CVE-2025-24085 is a zero-day vulnerability in Apple’s “Core Media framework” which enables malicious applications to potentially gain elevated privileges on impacted devices. It falls under the “Memory Corruption vulnerability category”, posing significant security risks such as unauthorized access to sensitive data or potential device control.
OEM
Apple Inc
Severity
High
CVEs
CVE-2025-24085
Exploited in Wild
Yes
Patch/Remediation Available
Yes
Advisory Version
1.0
Vulnerability Name
CVE ID
Product Affected
Severity
Affected Version
Privilege escalation vulnerability
CVE-2025-24085
Apple
High
iPhone-XS and later, macOS Sequoia iPad-Pro (3rd generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), iPad mini (5th generation and later) Apple Watch: Series 6 and later Apple TV: All models
Technical Summary
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2025-24085
iPhone, iPad, Mac, Apple Watch, Apple TV
CVE-2025-24085 is a memory management vulnerability in Apple’s Core Media framework, responsible for processing audio and video content. The vulnerability stems from improper handling of media data, allowing attackers to execute arbitrary code with elevated privileges. It can be remotely exploited through malicious media files, creating significant security risks.
Arbitrary Code Execution, Privilege Escalation, Sensitive Data Exposure, Remote Exploitation via Media Files
Remediation:
Update: Ensure the latest patches are applied to affected Apple devices as listed below
Affected Version(s)
Fixes and Releases
iOS 17.2 and later
iOS 18.3
iPadOS 17.2 and later
iPadOS 18.3
macOS Sequoia (all previous versions)
macOS Sequoia 15.3
watchOS 10.3 and later
watchOS 11.3
tvOS 17.2 and later
tvOS 18.3
visionOS 1.3 and later
visionOS 2.3
Apple has fixed this vulnerability in these software versions. Update devices immediately to mitigate the risk of exploitation.
General Recommendations:
Untrusted Media: Avoid opening suspicious media files, emails, or links from unknown sources, as the vulnerability can be exploited remotely via malicious media.
Automatic Updates: Enable automatic updates on all Apple devices to ensure timely installation of future security patches.
High-Severity SMB Server Flaws (CVE-2024-56626 & CVE-2024-56627) in Linux Kernel
Jordy Zomer, a Security researcher have recently discovered two critical vulnerabilities in KSMBD, the in-kernel SMB server for Linux. These vulnerabilities, CVE-2024-56626 and CVE-2024-56627, could allow attackers to gain control of vulnerable systems.
SUMMARY
OEM
Linux
Severity
High
CVSS
7.8
CVEs
CVE-2024-56626, CVE-2024-56627
Exploited in Wild
No
Publicly POC Available
Yes
Patch/Remediation Available
Yes
Advisory Version
1.0
These vulnerabilities affect Linux kernel versions greater than 5.15 and have been addressed in version 6.13-rc2. Proof-of-concept (PoC) exploits have been publicly released, emphasizing the critical nature of these issues.
Vulnerability Name
CVE ID
Product Affected
Severity
Affected Version
Out-of-bounds write vulnerability in ksmbd.
CVE-2024-56626
Linux
High
Linux kernel versions greater than 5.15
Out-of-bounds read vulnerability in ksmbd.
CVE-2024-56627
Linux
High
Linux kernel versions greater than 5.15
Technical Summary
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2024-56626
Linux Kernel
A vulnerability in ksmbd’s ksmbd_vfs_stream_write allowed negative offsets from clients, causing out-of-bounds writes and potential memory corruption. It was triggered when using vfs objects = streams_xattr in ksmbd.conf. The issue has been fixed in recent kernel updates.
Attackers can execute arbitrary code with kernel privileges
CVE-2024-56627
Linux Kernel
A vulnerability in ksmbd’s ksmbd_vfs_stream_write allowed negative client offsets, enabling out-of-bounds writes and potential memory corruption. This issue occurred when the vfs objects = streams_xattr parameter was set in ksmbd.conf and has been resolved in recent kernel updates.
Attackers can read sensitive kernel memory, leading to information disclosure
Remediation:
Update: Ensure that the appropriate patches or updates are applied to the relevant versions
listed below
Version
Fixes and Releases
kernel version > 5.15
kernel version 6.13-rc2
Conclusion:
The discovery of CVE-2024-56626 and CVE-2024-56627 highlights critical security flaws in the Linux kernel’s SMB server implementation. Given the availability of proof-of-concept exploits, immediate action is essential to protect systems from potential exploitation. Regularly updating systems and applying security patches are vital practices to maintain a secure environment.
Cisco has warned about a new privilege escalation vulnerability in its Meeting Management tool that could allow a remote attacker to gain administrator privileges on exposed instances.
The vulnerability, CVE-2025-20156 was disclosed by Cisco on January 22 and is awaiting further analysis by the US National Vulnerability Database (NVD)
OEM
Cisco
Severity
Critical
CVSS
9.9
CVEs
CVE-2025-20156
Exploited in Wild
No
Patch/Remediation Available
Yes
Advisory Version
1.0
Overview
A critical vulnerability (CVE-2025-20156) in Cisco Meeting Management could allow attackers to gain unauthorized administrative access. This issue affects versions prior to 3.9.1 and has been classified as critical. Cisco strongly recommends updating to the latest fixed version to address this risk.
Vulnerability Name
CVE ID
Product Affected
Severity
Privilege Escalation Vulnerability
CVE-2025-20156
Cisco
Critical
Technical Summary
A critical security vulnerability has been identified in Cisco Meeting Management. This flaw resides in the REST API and stems from improper enforcement of authorization protocols for REST API users. Remote, authenticated attackers with low-level privileges can exploit this issue by sending specially crafted API requests to specific endpoints. A successful exploit could allow attackers to escalate their privileges to administrator level and gain control over edge nodes managed by Cisco Meeting Management.
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2025-20156
Cisco Meeting Management prior to version 3.9.1
Insufficient authorization checks in the REST API allow attackers to send crafted API requests to escalate privileges.
Attackers can gain full administrative control and disrupt business operations.
Remediation:
Update to the Latest Version:
Upgrade Cisco Meeting Management to version 3.9.1or later.
Regular Security Practices:
Monitor Cisco’s security advisories.
Regularly update systems to address emerging threats.
Conclusion:
CVE-2025-20156 poses a critical risk to Cisco Meeting Management users. Exploiting this flaw could disrupt operations by granting attacker’s administrative control. Immediate updates are crucial to mitigate the risk and protect affected systems.
Fortinet recently announced a critical severity vulnerability affecting the FortiOS and FortiProxy products.
A critical Zero-day vulnerability with a CVSSv3 score of 9.6 that affects FortiOS and FortiProxy. Categorised as an “Authentication Bypass Using an Alternate Path or Channel” vulnerability (CWE-288), the flaw allows an attacker to circumvent authentication.
OEM
Fortinet
Severity
Critical
CVSS
9.6
CVEs
CVE-2024-55591
Exploited in Wild
Yes
Patch/Remediation Available
Yes
Advisory Version
1.0
Overview
According to data from the Shadowserver Foundation, almost 50,000 devices are still unpatched as of January 20, 2025.
The vulnerability, which has been actively exploited since November 2024, enables unauthenticated attackers to obtain super-admin privileges through specially crafted requests to the Node.js websocket module. Although patches have been released, but a large number of devices remain exposed and vulnerable.
Vulnerability Name
CVE ID
Product Affected
Severity
Authentication Bypass Vulnerability
CVE-2024-55591
FortiOS and FortiProxy
Critical
Technical Summary
CVE-2024-55591 is an authentication bypass vulnerability in FortiOS and FortiProxy. Exploiting this flaw allows remote attackers to gain super-admin privileges by sending specially crafted requests to the Node.js websocket module. This can lead to unauthorized administrative access, enabling attackers to modify firewall configurations, extract credentials, and move laterally within compromised environments.
Crafted requests to Node.js WebSocket module bypass authentication and allow attackers to gain super-admin privileges.
Unauthorized administrative access, credential extraction, and lateral movement.
Remediation:
Upgrade Firmware:
FortiOS: Update to version 7.0.17 or latest
FortiProxy: For 7.0.x version update to v7.0.20 or latest and for 7.2.x version update to v7.2.13 or latest
Restrict Administrative Interface Access:
Disable HTTP/HTTPS interfaces or limit access to trusted IP addresses using local-in policies.
Enable Multi-Factor Authentication (MFA):
Enforce MFA on all administrative accounts to reduce the risk of unauthorized access.
Monitor Suspicious Activities:
Check for unauthorized admin accounts, suspicious logins, or unexpected changes in firewall configurations.
Conclusion:
The exploitation of CVE-2024-55591 underscores the critical importance of timely patch management and robust security practices. Organizations using Fortinet products should act swiftly to apply the necessary updates and implement recommended security measures to protect their networks from potential attacks.
The vulnerability CVE-2024-49138, affecting the Windows Common Log File System (CLFS) driver, enables attackers to gain SYSTEM privileges via a heap-based buffer overflow. Security researcher MrAle_98 published a proof-of-concept (PoC) exploit, increasing its potential misuse.
Vulnerability Name
CVE ID
Product Affected
Severity
CLFS Privilege Escalation
CVE-2024-49138
Microsoft Windows
High
Technical Summary
CVE-2024-49138 is a heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) driver, allowing attackers to escalate privileges to SYSTEM level. It affects a wide range of Windows systems, including the latest versions, such as Windows 11 23H2. Initially discovered by CrowdStrike’s Advanced Research Team, Microsoft confirmed active exploitation prior to its December 2024 patch release. Security researcher MrAle_98 published a proof-of-concept exploit on GitHub, increasing the likelihood of threat actor replication and exploitation.
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2024-49138
Windows 10, Windows 11, Windows Server 2008–2025
Heap buffer overflow in CLFS driver enabling SYSTEM access. Exploited in the wild and PoC publicly released.
Enables attackers to elevate their privileges to SYSTEM level, granting them complete control over an affected device.
Remediations
Update Systems: Apply Microsoft’s December 2024 patches without delay.
Monitor Systems: Be alert for unusual privilege escalations or indicators of compromise.
Limit Access: Implement robust access controls and harden systems.
Conclusion:
The public release of a proof-of-concept exploit heightens risks, making immediate patching essential. Organizations must prioritize updates, monitor for exploitation, and implement strict access controls.
A critical vulnerability in the ComboBlocks WordPress plugin (formerly Post Grid and Gutenberg Blocks) exposes over 40,000 websites to potential complete takeover by unauthenticated attackers. This vulnerability exists due to improper handling of user meta during the registration process, enabling privilege escalation. It affects versions 2.2.85 to 2.3.3 and has been addressed in version 2.3.4.
OEM
WordPress
Severity
Critical
Date of Announcement
2025-01-17
CVSS score
9.8
CVE
CVE-2024-9636
Exploited in Wild
No
Patch/Remediation Available
Yes
Advisory Version
1.0
Overview
ComboBlocks, a plugin designed to enhance website design and functionality, was found to have a critical security flaw (CVE-2024-9636) that could allow unauthenticated attackers to register as administrators, granting them full control over the affected websites.
The vulnerability stems from improper restriction of user meta updates during profile registration. This flaw allows unauthenticated attackers to register as administrators, granting them full control over the website.
Complete website takeover and malware injection.
Remediations
Update Plugin: Immediately update the ComboBlocks plugin to version 2.3.4 or later.
Review Administrative Accounts:
Audit all user accounts with administrative privileges.
Revoke any unauthorized access.
Enhance Security Posture:
Enable multi-factor authentication (MFA) for all admin accounts.
Restrict user permissions based on the principle of least privilege.
Use a web application firewall (WAF) to filter and block malicious traffic.
Monitor and Log Activity:
Activate detailed logging for user registration and privilege changes.
Configure alerts for unusual activity, such as mass registrations or privilege escalations.
Implement Preventative Measures:
Regularly update all plugins and themes.
Backup the WordPress site frequently to ensure quick recovery in case of any compromise.
Cybersecurity researchers at Check Point Research (CPR) have discovered a sophisticated macOS malware called Banshee Stealer, putting over 100 million macOS users globally at risk. The malware, designed to exfiltrate sensitive user data, demonstrates advanced evasion techniques, posing a significant threat to users and organizations relying on macOS.
Key Threat Details:
Malware Capabilities:
Data Theft: Banshee Stealer targets browser credentials, cryptocurrency wallets, and sensitive files, compromising user security.
User Deception: It displays fake system pop-ups to trick users into revealing their macOS passwords, facilitating unauthorized access.
Encryption and Exfiltration: Stolen data is compressed, encrypted, and transmitted to command-and-control (C&C) servers through stealthy channels, making detection challenging.
C&C decryption Source: Cybersecurity News
Evasion Tactics:
Advanced Encryption: The malware utilizes encryption techniques similar to Apple’s XProtect, camouflaging itself to evade detection by traditional antivirus systems.
Stealth Operations: It operates seamlessly within system processes, avoiding scrutiny from debugging tools and remaining undetected for extended periods.
Distribution Mechanisms:
Phishing Websites: Banshee Stealer impersonates trusted software downloads, including Telegram and Chrome, to deceive users into downloading malicious files.
Fake GitHub Repositories: It distributes DMG files with deceptive reviews and stars to gain user trust, facilitating the spread of the malware.
Repository releases source: Cybersecurity News
Recent Developments:
Expanded Targeting: The latest version of Banshee Stealer has removed geographic restrictions, such as the Russian language check, broadening its target audience globally.
Source Code Leak: Following a source code leak, there has been increased activity, enabling other threat actors to develop variants and intensify the threat landscape.
Impact:
Users: Compromised browser data, cryptocurrency wallets, and personal files can lead to identity theft and financial losses.
Organizations: Potential data breaches can result in reputational damage, financial losses, and legal implications.
Global Threat: The malware’s expanded targeting underscores the need for enhanced vigilance among macOS users worldwide.
Indicators of Compromise (IOCs):
The IOCs listed below are associated with the threat. For the full list of IOCs, please refer to the link .
To mitigate the risks associated with Banshee Stealer, consider implementing the following proactive measures:
Avoid Untrusted Downloads:
Refrain from downloading software from unverified sources, particularly free or “cracked” versions.
Verify the authenticity of GitHub repositories before downloading any files.
Strengthening System Defenses:
Regularly update macOS and all installed applications to patch known vulnerabilities.
Deploy advanced security solutions with real-time threat detection and proactive intelligence.
Enhance Awareness and Training:
Educate users on identifying phishing websites and suspicious downloads.
Encourage caution when responding to system prompts or entering credentials.
Enable Two-Factor Authentication (2FA):
Secure accounts with 2FA to minimize the impact of stolen credentials.
Monitor System Activity:
Regularly review system logs for unauthorized changes or suspicious activity.
Use tools to monitor unexpected outgoing data transmissions.
Utilize threat intelligence feeds to detect and block IOCs like malicious IPs, domains, and file hashes.
Continuously monitor network traffic, emails, and file uploads to identify and mitigate threats early.
Conclusion:
The rise of the Banshee malware exemplifies the increasing sophistication of threats targeting macOS. Users and organizations must adopt layered security defenses, maintain vigilance, and prioritize awareness to mitigate the risks of advanced malware like Banshee. By leveraging updated tools and practices, you can safeguard critical systems and data from evolving cyber threats.
Cyber security trends as per research and data available shows that responsible AI will gain importance with more public scrutiny of risks growing along with remediation practices. Organizations will now require to balance taking risks with AI and having rapid remediation strategies available.
As per experts the areas that will get attention will be cloud security and data location. In 2025, new laws may require that sensitive data stay within national borders, affecting how companies manage and store data across regions. As businesses and critical services become increasingly dependent on cloud services, some countries may prioritize cloud availability in national emergency plans, recognizing that stable cloud access is mandatory for crisis management. This shift could lead towards the establishment of a new program like Cloud Service Priority (CSP), treating cloud infrastructure as important as utilities like electricity and telecoms.
How organization need to prepare themselves as big and small businesses and brands will see dramatically increased risks, as bad actors using AI will launch convincing impersonation attacks. This will make it easier with higher accuracy than ever to fool customers and clients.
Key Cyber Security Trends of 2025
As organization navigate through 2025 we will witness that threat actors will increasingly use AI for sophisticated phishing, vishing, and social engineering attacks.
Gen-AI
Generative AI is driving an unprecedented surge in cyber fraud, with nearly 47% of organisations identifying adversarial AI-powered attacks as their primary concern, according to the World Economic Forum’s Global Cybersecurity Outlook 2025.
Due to technological advancements the Cyberspace is growing more complex due to technological advancements as they are interconnected to supply chains. Collaboration between public and private sectors is essential to secure the benefits of digitalization at all levels.
Digitalization
76% of cybersecurity leaders report difficulties navigating a patchwork of global policies and 66% of organizations expect AI to transform cybersecurity, only 37% have implemented safeguards to secure these tools before deployment.
IoT Devices Vulnerable
Hackers will grow attacks on IoT devices as per research by Analytics insights report 2025 as over 30 billion devices across the globe will be connected through the Internet of Things. IoT enhance productivity offering convenience but due to their low-security backgrounds hackers may utilize opportunity to obtain sensitive information, or form massive botnets to execute Distributed Denial-of-Service (DDoS) attacks. (Analytics insight)
Ransomware
Attackers have resorted to different methods of extortion, involving ransom demands along with DDoS attacks. Encryption and fileless ransomware are being developed in an attempt to evade detection. RaaS makes it increasingly easy for non-technical users to carry out advanced attacks and the trend is growing. Experts predict that, by 2025, ransomware attacks will occur globally every two seconds prime targets remain in the healthcare, education, and government sectors.
AI /ML
To survive in highly competitive environment hackers will continue using AI so as organization will continue with previous theme of 2024 application of artificial intelligence and this will expand along with machine learning (ML) as these tools are the game changer in in a cybersecurity strategy.
Quantum Computing
The year 2025 will witness the rise and development of Quantum Computing and computers.An exciting technological development; however, it also generates grave challenges for cybersecurity. Quantum computers solve complex problems much faster than classical computers, making traditional cryptography algorithms vulnerable to quantum attacks is equally necessary to be proactive, with an immediate focus on quantum-safe encryption that would last to provide safety to the digital security systems in the years to follow. McKinsey poll says, 72% of tech executives, investors and quantum computing academics believe that “a fully fault-tolerant quantum computer” will be here by 2035, while 28% think this won’t happen until at least 2040. With Quantum computing business can protect their data and stay ahead of quantum threats with the right tools and strategies in place.
Regulations
Regulatory changes and compliance will evolve in 2025 as government across the European countries are gearing up with regulation being prepared to protect against surge of ransomware attacks, introducing stringent measures to combat the growing menace of cyber extortion. The EU emerged as a frontrunner in cybersecurity regulation, with the Network and Information Security (NIS2) Directive coming into full force.
BISO Analytics: In 2025 we will witness rise of virtual CISO (vCISO) or CSO consultant roles over full-time in-house roles. Also Shifting CISO responsibilities have brought about an increasing role for BISOs. The cybersecurity team has a lot to handle as companies face more cyber threats, compliance requirements, growing remote workforces, and rapid adoption of new cloud-based technologies. With such a large scope of duty, the CISO is often over stretched and in this complex cybersecurity environment having a BISO will bring in support to entire cyber security strategy.
BISO ‘s may also be called upon to interact with marketing and corporate communications, bringing their research into potential attack vectors, typical points of vulnerability, and unique understanding of the hackers mindset and guide organizations that are increasingly battening cybersecurity strategy to deal with various attack vectors.
Intrucept offers BISO Analytics as a services. BISOs are crucial for strategies requiring technical cybersecurity and strategic business input.
Organizations need bespoke solutions to defend against attacks across email, social, and other channels as we witness evolving nature of attacks demands continuous weekly innovation to stay ahead. The use of Multifactor authentication reduces the danger in identity and access managementEDR solutions with feeds of threat intelligencewill gain prominence. Intrucept is dedicated in helping organizations to run fast and be secure. We will always find that being easy and slowing down is a tendency but we as organization try to enable our customers to maintain speed (and even accelerate).
SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.
The flaw, identified as CVE-2024-53704, poses a significant security risk, allowing attackers to exploit the system remotely. Administrators are strongly encouraged to update their systems immediately to mitigate potential threats. SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.
Key Details:
The vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems.
It impacts SonicWall’s SSL-VPN products, widely used for secure remote access.
Exploitation of this bug could lead to severe consequences, including unauthorized access to sensitive data, network infiltration, and system compromise.
Summary
OEM
SonicWall
Severity
High
CVSS
8.2
CVEs
CVE-2024-53704
Exploited in Wild
No
Patch/Remediation Available
Yes
Advisory Version
1.0
Overview
The security flaw, tracked as CVE-2024-53704, presents a serious risk, enabling remote exploitation by attackers. Administrators are highly advised to apply the necessary patches without delay to protect against potential threats.
Vulnerability Name
CVE ID
Product Affected
Severity
Affected Version
Improper Authentication
CVE-2024-53704
SonicWall
High
7.1.x (7.1.1-7058 and older), 7.1.2-7019 8.0.0-8035
A privilege escalation vulnerability
CVE-2024-53706
SonicWall
High
7.1.x (7.1.1-7058 and older), 7.1.2-7019
A weakness in the SSLVPN authentication token generator
CVE-2024-40762
SonicWall
High
7.1.x (7.1.1-7058 and older), 7.1.2-7019
A server-side request forgery (SSRF) vulnerability
CVE-2024-53705
SonicWall
Medium
6.5.4.15-117n and older 7.0.x (7.0.1-5161 and older)
Technical Summary
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2024-53704
Gen7 Firewalls, Gen7 NSv, TZ80
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
Bypass authentication
CVE-2024-53706
Gen7 Cloud Platform NSv
A vulnerability in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only), allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.
Allow attackers to gain root privileges and potentially execute code.
CVE-2024-40762
Gen7 Firewalls, Gen7 NSv, TZ80
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.
Weak PRNG in authentication tokens can lead to authentication bypass in SSLVPN.
CVE-2024-53705
Gen6 Hardware Firewalls, Gen7 Firewalls, Gen7 NSv
A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.
Allow attackers to establish TCP connections to arbitrary IP addresses and ports
Remediation:
Update: Impacted users are recommended to upgrade to the following versions to address the security risk:
Firewalls Versions
Fixes and Releases
Gen 6 / 6.5 hardware firewalls
SonicOS 6.5.5.1-6n or newer
Gen 6 / 6.5 NSv firewalls
SonicOS 6.5.4.v-21s-RC2457 or newer
Gen 7 firewalls
SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher
TZ80: SonicOS
SonicOS 8.0.0-8037 or newer
Recommendations:
Patch Without Delay: Install the latest firmware update from SonicWall to resolve this vulnerability. Detailed instructions are available in SonicWall’s official advisory.
Monitor Network Activity: Regularly monitor network traffic for signs of suspicious or unauthorized access.
Limit Access: Restrict VPN access to trusted users and enforce Multi-Factor Authentication (MFA) for all accounts.
Stay Updated: Subscribe to SonicWall’s security alerts and updates to stay informed about upcoming vulnerabilities.
