Pierluigi Paganini
May 16, 2025
Meta plans to train AI on EU user data from May 27 without consent; privacy group noyb threatens lawsuit over lack of explicit opt-in. Meta plans to use EU user data for AI training starting May 27 without explicit consent. Austrian privacy group noyb threatens a class action lawsuit if the social network giant does […]
Pierluigi Paganini
May 16, 2025
Google released emergency security updates to fix a Chrome vulnerability that could lead to full account takeover. Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. The security researcher Vsevolod Kokorin (@slonser_) discovered the vulnerability, which stems from an insufficient policy enforcement in […]
Pierluigi Paganini
May 15, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability, tracked as CVE-2025-32756, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet released security updates to address a critical remote code execution zero-day, […]
Pierluigi Paganini
May 14, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Windows flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: Microsoft addressed these flaws with the release of the Patch Tuesday Security updates […]
Pierluigi Paganini
May 14, 2025
Ivanti addressed two Endpoint Manager Mobile (EPMM) software vulnerabilities that have been exploited in limited attacks. Ivanti has released security updates to address two vulnerabilities in Endpoint Manager Mobile (EPMM) software. The company confirmed that threat actors have chained the flaws in limited attacks to gain remote code execution. The two vulnerabilities are tracked as CVE-2025-4427 and […]
Pierluigi Paganini
May 14, 2025
Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice enterprise phone systems. Fortinet released security updates to address a critical remote code execution zero-day, tracked as CVE-2025-32756, that was exploited in attacks targeting FortiVoice enterprise phone systems. The vulnerability is a stack-based overflow issue that impacts in FortiVoice, FortiMail, FortiNDR, […]
Pierluigi Paganini
May 13, 2025
A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024. Since April 2024, the threat actor Marbled Dust (aka Sea Turtle, Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) has exploited a zero-day flaw (CVE-2025-27920) in Output Messenger to target Kurdish military-linked users […]
Pierluigi Paganini
May 13, 2025
Apple released security updates to address easily exploitable vulnerabilities impacting iOS and macOS devices. Apple released urgent iOS and macOS security updates to patch critical flaws that could allow attackers to execute malicious code just by opening a crafted image, video, or website: Apple’s iOS 18.5 update addressed multiple critical flaws in AppleJPEG, CoreMedia, and […]
Pierluigi Paganini
May 12, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a TeleMessage TM SGNL flaw, tracked as CVE-2025-47729 (CVSS score of 1.9), to its Known Exploited Vulnerabilities (KEV) catalog. “The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of […]
Pierluigi Paganini
May 12, 2025
Expert found two flaws in DriverHub, pre-installed on Asus motherboards, which allow remote code execution via crafted HTTP requests. Security researcher ‘MrBruh’ discovered two vulnerabilities, tracked as CVE-2025-3462 (CVSS score of 8.4) and CVE-2025-3463 (CVSS score of 9.4), in DriverHub, a driver that is pre-installed on Asus motherboards. A remote attacker can exploit the flaws to gain arbitrary code […]
