digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Server stats:

832
active users

#vulnerability

104 posts26 participants14 posts today

Google releases Chrome emergency update; patches four vulnerabilities, one actively exploited

Google released an emergency Chrome update on September 17, 2025, patching four high-severity vulnerabilities including an actively exploited zero-day (CVE-2025-10585) in the V8 JavaScript engine that enables arbitrary code execution through malicious websites.

**Once again - an urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesGoogle releases Chrome emergency update; patches four vulnerabilities, one actively exploitedGoogle released an emergency Chrome update on September 17, 2025, patching four high-severity vulnerabilities including an actively exploited zero-day (CVE-2025-10585) in the V8 JavaScript engine that enables arbitrary code execution through malicious websites.

🔎 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻 𝗦𝗶𝗲𝗺𝗲𝗻𝘀 𝗦𝗜𝗣𝗥𝗢𝗧𝗘𝗖 𝟱 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝗶𝗲𝗱

Our Technical Security Audit team has identified a vulnerability in 𝗦𝗶𝗲𝗺𝗲𝗻𝘀 𝗦𝗜𝗣𝗥𝗢𝗧𝗘𝗖 𝟱 𝗱𝗲𝘃𝗶𝗰𝗲𝘀:
⚠️ The USB port may allow attacks due to improper bandwidth limitation.

📌 Description:
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. During this restart the protection function is not available.

📄 The full advisory is available here: gai-netconsult.de/wp-content/u

⚠️ Please follow the manufacturer’s guidance and updates.

🌐 An overview of further advisories can be found on our website: www.gai-netconsult.de/advisories

👏 Congratulations to our colleagues 𝗠𝗮𝗿𝗰 𝗖𝘂𝗻𝘆 and 𝗧𝗼𝗿𝗮𝗹𝗳 𝗚𝗶𝗺𝗽𝗲𝗹 for this discovery.

WatchGuard Firebox vulnerability allows remote code execution

WatchGuard Technologies patched a critical unauthenticated remote code execution vulnerability (CVE-2025-9242) in its Firebox firewall appliances that allows attackers to compromise systems by sending crafted data to the IKE protocol handler used for VPN connections. The flaw affects multiple Firebox models running various Fireware OS versions.

**If you're using WatchGuard Firebox firewalls, immediately upgrade to the latest patched versions (2025.1.1, 12.11.4, or appropriate version for your model) because your firewall has a vulnerability that can be attacked remotely. Isolating doesn't really help since these devices are designed to face the internet. If you're running unsupported 11.x versions, either migrate to supported firmware immediately or shut down these devices since no patches are available.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesWatchGuard Firebox vulnerability allows remote code executionWatchGuard Technologies patched a critical unauthenticated remote code execution vulnerability (CVE-2025-9242) in its Firebox firewall appliances that allows attackers to compromise systems by sending crafted data to the IKE protocol handler used for VPN connections. The flaw affects multiple Firebox models running various Fireware OS versions.

Apple releases security updates for iOS 18.7, macOS, iPadOS, and releases iOS 26 and macOS 26

Apple released critical security updates for iOS, iPadOS, and macOS addressing CVE-2025-43300, an actively exploited zero-day vulnerability in the ImageIO framework that was chained with a WhatsApp flaw in sophisticated spyware attacks targeting fewer than 200 high-profile individuals globally. The updates patch 13 additional vulnerabilities including privilege escalation flaws.

**Another big OS release from Apple. If you haven't updated your Apple devices with the emergency patch, update now to fix the exploited CVE-2025-43300. Even if you did patch, the regular update is a smart choice. Maybe wait and don't install iOS 26/ macOS Tahoe 26 until immediately, wait a month so you can see if anything bad happens.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesApple releases security updates for iOS 18.7, macOS, iPadOS, and releases iOS 26 and macOS 26Apple released critical security updates for iOS, iPadOS, and macOS addressing CVE-2025-43300, an actively exploited zero-day vulnerability in the ImageIO framework that was chained with a WhatsApp flaw in sophisticated spyware attacks targeting fewer than 200 high-profile individuals globally. The updates patch 13 additional vulnerabilities including privilege escalation flaws.