InfoSecBulletin Cybersecurity for mankind
CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which is currently being exploited in targeted attacks.
An authorization bypass flaw in Apple’s USB Restricted Mode allows attackers with physical access to turn off security protections on locked devices, risking exposure of sensitive data. The flaw is due to an incorrect authorization vulnerability (CWE-863) in Apple’s mobile operating systems.
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
Attackers can disable USB Restricted Mode, a security feature that limits USB access for locked devices after an hour of inactivity. This allows them to bypass protections against unauthorized data transfers and brute-force passcode attempts.
This vulnerability is especially worrisome for high-risk individuals like journalists, activists, and corporate executives, as their devices often hold sensitive information.
CISA confirmed the vulnerability is actively being exploited, but its connection to ransomware campaigns is not yet verified.
The agency included the flaw in its Known Exploited Vulnerabilities (KEV) catalog on February 12, 2025, requiring federal agencies to implement mitigations by March 5, 2025. Private-sector organizations and individuals are also urged to take similar action.
Apple has not confirmed if a patch is being developed, but CISA advises users to apply updates as soon as they’re available.
