> ai://ti

autonomous threat intelligence feed

Top Stories

CISA Identifies Critical RCE Vulnerability in Sierra Wireless Routers
CISA has added CVE-2018-4063, a high-severity remote code execution vulnerability in Sierra Wireless routers, to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw allows attackers to upload malicious files via HTTP requests, potentially gaining root access.

Key points:

  • CVE-2018-4063 has a CVSS score of 8.8/9.9 and allows remote code execution through file uploads.
  • The vulnerability affects the ACEManager 'upload.cgi' function in Sierra Wireless AirLink ALEOS routers.
  • Attackers can exploit this flaw to run malicious code with elevated privileges due to the ACEManager running as root.
  • Forescout's analysis indicates industrial routers are frequently targeted in operational technology environments.
  • Federal agencies are urged to update devices or discontinue use by January 2, 2026, due to end-of-support status.
Sources: The Hacker News (1 articles)
CISA Updates KEV Catalog with New Exploited Vulnerability
CISA has added CVE-2018-4063, a vulnerability in Sierra Wireless AirLink ALEOS, to its Known Exploited Vulnerabilities Catalog due to active exploitation evidence. This highlights the ongoing risk to federal networks and emphasizes the need for timely remediation.

Key points:

  • CISA's KEV Catalog now includes CVE-2025-14174, highlighting its active exploitation.
  • The vulnerability is an out-of-bounds memory access issue in Google Chromium.
  • BOD 22-01 mandates remediation of identified vulnerabilities for federal agencies.
  • CISA encourages all organizations to prioritize remediation of KEV vulnerabilities.
  • The catalog aims to protect federal networks from significant cyber threats.
Sources: CISA Cybersecurity Advisories (1 articles)
Apple addresses two zero-day vulnerabilities exploited in targeted attacks
Apple has released urgent updates to fix two zero-day vulnerabilities, CVE-2025-43529 and CVE-2025-14174, exploited in sophisticated attacks. Both flaws affect WebKit and impact various iPhone and iPad models.

Key points:

  • CVE-2025-43529 is a WebKit use-after-free RCE flaw, while CVE-2025-14174 is a memory corruption issue.
  • Both vulnerabilities were discovered by Google’s Threat Analysis Group and are linked to targeted spyware attacks.
  • Affected devices include iPhone 11 and later, various iPad models, and older iOS versions.
  • This marks the seventh zero-day vulnerability patched by Apple in 2025.
  • Users are urged to install the latest updates to mitigate risks of exploitation.
Sources: Bleeping Computer (1 articles)
Metasploit Wrap-Up Highlights Critical RCE Vulnerabilities and New Exploit Modules
The latest Metasploit update introduces critical RCE vulnerabilities, including CVE-2025-55182, known as React2Shell. New exploit modules for various platforms, including Magento and WordPress, enhance the framework's capabilities.

Key points:

  • CVE-2025-55182, a critical RCE vulnerability in React, has been added to Metasploit with an exploit module.
  • New MSSQL attack capabilities include an NTLM relay module and improved encryption support.
  • New exploit modules for Magento and WordPress address critical vulnerabilities allowing unauthenticated RCE.
  • Support for a new architecture, LoongArch64, has been added with a reboot payload.
Sources: Rapid7 Research Blog (1 articles)
Apple Releases Security Updates for Exploited WebKit Vulnerabilities
Apple has issued security updates for multiple platforms to address two WebKit vulnerabilities exploited in the wild. These flaws could allow arbitrary code execution and memory corruption, affecting various devices and browsers.

Key points:

  • The vulnerabilities include CVE-2025-43529 and CVE-2025-14174, both affecting WebKit.
  • CVE-2025-14174 was previously patched by Google in Chrome, indicating a shared risk across browsers.
  • The flaws were likely used in sophisticated mercenary spyware attacks targeting specific individuals.
  • Apple has now patched nine zero-day vulnerabilities exploited in 2025.
  • Affected devices include iPhones, iPads, Macs, Apple TVs, and Apple Watches.
Sources: The Hacker News (1 articles)

Other Updates

CISA Warns of Exploitation of Critical GeoServer Vulnerability CVE-2025-58360
CISA alerts on exploitation of CVE-2025-58360 in GeoServer, urging immediate patching.

Key points:

  • CVE-2025-58360 has a CVSS score of 9.8 and allows attackers to exploit XML input vulnerabilities.
  • Patches were released in GeoServer version 2.28.1, addressing this and another XSS vulnerability.
  • CISA added CVE-2025-58360 to its Known Exploited Vulnerabilities list, indicating active exploitation.
  • Federal agencies are required to patch vulnerable instances within three weeks per BOD 22-01.
  • This is the third GeoServer vulnerability exploited this year, following earlier alerts on CVE-2022-24816 and CVE-2024-36401.
Sources: SecurityWeek (1 articles)
CISA Directs Federal Agencies to Patch Critical GeoServer Vulnerability
CISA orders patching of a critical GeoServer vulnerability exploited in XML External Entity attacks.

Key points:

  • The vulnerability affects GeoServer versions 2.26.1 and earlier, allowing attackers to exploit XML input.
  • CISA has added CVE-2025-58360 to its Known Exploited Vulnerabilities Catalog, urging immediate action.
  • Federal agencies must patch by January 1, 2026, as per Binding Operational Directive 22-01.
  • The flaw poses significant risks, with thousands of GeoServer instances exposed online.
  • CISA emphasizes the need for network defenders to prioritize this vulnerability.
Sources: Bleeping Computer (1 articles)
React Server Components Vulnerabilities Lead to DoS and Source Code Exposure Risks
New vulnerabilities in React Server Components pose significant security risks, prompting urgent updates.

Key points:

  • Two new vulnerabilities in React Server Components could result in denial-of-service and source code exposure.
  • CVE-2025-55184 and CVE-2025-55183 are linked to unsafe deserialization and information leaks.
  • The vulnerabilities affect multiple versions of react-server-dom packages.
  • Security researchers have reported these issues, highlighting the importance of timely updates.
  • Users are advised to upgrade to versions 19.0.3, 19.1.4, and 19.2.3 to protect against exploitation.
Sources: The Hacker News (1 articles)
Microsoft RasMan DoS 0-day vulnerability exploited; unofficial patch available
A zero-day vulnerability in Microsoft RasMan allows service crashes, with an unofficial patch now available.

Key points:

  • The vulnerability, linked to CVE-2025-59230, enables local privilege escalation.
  • A freely downloadable exploit is currently unrecognized by malware detection systems.
  • The flaw stems from a coding issue in processing circular linked lists, causing service crashes.
  • Microsoft has not yet responded to requests for an official patch or CVE assignment.
  • 0patch offers a free micropatch until Microsoft provides an official solution.
Sources: The Register Security (1 articles)
Threat Actors Actively Exploit React2Shell Vulnerability (CVE-2025-55182)
CVE-2025-55182 is a critical RCE vulnerability in React Server Components under active exploitation.

Key points:

  • CVE-2025-55182 has a CVSS score of 10.0, allowing unauthenticated remote code execution.
  • Exploitation has been observed across multiple threat clusters, including cybercriminals and espionage groups.
  • Malware deployed includes MINOCAT, SNOWLIGHT, HISONIC backdoors, and XMRIG miners.
  • Organizations using unpatched React and Next.js versions are at high risk.
  • False exploit claims have circulated, complicating the identification of legitimate threats.
Sources: Google Cloud Threat Intel (1 articles)
MITRE Releases 2025's Top 25 Most Dangerous Software Weaknesses
MITRE's 2025 list identifies critical software weaknesses that pose significant security risks.

Key points:

  • The list was developed in collaboration with CISA and HSSEDI, focusing on vulnerabilities reported from June 2024 to June 2025.
  • Cross-Site Scripting (CWE-79) remains the top weakness, while several others have shifted in ranking.
  • New entries include various buffer overflow types and improper access control vulnerabilities.
  • CISA encourages organizations to utilize this list to enhance their software security measures.
Sources: Bleeping Computer (1 articles)
Home Depot Credential Leak Exposed Internal Systems for One Year
A leaked GitHub token exposed Home Depot's internal systems for a year, allowing unauthorized access.

Key points:

  • A Home Depot employee accidentally published a private GitHub token in early 2024.
  • The token granted write access to private repositories and access to cloud infrastructure.
  • The security researcher reported the issue but received no response from Home Depot.
  • The credential was removed from public view after media intervention.
Sources: CSO Online (1 articles)
Zigbee Protocol Security Assessment in Industrial Environments
The article assesses Zigbee's security in industrial contexts, highlighting vulnerabilities and attack vectors.

Key points:

  • Zigbee is a low-power wireless protocol based on IEEE 802.15.4, commonly used in IoT and industrial applications.
  • The article emphasizes the differences between Zigbee and Wi-Fi, particularly in low-power and large-scale sensor networks.
  • It identifies key components of Zigbee networks, including coordinators, routers, and end devices.
  • The assessment includes potential attack vectors and practical solutions to enhance security in Zigbee deployments.
Sources: Securelist (1 articles)
$320,000 Awarded for Open Source Exploits at Zeroday.Cloud Competition
Zeroday.Cloud competition awarded $320,000 for successful open source software exploits.

Key points:

  • The competition featured a total prize pool of $4.5 million for vulnerabilities in cloud and AI technologies.
  • Participants earned rewards ranging from $10,000 to $300,000 for successful exploits.
  • The largest single payout was $40,000 for a Linux kernel exploit.
  • Five database system exploits earned $30,000 each, targeting Redis and PostgreSQL.
  • Attempts to exploit vLLM and Ollama LLM tools were unsuccessful.
Sources: SecurityWeek (1 articles)

Read More by Category

All πŸ’£ Exploits 🚨 Intrusions 🎯 Campaigns ☁️ Cloud πŸ€– AI πŸͺ™ Blockchain πŸ›οΈ Policy

Additional Signals

No additional signals worth mentioning in this category from the past 72 hours.