked as CVE-2025-8088, which has been used to run malicious code on victims’ computers. With a CVSS v3.1 score of 8.4, this flaw lets attackers manipulate extraction processes and place harmful files in the wrong system areas. Vulnerable versions of …
Read More »28,000+ Microsoft Exchange Servers Exposed Online for CVE-2025-53786
More than 28,000 unpatched Microsoft Exchange servers are publicly accessible and vulnerable to the critical security flaw CVE-2025-53786, as reported by The Shadowserver Foundation on August 7, 2025. CISA’s Emergency Directive 25-02 on August 7 requires federal agencies to fix a critical vulnerability in Microsoft Exchange hybrid setups by 9:00 …
Read More »Multiple 0-days to Bypass BitLocker and Extract Data
Researchers revealed critical zero-day vulnerabilities that bypass Windows BitLocker encryption, enabling attackers with physical access to quickly extract data from encrypted devices. Research by Alon Leviev and Netanel Ben Simon from Microsoft’s STORM team reveals critical flaws in the Windows Recovery Environment (WinRE) that threaten BitLocker’s security. Four Critical Attack …
Read More »
InfoSecBulletin Cybersecurity for mankind