Security

CVE ID : CVE-2025-30675

Published : June 11, 2025, 12:15 a.m. | 1 hour, 35 minutes ago

Description : In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the ‘domainid’ parameter along with the ‘filter=self’ or ‘filter=selfexecutable’ values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain.

A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details. 

This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller’s scope rather than defaulting to the ROOT domain.

Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-9062

Published : June 11, 2025, 12:15 a.m. | 1 hour, 35 minutes ago

Description : The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the “factored applications” model, delegating privileged operations—such as arbitrary file deletion and file permission changes—to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32717

Published : June 11, 2025, 12:15 a.m. | 1 hour, 35 minutes ago

Description : Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5958

Published : June 11, 2025, 1:15 a.m. | 35 minutes ago

Description : Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4275

Published : June 11, 2025, 1:15 a.m. | 35 minutes ago

Description : Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49091

Published : June 11, 2025, 1:15 a.m. | 35 minutes ago

Description : KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5959

Published : June 11, 2025, 1:15 a.m. | 35 minutes ago

Description : Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent…

In episode 54 of The AI Fix, Graham saves humanity with a CAPTCHA, Mark wonders whether AI can suffer, ChatGPT…

The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS)…

IT and software supply chain attacks have surged in recent months, as threat actors have gotten better at exploiting supply…

Critical Wazuh bug exploited in growing Mirai botnet infection

Cybercriminals are trying to spread multiple Mirai variants by exploiting a critical Wazuh vulnerability, researchers say – the first reported active attacks since the code execution bug was disclosed …
Read more

Published Date:
Jun 10, 2025 (5 hours, 54 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24016

CVE-2024-3721

CVE-2023-1389

CVE-2017-18368

CVE-2017-17215

CVE-2014-8361

The June 2025 Security Update Review

It’s the second Tuesday of the month, and while many places in the Northern Hemisphere are scorching, Microsoft and Adobe have released their latest security offering in hopes of cooling things down. …
Read more

Published Date:
Jun 10, 2025 (4 hours, 31 minutes ago)

Vulnerabilities has been mentioned in this article.

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

Today is Microsoft’s June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed.
This Patch Tuesday a …
Read more

Published Date:
Jun 10, 2025 (4 hours, 18 minutes ago)

Vulnerabilities has been mentioned in this article.

FortiOS SSL-VPN Vulnerability Let Attackers Access full SSL-VPN settings

Fortinet has disclosed a new security vulnerability affecting its FortiOS SSL-VPN web-mode that allows authenticated users to gain unauthorized access to complete SSL-VPN configuration settings throug …
Read more

Published Date:
Jun 10, 2025 (4 hours, 9 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-25250

Microsoft Patch Tuesday June 2025 – Exploited zero-day and Other 65 Vulnerabilities Patched

Microsoft has released its monthly Patch Tuesday updates, addressing a total of 66 vulnerabilities in its product suite. This release includes a remediation for one zero-day vulnerability that is curr …
Read more

Published Date:
Jun 10, 2025 (3 hours, 50 minutes ago)

Vulnerabilities has been mentioned in this article.

APT Hackers Exploited Windows WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware

A sophisticated cyberattack campaign by the advanced persistent threat group, Stealth Falcon, which exploited a previously unknown zero-day vulnerability to target a major Turkish defense company and …
Read more

Published Date:
Jun 10, 2025 (3 hours, 13 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-33053

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

A skeleton key for hackers
The publicly available exploits provide a near-universal way to bypass key protections.
Researchers have unearthed two publicly available exploits that completely evade prot …
Read more

Published Date:
Jun 10, 2025 (2 hours, 55 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3052

CVE-2025-47827

Fortinet Security Update: Critical Patch Addressing Multiple Vulnerabilities Across Products

Fortinet has released security updates addressing multiple vulnerabilities across its product portfolio, including FortiOS, FortiAnalyzer, FortiProxy, and FortiWeb systems.
The cybersecurity company’s …
Read more

Published Date:
Jun 10, 2025 (2 hours, 45 minutes ago)

Vulnerabilities has been mentioned in this article.

Windows WEBDAV 0-Day RCE Vulnerability Actively Exploited in the Wild – All Versions Affected

Microsoft has confirmed that a critical zero-day vulnerability in its Web Distributed Authoring and Versioning (WebDAV) implementation is being actively exploited by attackers in the wild, prompting a …
Read more

Published Date:
Jun 10, 2025 (2 hours, 32 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-33053