VulnerabilityManagement

Security Advisory

Elastic Patched Critical Jinjava Template Injection in Elastic Cloud Enterprise(ECE) 

Summary : Security Advisory: Elastic disclosed vulnerability in Elastic Cloud Enterprise (ECE) that allows attackers with admin access to steal sensitive data or execute any commands through Jinjava template injection. This flaw impacts ECE versions from 2.5.0 up to and including 3.8.1, as well as versions 4.0.0 through 4.0.1.

OEM Elastic Cloud Enterprise (ECE) 
Severity Critical 
CVSS Score 9.1 
CVEs CVE-2025-37729 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview  

The vulnerability with CVE-2025-37729, affects multiple ECE versions starting from 2.5.0 up to and including 3.8.1, and versions starting from 4.0.0 up to and including 4.0.1. Users & Administrators are strongly advised to upgrade to the latest version of ECE immediately to stay protected. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Improper Neutralization of Special Elements Vulnerability  CVE-2025-37729 Elastic Cloud Enterprise  Critical v3.8.2 &  
v4.0.2 

Technical Summary 

Improper neutralization of special elements can be used to issuing commands via a specially crafted string where Jinjava variables are evaluated.

Malicious actors are exploiting due to an improper neutralization of special characters vulnerability in the Jinjava template engine used by ECE.

Attackers with admin-level access to the ECE admin console and deployments with the Logging+Metrics feature enabled can inject malicious Jinjava expressions through specially crafted payloads. This vulnerability can allow them to exfiltrate sensitive data or execute arbitrary command on the system.  

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025- 37729 Elastic Cloud Enterprise (ECE) v2.5.0-3.8.1, v4.0.0-v4.0.1 Improper sanitization of user-supplied input in Jinjava templates allows admin users to inject malicious expressions, enabling code execution and data exfiltration Sensitive Data Leakage, Arbitrary Command Execution, Potential Full System Compromise 

Recommendations: 

Upgrade the Elastic Cloud Enterprise versions to v3.8.2 and v4.0.2 or the latest one. 

Here are some recommendations below 

  • Keep admin access restricted to trusted accounts only for the ECE admin console. 
  • You can monitor the request logs for malicious payloads using the query payload.name : int3rpr3t3r or payload.name : forPath. Implement strict access controls and regularly audit admin privileges. 

Conclusion: 
This is critical vulnerability in Elastic Cloud Enterprise that could allow attackers to data exfiltration and arbitrary command execution.

Although exploitation needs administrative access, but its high impact makes it a major security risk & needs immediate action. Upgrading to the fixed version and applying recommended actions are strongly advised by the organizations to stay secure. 

References

 

Security Advisory

CrowdStrike Releases Security Updates for Falcon Sensor Windows Vulnerabilities 

Summary :  CrowdStrike recently disclosed and released patches for two medium-severity vulnerabilities affecting its Falcon sensor for Windows systems, identified as CVE-2025-42701 and CVE-2025-42706. These vulnerabilities allow attackers who already have code execution privileges on a targeted Windows host to delete arbitrary files, potentially destabilizing the Falcon sensor, other installed software, or even the operating system itself.

OEM CrowdStrike 
Severity Medium 
CVSS Score 6.5 
CVEs CVE-2025-42701, CVE-2025-42706 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

Notably, Falcon sensors for macOS and Linux are not affected, Users & Administrator using falcon sensor for windows update to the latest version. 

                Vulnerability Name CVE ID Product Affected Severity Fixed Version 
Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability  CVE-2025-42701 CrowdStrike Falcon Sensor for Windows  Medium 7.28.20008 and later 7.27.19909 7.26.19813 7.25.19707 7.24.19608 7.16.18637 (WIN7/2008 R2 only) 
Origin Validation Logic Error Vulnerability  CVE-2025-42706 CrowdStrike Falcon Sensor for Windows Medium 

Technical Summary 

The Falcon Sensor for Windows was found to contain security flaws that could permit a locally authenticated attacker with existing code execution privileges to delete arbitrary files on the affected system.

Race condition vulnerability caused by improper synchronization in the software’s operation timing, while the other vulnerability results from a logical error affecting file handling processes.

These issues could lead to significant disruption of security functions or system stability. Prompt remediation has been issued by CrowdStrike and there is currently no evidence of exploitation in active environments.  

CVE ID Platform Affected  Vulnerability Details Impact 
 CVE-2025-42701 CrowdStrike Falcon Sensor for latest Windows, Windows 7, Windows Server 2008 Time-of-check Time-of-use (TOCTOU) race condition due to a timing gap in handling file operations, which allows an attacker with prior local code execution to delete arbitrary files on the host system. Sensor disruption and file deletion. 
 CVE-2025-42706 CrowdStrike Falcon Sensor for latest Windows, Windows 7, Windows Server 2008 A logic error related to origin validation in the Falcon sensor’s file handling, enabling an attacker with existing code execution abilities to delete arbitrary files. Sensor disruption and file deletion. 

Recommendations 

Update CrowdStrike Falcon Sensor for Windows to the following patched versions or latest one  

  • 7.28.20008, 7.27.19909, 7.26.19813, 7.25.19707, 7.24.19608,  
  • 7.16.18637 (for Windows 7/2008 R2 only) 

Implement the following best practices to enhance overall security posture 

  • Regularly monitor and apply security updates and patches promptly to all endpoint protection software. 
  • Enforce the principle of least privilege by restricting user permissions and execution rights to minimize the risk from locally executed code. 
  • Enable logging and continuous monitoring within the Falcon platform to detect any suspicious activities related to file deletions or sensor tampering. 

Conclusion: 
CrowdStrike identified and promptly addressed two vulnerabilities in widely used falcon endpoint protection sensor for Windows. These issues, if left unpatched, could allow an attacker with existing local access to disrupt system stability by deleting critical files.

There is no active exploitation has been detected & CrowdStrike already released the patches. Users are strongly encouraged to apply the latest patches and follow best security practices to maintain system integrity and resilience against potential threats. 

References

  

Security Advisory

Critical Lua Sandbox Escape Flaw in Redis Allows Remote Code Execution (RCE)

Summary: Security Advisory: A critical vulnerability has been found in the Lua scripting engine of Redis, enabled by default in all versions, allows authenticated attackers to break out of the Lua sandbox and perform remote code execution (RCE) to gain full control of the affected system.

OEMRedis
SeverityCritical
CVSS Score10.0
CVEsCVE-2025-49844
POC AvailableYes
Actively ExploitedNo
Exploited in WildNo
Advisory Version1.0

Overview

Since Redis is used in most cloud environments the impact is highly critical. Redis team has released the patches and urged for immediate updates recommended to secure systems.

Vulnerability NameCVE IDProduct AffectedSeverityFixed Version
Lua Use-After-Free RCE Vulnerability  CVE-2025-49844All Redis Software & OSS/CE/Stack versions with Lua scripting  CriticalRedis Software: 7.22.2-12+, 7.8.6-207+, 7.4.6-272+, 7.2.4-138+, 6.4.2-131+ Redis OSS/CE: 8.2.2+, 8.0.4+, 7.4.6+, 7.2.11+ Redis Stack: 7.4.0-v7+, 7.2.0-v19+

Technical Summary

The vulnerability comes from a use-after-free (UAF) bug in Redis’s Lua scripting system, caused by improper checks during memory cleanup. Authenticated attackers can send malicious Lua scripts via EVAL or EVALSHA commands to manipulate memory, bypass the sandbox, and run arbitrary code. Even internal servers are at risk if attackers gain network access, making this flaw highly critical for both exposed and internal environments.

CVE IDSystem AffectedVulnerability DetailsImpact
CVE-2025-49844All Redis Software & OSS/CE/Stack below the fixed versionA user after free in the Lua garbage collector allows memory corruption via crafted scripts, enabling sandbox escape and RCERemote Code Execution

Recommendations

Upgrade to the below  fixed versions immediately.

  • Redis Software: 7.22.2-12+, 7.8.6-207+, 7.4.6-272+, 7.2.4-138+, 6.4.2-131+
  • Redis OSS/CE: 8.2.2+, 8.0.4+, 7.4.6+, 7.2.11+
  • Redis Stack: 7.4.0-v7+, 7.2.0-v19+

Here are some best practices

  • Enable Strong Authentication: Configure strong passwords on all the instances, ensure protected-mode is enabled (in CE and OSS) to prevent accidental exposure.
  • Network Controls: Restrict access to authorized IPs using firewalls or VPCs, limit access to trusted sources and prevent unauthorized connectivity.
  • Limit permissions: To enhance security, user needs to give minimum necessary permissions.
  • Monitoring: Check the logs to see if there are any suspicious activities.
  • Incident Response: If compromised, isolate systems, rotate credentials, and scan for malware.

Conclusion:
This is a critical vulnerability with a CVSS score of 10.0, affecting all Redis versions with Lua scripting. The widespread Redis usage, default insecure configurations makes this a critical threat. Immediate patching and hardening are essential to prevent full system compromise, data breaches, and further attacks.

References:

Security Advisory

Chrome Security Update Fixed Active Zero-Day Exploit & Multiple High-Severity Vulnerabilities 

Security advisory : Google has issued a Stable Channel Update for Chrome to address 4 high-severity vulnerabilities, including one zero-day vulnerability (CVE-2025-10585) actively exploited in the wild.

OEM Google 
Severity High 
CVSS Score N/A 
CVEs CVE-2025-10585, CVE-2025-10500, CVE-2025-10501, CVE-2025-10502 
POC Available No 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

This flaw, a Type Confusion in the V8 JavaScript and WebAssembly engine, can allow remote attackers to execute arbitrary code outside of Chrome’s security sandbox when users visit maliciously crafted web pages. Users and administrators are urged to update to the latest Chrome version immediately to mitigate potential exploitation 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​ Type Confusion in V8 Engine  CVE-2025-10585 Chrome (Windows, Mac, Linux)  High  140.0.7339.185/.186 

Technical Summary 

The zero-day vulnerability in Chrome’s V8 engine arises from a type of confusion flaw, where object types are misinterpreted, leading to logical errors and memory corruption.

Attackers can exploit this issue when users visit maliciously crafted websites, enabling arbitrary code execution and possible sandbox escape.

This flaw has been confirmed as actively exploited in the wild. In addition to this zero-day, the update also fixes three other high-severity issues, a use-after-free in the Dawn graphics abstraction layer that could lead to memory corruption, a use-after-free in WebRTC that may enable remote code execution, and a heap buffer overflow in ANGLE that could result in program crashes or arbitrary code execution. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-10585 Google Chrome (Windows, Mac, Linux) Type confusion in the V8 JavaScript engine could allow memory corruption, arbitrary code execution, and potential sandbox escape Remote Code Execution / Sandbox Escape 

Other Vulnerabilities  

In addition to the zero-day, Google patched three other high-severity vulnerabilities in the same stable channel release. 

Vulnerability Name CVE ID Affected Component Severity 
​Use-after-free in Dawn CVE-2025-10500 Chrome GPU Renderer Component (Dawn)  High 
Use-after-free in WebRTC CVE-2025-10501 Chrome WebRTC Audio/Video Communication Module High 
Heap Buffer Overflow in ANGLE CVE-2025-10502 Chrome Graphics Translation Engine (ANGLE) High 

Recommendations

Update Chrome immediately to the following versions: 

  • Windows/Mac: Chrome 140.0.7339.185/.186 
  • Linux: Chrome 140.0.7339.185 

Here are some Recommendations below 

  • Manual Update Check: Navigate to “Settings → Help → About Google Chrome” to trigger the update. 
  • Patch Management: Ensure enterprise update policies enforce Chrome auto-updates. 
  • Threat Monitoring: Keep monitoring logs for any signs of exploitation 

Conclusion: 
There are high vulnerabilities in Google Chrome, including an actively exploited zero-day flaw in the V8 JavaScript engine that poses a significant risk of remote code execution and sandbox escape.

Given the severity and confirmed exploitation in the wild, it is imperative that all users and administrators promptly update to the latest Chrome versions to mitigate potential attacks. Immediate action is essential to safeguard systems, data, and user privacy in light of these emerging threats. 

References

  • https://cybersecuritynews.com/google-chrome-0-day-vulnerability-exploited/  

Security Advisory

Spring Security & Framework Authorization Bypass Vulnerabilities Patched 

Security advisory: Two new security vulnerabilities have been discovered in the Spring Framework and Spring Security components identified as CVE-2025-41248 and CVE-2025-41249.

Severity Medium 
CVSS Score 4.4 
CVEs CVE-2025-41248, CVE-2025-41249 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

These issues affect applications that use method-level security annotations like @PreAuthorize to control access to certain methods or features. Under specific conditions when generics are used in parent classes or interfaces, these annotations may not be properly detected, which could allow unauthorized users to access restricted functionality. 

                Vulnerability Name CVE ID Product Affected Severity Fixed Version 
Spring Security Authorization Bypass Vulnerability  CVE-2025-41248 Spring Security  Medium 6.5.4 (Open Source) 6.4.10 (Open Source)  
Spring Framework Annotation Detection Vulnerability CVE-2025-41249 Spring Framework Medium 6.2.11 (Open Source) 6.1.23 (Commercial Support) 5.3.45 (Commercial Support)  

Technical Summary 

The vulnerability arises when Spring applications use inheritance (where a class inherits methods from another class) and generics (a way to define methods or classes that can handle different types of data) together. If a secured method, like one marked with the @PreAuthorize annotation (used to enforce security checks), is declared in a generic superclass or interface without clear type definitions, Spring might fail to recognize the security annotation at runtime. This means unauthorized users could potentially access these methods. This issue affects Spring Security versions 6.4.0 to 6.5.3 and Spring Framework versions 5.3.0 to 6.2.10. The Spring team has since released updates to better handle security annotations in such cases, ensuring proper authorization checks. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-41248 Spring Security 6.4.0 – 6.4.9 6.5.0 – 6.5.3 Spring Security may fail to detect method-level security annotations applied to generic superclasses or interfaces, resulting in unauthorized access. Unauthorized access  
CVE-2025-41249 Spring Framework 6.2.0 – 6.2.10 6.1.0 – 6.1.22 5.3.0 – 5.3.44 Older, unsupported versions are also affected.  Spring Framework does not consistently recognize security annotations on methods declared in generic superclasses or interfaces, which can lead to authorization bypass. Authorization bypass. 

Remediation

Users should immediately update to the latest patched versions of Spring Security and Spring Framework: 

Spring Security 
Affected Version Fix Version 
6.5.x 6.5.4 
6.4.x 6.4.10 
Spring Framework 
Affected Version Fix Version 
6.2.x 6.2.11 
6.1.x 6.1.23 
6.0.x N/A (OOS) 
5.3.x 5.3.45 

Conclusion: 
These vulnerabilities cause Spring Security and Spring Framework to sometimes miss detecting method-level security annotations in generic type hierarchies. This can allow unauthorized users to bypass authorization checks, exposing protected functionality. While the severity is medium, it is important to update to the fixed versions promptly and review security annotation usage on generics to maintain proper access control. 

References

 

Security Advisory

Angular SSR Vulnerability Allows Cross-Request Data Exposure (CVE-2025-59052) 

Security Advisory: A high security flaw was discovered in Angular’s server-side rendering (SSR) functionality that could lead to cross-request data leakage due to a global race condition. This is identified as CVE-2025-59052, affects multiple versions of Angular’s @angular/platform-server, @angular/ssr and @nguniversal/common packages.

With data breaches at highest, Organizations using vulnerable Angular versions should update immediately or implement recommended workarounds to avoid potential data breaches.

Severity High 
CVSS Score 7.1 
CVEs CVE-2025-59052 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

Angular is a popular open-source web application framework developed by Google, used to build dynamic, single-page applications (SPAs) and server-rendered apps using HTML, TypeScript and JavaScript.

When multiple SSR requests are processed concurrently, sensitive state information may be inadvertently shared, potentially exposing user tokens or private data across unrelated sessions. The Angular has released patches across all active branches and urges developers to update immediately. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​ Race condition vulnerability  CVE-2025-59052 Angular platform-server, ssr  High  v18.2.14, v19.2.15/16, v20.3.0, v21.0.0-next.3 

Technical Summary 

Angular uses a dependency injection (DI) container called the platform injector during SSR to hold request-specific data. This container was implemented as a global module-scoped variable, introducing a race condition when multiple requests were processed simultaneously.

This flaw could cause data meant for one user to be sent in the response to another, potentially leaking authentication tokens, headers, or private content.

Affected APIs include bootstrapApplicationgetPlatform, destroyPlatform. These changes introduce SSR-only breaking changes, with automatic migration schematics available through the Angular CLI update process. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-59052 Angular SSR v16 to v21 Race condition in global DI container during SSR could leak user data across requests Cross-Request Data Leakage 

Recommendations

Upgrade Angular packages to the latest patched versions: 

Package Affected Versions Fixed Versions 
@angular/platform-server >=16.0.0-next.0 <18.2.14 
>=19.0.0-next.0 <19.2.15 
>=20.0.0-next.0 <20.3.0 
>=21.0.0-next.0 <21.0.0-next.3 		18.2.14 
19.2.15 
20.3.0 
21.0.0-next.3 
@angular/ssr >=17.0.0-next.0 <18.2.21 
>=19.0.0-next.0 <19.2.16 
>=20.0.0-next.0 <20.3.0 
>=21.0.0-next.0 <21.0.0-next.3 		18.2.21 
19.2.16 
20.3.0 
21.0.0-next.3 

If Immediate Upgrade is Not Possible, you can follow the recommendations below 

  • Disable SSR via server routes or build configurations 
  • Remove asynchronous behavior from custom bootstrap functions 
  • Eliminate use of getPlatform() in server-side code 
  • Ensure ngJitMode is set to false in production builds 

Conclusion: 
The Angular SSR vulnerability CVE-2025-59052 is the high severity issue with global state management during concurrent request processing, resulting in potential cross-request data exposure.

Though not yet exploited in the wild, the risk is significant for SSR-enabled Angular apps. Developers are urged to apply updates promptly or follow the provided mitigation steps to secure their applications. 

As per reports this vulnerability requires no special privileges or user interaction, making it both easy to exploit and dangerous in high-traffic applications.

References

Hashtags 

#Infosec #CyberSecurity #Angular #SecurityAdvisory #WebSecurity #Vulnerabilitymanagement #DevSecOps #PatchManagement #CISO #CXO #Intrucept 

Security Advisory

Vulnerability in Spring Cloud Gateway Server WebFlux Discovered; Target of Ease by Attackers

Security Advisory: CVE-2025-41243, A critical vulnerability has been disclosed in Spring Cloud Gateway Server WebFlux. This vulnerability allows attackers to modify sensitive Spring Environment properties under specific configurations.

Severity Critical 
CVSS Score 10.0 
CVEs CVE-2025-41243 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

The vulnerability has been assigned the maximum CVSS score of 10.0. It arises when actuator endpoints are exposed without proper security controls, potentially allowing attackers to compromise application behavior. Organizations and users of affected versions are strongly urged to upgrade to the fixed releases. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
Spring Expression Language Property Modification  CVE-2025-41243  Spring Cloud Gateway WebFlux  Critical   v4.3.1,  
v4.2.5, v4.1.11, v3.1.11  

Technical Summary 

CVE-2025-41243 is a critical vulnerability occurs when the Spring Boot actuator is included as a dependency and the gateway actuator endpoint is explicitly exposed via the “management.endpoints.web.exposure.include=gateway” configuration.

In such cases, if actuator endpoints are unsecured or exposed to public networks, an attacker could exploit them to modify Spring Environment properties at runtime. This could cause unauthorized access, configuration tampering, and potential application compromise. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-41243    4.3.0 – 4.3.x 4.2.0 – 4.2.x 4.1.0 – 4.1.x 4.0.0 – 4.0.x 3.1.0 – 3.1.x Older, unsupported versions   Improperly secured actuator endpoints in Spring Cloud Gateway WebFlux allow unauthorized modification of Spring Environment properties. Unauthorized access potential privilege escalation 

Remediation – 

Upgrade Immediately patch to fixed versions: 

Affected Version Range Upgrade To 
4.3.x 4.3.1 
4.2.x 4.2.5 
4.1.x and 4.0.x 4.1.11 
3.1.x 3.1.11 
Unsupported versions Migrate to a supported release 

If you are unable to upgrade right now, here are the recommendations below 

  • Remove gateway from the “management.endpoints.web.exposure.include” property or secure the actuator endpoints. 
  • Secure actuator endpoints with proper authentication and access controls. 
  • Regularly audit and harden application configuration files. 
  • Monitor application and network logs for suspicious activity or unauthorized access attempts. 
  • Implement firewall rules or reverse proxies to restrict access to sensitive endpoints. 
  • Ensure all systems follow patch management and update policies. 

Conclusion 
CVE-2025-41243 is a critical vulnerability affecting Spring Cloud Gateway WebFlux, allowing remote attackers to modify environment properties when actuator endpoints are misconfigured and exposed.

While no active exploitation has been observed in the wild, vulnerability poses a high risk to application integrity and security due to its CVSS score of 10.0 and ease of exploitation in exposed systems.

Organizations are strongly advised to upgrade to the fixed versions, secure actuator endpoints, and follow best practices to reduce attack surface and prevent future exploitation. 

References 

Security Advisory

Critical WhatsApp Zero-Day Vulnerability Allows Remote Code Execution  

Summary 

OEM WhatsApp 
Severity Medium 
CVSS Score 5.4 
CVEs CVE-2025-55177 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

A security vulnerability recently discovered in WhatsApp’s linked device feature that allows users to access WhatsApp across multiple devices, such as phones and computers.

CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting its significance. The flaw allows attackers to send crafted messages that forced WhatsApp to load malicious content from a rogue website without any user interaction. WhatsApp and Apple already patched the issue and users are urged to update their apps immediately to stay protected.

                Vulnerability Name CVE ID Product Affected Severity Fixed Version 
WhatsApp Incorrect Authorization Vulnerability  CVE-2025-55177 WhatsApp  Medium 2.25.21.73 and later. 
 
WB iOS 2.25.21.78 and later.  
WhatsApp Desktop for Mac 2.25.21.78 and later. 

Technical Summary 

The vulnerability was due to incomplete authorization of synchronization messages in WhatsApp’s linked device feature. This flaw allowed an attacker to send crafted sync messages that could trick WhatsApp into processing content from an arbitrary URL, even if the message came from an untrusted source.

This could result in WhatsApp loading and executing malicious content on the target device without any user interaction. The impact of the attack was significantly increased when combined with a separate Apple OS vulnerability (CVE-2025-43300), making it suitable for sophisticated, targeted exploitation.

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-55177 WhatsApp for iOS (v2.22.25.2 to v2.25.21.72) 
 WhatsApp Business for iOS (v2.22.25.2 to v2.25.21.77) 
 WhatsApp Desktop for Mac (v2.22.25.2 to v2.25.21.77		Incomplete authorization in the linked device sync feature allowed attackers to send crafted sync messages that caused WhatsApp to load content from an arbitrary URL without user interaction. This could be used to execute malicious code on the device. Remote code execution,.  Potential full device compromise.  

Remediation

Update the WhatsApp in iOS and mac devices to the latest version 

  • WhatsApp for iOS: Update to v2.25.21.73 or latest version 
  • WhatsApp Business for iOS: Update to v2.25.21.78 or latest version  
  • WhatsApp Desktop for Mac: Update to v2.25.21.78 or latest version 

Conclusion: 
The WhatsApp vulnerability highlights the growing risks of zero-click attacks, where devices can be compromised without any user interaction. This flaw has been exploited in targeted attacks and poses a serious threat to user security and privacy. It is important for all users to keep their apps and operating systems up to date and follow trusted security recommendations

References

Security Advisory

Chrome Update Released, Fixes RCE & Multiple Vulnerabilities

Summary 

OEM Google Chrome 
Severity High 
CVSS Score 8.8 
CVEs CVE-2025-9864, CVE-2025-9865, CVE-2025-9866, CVE-2025-9867 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

Several security vulnerabilities were recently identified in Chromium-based browsers, affecting components such as the V8 JavaScript engine, Toolbar, Extensions and Downloads. The high severity vulnerability, use-after-free issue, could allow attackers to execute arbitrary code.

Additional medium-severity bugs were found in the Toolbar, Extensions, and Downloads components. The Chrome team has started rolling out Chrome 140 to the stable channel, and users are urged to update their browsers to stay protected. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Use-after-free vulnerability in V8  CVE-2025-9864 Chrome  High  v140.0.7339.80/81 
​Inappropriate implementation vulnerability in Toolbar  CVE-2025-9865 Chrome  Medium  v140.0.7339.80/81 
Inappropriate implementation vulnerability in Extensions  CVE-2025-9866 Chrome  Medium  v140.0.7339.80/81 
Inappropriate implementation vulnerability in Downloads  CVE-2025-9867 Chrome  Medium  v140.0.7339.80/81 

Technical Summary 

Multiple vulnerabilities were addressed in Google Chrome prior to version 140.0.7339.80. The most critical, CVE-2025-9864, is a use-after-free issue in the V8 JavaScript engine that allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Other medium-severity issues include a Toolbar vulnerability on Android that could be exploited via specific user gestures to spoof domains, a security gap in Extensions allowing attackers to bypass content security policies, and a Downloads flaw on Android that enabled UI spoofing through manipulated web pages.

These could allow attackers to misuse Chrome’s features or gain higher system privileges.  

CVE ID System Affected  Vulnerability Details Impact 
 CVE-2025-9864  Chrome v139 and prior Use-after-free in V8 engine could allow attackers to execute arbitrary code via malicious webpage  Remote Code Execution 
 CVE-2025-9865  Chrome v139 and prior Improper handling Chrome’s Toolbar component could allow attackers misuse browser functions or gain privilege access  Domain Spoofing / UI Spoofing
 CVE-2025-9866  Chrome v139 and prior Inappropriate implementation in Chrome’s Extensions system, could allow attackers misuse or bypass content security policy  Content Security Policy Bypass
 CVE-2025-9867  Chrome v139 and prior Improper validation in Chrome’s Downloads could allow attackers to perform UI spoofing via crafted HTML   UI Spoofing 

Remediation

References

  • https://gbhackers.com/chrome-140-release/

Security Advisory

Fake Govt & Banking Apps Spreading Android Droppers Evolved as Malware

Security Advisory:  

Cybersecurity researchers have discovered a major shift in how Android malware is being delivered. Dropper apps, which were earlier used mainly to distribute banking trojans.

The Malware’s being used to deliver simpler threats like SMS stealers and basic spyware as official government or banking apps, primarily targeting users in India, Southeast Asia, and some parts of Europe. 

ThreatFabric researchers warn of a shift in Android malware: dropper apps now deliver not just banking trojans, but also SMS stealers and spyware, mainly in Asia.

Vulnerability Details 

The recent surge in Android dropper apps introduces a critical security vulnerability affecting mobile users globally. These droppers are impersonating as banking apps, government services, or trading platforms,, bypass Google Play

Pilot Program by initially requesting minimal permissions to avoid detection, making them appear as legitimate applications.

Once installed, they fetch malicious payloads like spyware, SMS stealers, cryptocurrency miners, and banking trojans from remote servers. Attackers also exploit malvertising campaigns on social media to spread fake apps widely. This evolving tactic enables cybercriminals to switch payloads dynamically, making traditional security measures less effective and increasing the risk of data theft and device compromise. 

Source: cybersecuritynews 

Attack Flow 

Step Description 
1. Craft Attackers create malicious dropper apps disguised as government schemes, banking apps, or trading tools. These apps are designed to look harmless and request only minimal permissions initially. 
2. Send The droppers are distributed through third-party APK sites, malicious ads (e.g., Facebook), or fake update prompts, bypassing initial detection. 
3. Trigger The victim downloads and installs the dropper app, often believing it’s legitimate due to its official-looking design and branding. 
4. Execution When the user clicks “Update” or interacts with the app, the dropper fetches the real malicious payload (spyware, SMS stealer, or banking trojan) from a remote server. 
5. Exploit The installed malware requests high-risk permissions, such as SMS access or notification access, allowing attackers to steal data, track activities, or control the device remotely. 

Proof-of-Concept 

Once the user interacts, the dropper initiates an HTTPS request to a remote server 

Source: cybersecurity news 

Why It’s Effective 

Dynamic Payload Delivery – Attackers hide the real malicious file inside a harmless-looking dropper app. The payload is only downloaded after user interaction, making it harder to detect. 

Permission Evasion – Droppers initially request minimal or safe permissions and only ask for high-risk permissions (like SMS or accessibility access) after installation, bypassing Google Play Protest’sProtects initial scans. 

Fake Update Screens – Many droppers display legitimate looking “Update Required” prompts to trick users into downloading malware, increasing their success rate. 

Recommendations: 

Download Apps Safely  

  • Install apps only from trusted sources like Google Play Store, Apple store etc. 
  • Avoid third-party APKs, unknown links, or apps promoted through social media ads. 

Check Permissions Carefully  

  • Do not grant unnecessary permissions like SMS, notifications, or accessibility dependent on the app services. 
  • Always review requested permissions before installing or updating an app. 

Keep Devices Secure  

  • Enable Google Play Protect and keep your Android security patches up to date. 
  • Use a reliable mobile security solution for real-time malware detection. 

Stay Alert and Aware  

  • Be aware of fake update prompts; apps, and malicious sites. 
  • Stay updated on the latest tactics used by Android malware 

Conclusion: 

  • Android droppers are evolving fast, making them more flexible and harder to detect, increasing risks for both individuals and organizations.
  • Droppers started as tools for advanced banking malware, but now they’re used to install all kinds of harmful apps and sneak past local security.  
  • It is always recommended to stay vigilant, keep your phone and software updated from the original source  and avoid unverified apps installation to minimize the risk of infection. 

References

Scroll to top