Security Affairs
Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

Microsoft Patch Tuesday security updates for September 2025 fixed 80 vulnerabilities, including two publicly disclosed zero-day flaws. Microsoft Patch Tuesday security updates for September 2025 addressed 80 vulnerabilities in Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, Hyper-V, SQL Server, Defender Firewall Service, and Xbox (yup – Xbox!). Eight of the […]

Microsoft Patch Tuesday

Microsoft Patch Tuesday security updates for September 2025 fixed 80 vulnerabilities, including two publicly disclosed zero-day flaws.

Microsoft Patch Tuesday security updates for September 2025 addressed 80 vulnerabilities in Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, Hyper-V, SQL Server, Defender Firewall Service, and Xbox (yup – Xbox!).

Eight of the flaws fixed by Microsoft are rated Critical in severity, and the rest are rated Important.

Two of these vulnerabilities are publicly disclosed zero-day flaws, and neither has been actively exploited in the wild. All vulnerabilities are rated as “exploitation less likely” or “exploitation unlikely.”

The two publicly disclosed zero-days are CVE-2025-55234 (CVSS score of 8.8) and CVE-2024-21907 (CVSS score of 7.5). CVE-2025-55234 affects Windows SMB Server, enabling relay attacks that could escalate privileges; Microsoft advises enabling SMB signing and EPA, though they may cause legacy compatibility issues, and has added auditing features in the Sept 2025 updates. CVE-2024-21907, disclosed in 2024, impacts Newtonsoft.Json in SQL Server, where crafted data can trigger a StackOverflow exception and denial of service, now fixed in updated libraries.

The most severe flaw, tracked as CVE-2025-55232 (CVSS score of 9.8), is a Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability. It resides in Microsoft HPC Pack and allows remote, unauthenticated code execution without user interaction, making it potentially wormable. Microsoft urges deploying clusters in secure enclaves, blocking TCP port 5999, and prioritizing patching.

“An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.” reads the advisory published by Microsoft,

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Patch Tuesday)