Security researchers provided a deep-dive into a high-profile vulnerability in Apple’s iOS.Designated CVE-2025-24200, the vulnerability is classified as an authentication bypass flaw related to the way iOS devices interact with USB connections. The flaw was made public with the release of iOS 18.3.1, which resolves the issue.Credit for discovery of the vulnerability was given to … Read more
Jan 04, 2025Ravie LakshmananVulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It … Read more
Microsoft Threat Intelligence on Oct. 17 warned security teams that Microsoft Defender for Endpoint detected that Adload malware exploited a previously patched macOS vulnerability. Referred to as the HM Surf vulnerability, the flaw — CVE-2024-44133 — lets attackers bypass the transparency, consent, and control (TCC) protections for the Safari browser directory, giving attackers unlimited access … Read more
Apache patched a bypass vulnerability in its extensively used Apache OFBiz open-source enterprise useful resource and planning software program that would have led to an unauthenticated distant code execution on the Linux and Home windows platforms. In a Sept. 5 weblog submit, researchers at Rapid7 defined that even an attacker missing legitimate credentials may exploit … Read more
