U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week, Apple and […]

CISA BlueHammer (CVE-2026-33825)

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the flaws added to the catalog:

  • CVE-2025-43529 – Apple Multiple Products Use-After-Free WebKit Vulnerability;
  • CVE-2025-14611 – Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability;

Last week, Apple and Google both pushed out urgent security updates after uncovering a highly targeted attacks against an unknown number of users. The attacks abused zero‑day vulnerabilities in their software. The campaigns appear to involve nation-state actors and commercial spyware vendors, with a focus on specific high‑value individuals rather than mass exploitation.

Apple released updates for iPhones, iPads, Macs, and more, fixing two WebKit flaws (CVE-2025-14174, CVE-2025-43529) likely exploited in targeted iOS 26 attacks.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.” states the advisory.

Apple and Google did not provide further information on the attacks. 

The vulnerability CVE-2025-43529 is a use-after-free flaw in Apple’s WebKit engine, the component responsible for processing web content. When WebKit mishandles memory, it may continue to access a portion of memory after it has already been freed. By delivering specially crafted web content, an attacker can trigger this condition, causing memory corruption. In practice, this can lead to application crashes or, in more serious cases, arbitrary code execution. The issue affects Safari and any Apple or third-party applications that rely on WebKit to parse and render HTML across iOS, iPadOS, macOS, and related platforms.

The second issue added to the catalog is CVE-2025-14611, a hardcoded cryptographic keys vulnerability in Gladinet CentreStack and TrioFox, where fixed AES encryption keys are embedded directly in the software. Because these keys are not unique or secret, attackers can recover them and decrypt or manipulate protected data. When this weak encryption is used on publicly exposed endpoints, it significantly reduces security. An unauthenticated attacker can exploit the issue with a specially crafted request to bypass protections and potentially achieve arbitrary local file inclusion, allowing access to sensitive files on the underlying system.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by January 5, 2026.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)