Critical VMware Vulnerabilities Exploited in the Wild – Patch Immediately
Broadcom released a security alert on Tuesday morning to warn VMware customers about three zero-days that have been exploited in the wild.
Continue ReadingInfosec
Critical Vulnerabilities in IBM Storage: Authentication Bypass and Code Execution Risks
Critical Vulnerabilities in IBM Storage:
Continue Reading
Decade-Old Threat: CVE-2018-8639 Still Poses Risks to Unpatched Windows Systems
CVE-2018-8639 is a privilege escalation flaw in the Win32k component of Microsoft Windows that lets attackers run any code in kernel mode. This vulnerability, which was first fixed by Microsoft in December 2018, still poses a risk to unpatched computers.
| OEM | Microsoft |
| Severity | High |
| CVSS | 7.8 |
| CVEs | CVE-2018-8639 |
| Exploited in Wild | Yes |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview on Vulnerability
The vulnerability gives hackers the ability to install persistent malware, get around security measures, and alter system operations covertly. The Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, further highlighting its ongoing threat.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Privilege Escalation Vulnerability | CVE-2018-8639 | Windows | High |
Technical Summary
The vulnerability exists within the Win32k.sys driver, which handles graphical user interface (GUI) interactions.
Designated as CWE-404: Improper Resource Shutdown or Release, the flaw enables authenticated local attackers to improperly release system resources, leading to privilege escalation. Exploiting this vulnerability grants kernel-mode execution rights, allowing attackers to bypass security mechanisms, install persistent malware, and manipulate system functions without detection.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2018-8639 | Windows 7, 8.1, 10, RT 8.1, Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019 | Improper Resource Shutdown or Release in Win32k.sys driver, enabling privilege escalation. | System compromise, unauthorized access, potential malware persistence |
Remediation:
- Organizations and individuals must apply Microsoft’s security updates released in December 2018 (KB4483235) to mitigate the risk.
- Additionally, it is essential to apply all available updates from Windows to ensure comprehensive protection against known vulnerabilities.
General Recommendations:
- Implement network segmentation to isolate critical assets and minimize the impact of potential security breaches.
- Adopting the principle of least privilege (PoLP) to limit user access.
- Continuous monitoring of anomalous kernel-mode activities.
Conclusion:
Unpatched Windows systems are particularly vulnerable, especially in industrial control systems (ICS) and healthcare facilities where obsolete software is ubiquitous. While Microsoft has fixed the issue, firms that rely on legacy systems must implement additional security measures. Cyber adversaries are always refining their exploitation techniques, making proactive security strategies critical to reducing risk.
References:
- https://nvd.nist.gov/vuln/detail/cve-2018-8639
- https://github.com/ze0r/CVE-2018-8639-exp
Wazuh Server Vulnerability (CVE-2025-24016) Exposes Systems to RCE Attacks
Wazuh Server Vulnerability
Continue Reading
High-Severity DoS Vulnerability in Cisco NX-OS Software
MPLS Encapsulated IPv6 Denial of Service Vulnerability
| OEM | CISCO |
| Severity | High |
| CVSS score | 7.4 |
| CVEs | CVE-2025-20111 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
A high-severity vulnerability (CVE-2025-20111) in Cisco Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode could allow unauthenticated attackers to trigger a denial-of-service (DoS) condition by sending crafted ethernet frames, leading to unexpected device reloads.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Denial of service vulnerability | CVE-2025-20111 | Cisco Nexus | High |
Technical Summary
The vulnerability originates from improper handling of specific Ethernet frames within the health monitoring diagnostics of Cisco Nexus switches.
An unauthenticated, adjacent attacker can exploit this flaw by sending a sustained rate of crafted Ethernet frames to a vulnerable device. Successful exploitation results in repeated device reloads, disrupting network operations and potentially impacting high-availability environments.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-20111 | Nexus 3000 Series: 3100, 3200, 3400, and 3600 models Nexus 9000 Series: 9200, 9300, and 9400 switches running standalone NX-OS | Improper handling of specific Ethernet frames in health monitoring diagnostics | Repeated device reboots, potential network downtime |
Remediation:
- Apply Software Updates: Cisco has released patched software versions to address the vulnerability. Network administrators should upgrade affected devices immediately.
- Use Cisco Software Checker: Organizations should verify their exposure using Cisco’s Software Checker tool to identify the earliest fixed release.
- Implement Workarounds: If immediate patching is not feasible, organizations can mitigate risks using Access Control Lists (ACLs) to filter anomalous Ethernet frames targeting the health monitoring subsystem.
Conclusion:
CVE-2025-20111 presents a significant risk to enterprise and data center networks relying on Cisco Nexus switches. While there is no known active exploitation, organizations should prioritize patching and mitigation strategies to prevent service disruptions. Proactive monitoring and adherence to Cisco’s security advisories will help ensure network resilience against potential exploitation.
References:
Critical WordPress Security Flaw in Everest Forms Plugin
UAE Cyber Security Council has observed a critical vulnerability in Everest Forms WordPress
plugin
Apple’s USB Restricted Mode Exploited in Targeted Attacks
| OEM | Apple |
| Severity | High |
| CVSS | Not Assigned |
| CVEs | CVE-2025-24200 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
Apple has issued emergency security patches to mitigate a zero-day vulnerability, CVE-2025-24200, which has been actively exploited in sophisticated attacks targeting specific individuals. The flaw allows attackers to bypass USB Restricted Mode on a locked device, potentially exposing sensitive data. Initially identified by The Citizen Lab, this vulnerability is believed to have been leveraged in real-world scenarios against high-profile targets. Apple has responded by enhancing state management in iOS 18.3.1 and iPadOS 18.3.1 to prevent exploitation.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| USB Restricted Mode Bypass Vulnerability | CVE-2025-24200 | Apple | High |
Technical Summary
The vulnerability, tracked as CVE-2025-24200, affects USB Restricted Mode, a security feature introduced in 2018 to prevent data transfer over USB when a device remains locked for seven days. A flaw in the Accessibility framework allows an attacker with physical access to disable USB Restricted Mode, bypassing this protection and potentially accessing sensitive data.
Apple has mentioned “This issue has been exploited in extremely sophisticated attacks against specific individuals.” The vulnerability was discovered by Bill Marczak, a senior researcher at The Citizen Lab.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24200 | iPhone XS and later iPad Pro (13-inch) iPad Pro 12.9-inch (3rd generation and later) iPad Pro 11-inch (1st generation and later) iPad Air (3rd generation and later) iPad (7th generation and later) iPad mini (5th generation and later) | A flaw in the Accessibility framework allows a physical attacker to disable USB Restricted Mode, bypassing protections designed to prevent unauthorized data transfer. | Unauthorized access to sensitive data |
Remediation:
- Users are strongly advised to update their devices to the latest versions:
- iOS: Update to version 18.3.1
- iPadOS: Update to version 18.3.1
- To update your device, go to Settings > General > Software Update, and follow the on-screen instructions.
Conclusion
The CVE-2025-24200 vulnerability poses a serious risk to device security, particularly for individuals targeted in sophisticated cyberattacks. While the exploitation has been limited to specific individuals, all users of affected devices should install the latest updates immediately to mitigate potential risks. Apple remains committed to user security by addressing vulnerabilities promptly and ensuring continuous protection against emerging threats.
References:
- ‹ Previous
- 1
- 2