PureVPN Vulnerability Exposes Users IPv6 Address While Toggling Wi-Fi https://cybersecuritynews.com/purevpn-vulnerability/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #cybersecurity #vulnerability

PureVPN Vulnerability Exposes Users IPv6 Address While Toggling Wi-Fi https://cybersecuritynews.com/purevpn-vulnerability/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #cybersecurity #vulnerability
Wie veraltete Software Unternehmen angreifbar macht
#AssetManagement #Cybersecurity #Cybersicherheit #LegacySoftware @Qualys #Schwachstelle #Sicherheitsarchitektur #veralteteSoftware #Vulnerability
https://netzpalaver.de/2025/09/18/wie-veraltete-software-unternehmen-angreifbar-macht/
PureVPN Vulnerability Reveals IPv6 Address While Reconnecting to Wi-Fi https://gbhackers.com/purevpn-vulnerability/ #CVE/vulnerability #CyberSecurityNews #Vulnerability
Google releases Chrome emergency update; patches four vulnerabilities, one actively exploited
Google released an emergency Chrome update on September 17, 2025, patching four high-severity vulnerabilities including an actively exploited zero-day (CVE-2025-10585) in the V8 JavaScript engine that enables arbitrary code execution through malicious websites.
**Once again - an urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-releases-chrome-emergency-update-patches-four-bulnerabilities-one-actively-exploited-r-p-2-s-v/gD2P6Ple2L
𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻 𝗦𝗶𝗲𝗺𝗲𝗻𝘀 𝗦𝗜𝗣𝗥𝗢𝗧𝗘𝗖 𝟱 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝗶𝗲𝗱
Our Technical Security Audit team has identified a vulnerability in 𝗦𝗶𝗲𝗺𝗲𝗻𝘀 𝗦𝗜𝗣𝗥𝗢𝗧𝗘𝗖 𝟱 𝗱𝗲𝘃𝗶𝗰𝗲𝘀: The USB port may allow attacks due to improper bandwidth limitation.
Description:
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. During this restart the protection function is not available.
The full advisory is available here: https://www.gai-netconsult.de/wp-content/uploads/2025/09/Advisory-GAINC-2025-001-1.0.pdf
Please follow the manufacturer’s guidance and updates.
An overview of further advisories can be found on our website: www.gai-netconsult.de/advisories
Congratulations to our colleagues 𝗠𝗮𝗿𝗰 𝗖𝘂𝗻𝘆 and 𝗧𝗼𝗿𝗮𝗹𝗳 𝗚𝗶𝗺𝗽𝗲𝗹 for this discovery.
WatchGuard Firebox vulnerability allows remote code execution
WatchGuard Technologies patched a critical unauthenticated remote code execution vulnerability (CVE-2025-9242) in its Firebox firewall appliances that allows attackers to compromise systems by sending crafted data to the IKE protocol handler used for VPN connections. The flaw affects multiple Firebox models running various Fireware OS versions.
**If you're using WatchGuard Firebox firewalls, immediately upgrade to the latest patched versions (2025.1.1, 12.11.4, or appropriate version for your model) because your firewall has a vulnerability that can be attacked remotely. Isolating doesn't really help since these devices are designed to face the internet. If you're running unsupported 11.x versions, either migrate to supported firmware immediately or shut down these devices since no patches are available.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/watchguard-firebox-vulnerability-allows-remote-code-execution-2-e-5-s-k/gD2P6Ple2L
Jenkins Patches Multiple Vulnerabilities that Allow Attackers to Cause a Denial of Service https://cybersecuritynews.com/jenkins-patches-multiple-vulnerabilities/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #Vulnerability #cybersecurity #vulnerability
Windows Greenshot Vulnerability Lets Attackers Execute Malicious Code – PoC Published https://gbhackers.com/windows-greenshot-vulnerability/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity #PoC
"While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful #EntraID #vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant."
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
Pixie Dust Wi-Fi Attack Exploits Routers WPS to Obtain PIN and Connect With Wireless Network https://cybersecuritynews.com/pixie-dust-wi-fi-attack/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #Vulnerability #cybersecurity #vulnerability
TP-Link Router 0-Day RCE Vulnerability Exploited Bypassing ASLR Protections – PoC Released https://cybersecuritynews.com/tp-link-router-zero-day-rce-vulnerability/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #CyberSecurity #cybersecurity #vulnerability
Hackers Abuse RTL/LTR Text Tricks and Browser Flaws to Mask Malicious Links https://gbhackers.com/hackers-abuse-rtl-ltr-text-tricks/ #CyberSecurityNews #cybersecurity #Vulnerability
Google Chrome 0-Day Under Active Attack – Update Immediately https://gbhackers.com/google-chrome-0-day-2/ #CVE/vulnerability #CyberSecurityNews #Vulnerabilities #cybersecurity #Vulnerability #Chrome #Google
Google Chrome 0-Day Vulnerability Actively Exploited in the Wild – Patch Now https://cybersecuritynews.com/google-chrome-0-day-vulnerability-exploited/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #CyberSecurity #cybersecurity #vulnerability
New Shai-hulud Worm Infecting npm Packages With Millions of Downloads https://hackread.com/shai-hulud-worm-infecting-npm-packages-download/ #Cybersecurity #ReversingLabs #Vulnerability #CyberAttack #Shaihulud #Security #Malware #GitHub #NPM
Shai-Hulud Worm Infects Over 500 NPM Packages in Sophisticated Supply Chain Attack https://dailydarkweb.net/shai-hulud-worm-infects-over-500-npm-packages-in-sophisticated-supply-chain-attack/ #Vulnerability
Apple releases security updates for iOS 18.7, macOS, iPadOS, and releases iOS 26 and macOS 26
Apple released critical security updates for iOS, iPadOS, and macOS addressing CVE-2025-43300, an actively exploited zero-day vulnerability in the ImageIO framework that was chained with a WhatsApp flaw in sophisticated spyware attacks targeting fewer than 200 high-profile individuals globally. The updates patch 13 additional vulnerabilities including privilege escalation flaws.
**Another big OS release from Apple. If you haven't updated your Apple devices with the emergency patch, update now to fix the exploited CVE-2025-43300. Even if you did patch, the regular update is a smart choice. Maybe wait and don't install iOS 26/ macOS Tahoe 26 until immediately, wait a month so you can see if anything bad happens.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-releases-security-updates-for-ios-18-7-macos-ipados-and-releases-ios-26-and-macos-26-o-h-7-y-q/gD2P6Ple2L
Many networking devices are still vulnerable to pixie dust attack https://www.helpnetsecurity.com/2025/09/17/many-networking-devices-are-still-vulnerable-to-pixie-dust-attack/ #legacytechnology #vulnerability #Don'tmiss #Features #consumer #firmware #wireless #TP-LINK #attack #News #SMBs
Windows Screenshot Utility Greenshot Vulnerability Enable Malicious code execution – PoC Released https://cybersecuritynews.com/greenshot-vulnerability/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #Vulnerability #cybersecurity #vulnerability
Critical WatchGuard Vulnerability Allows Unauthenticated Attacker to Execute Arbitrary Code https://cybersecuritynews.com/watchguard-vulnerability-execute-arbitrary-code/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #CyberSecurity #cybersecurity #vulnerability