Article Details

⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More. If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready. Below, we list the urgent updates you need to install right now to stop these active threats. ⚡ Threat of the Week Apple and Google Release Fixes for Actively Exploited Flaws — Apple released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari web browser to address two zero-days that the company said have been exploited in highly targeted attacks. CVE-2025-14174 has been described as a memory corruption issue, while the second, CVE-2025-43529, is a use-after-free bug. They can both be exploited using maliciously crafted web content to execute arbitrary code. CVE-2025-14174 was also addressed by Google in its Chrome browser since it resides in its open-source Almost Native Graphics Layer Engine (ANGLE) library. There are currently no details on how these flaws were exploited, but evidence points to it likely having been weaponized by commercial spyware vendors. The CISO Org Chart Playbook This playbook is for security leaders who are scaling CloudSec teams and need a structure that keeps up with cloud complexity. Built specifically for modern cloud-forward security teams, it breaks down how CISOs are structuring cloud security functions today – including emerging roles, team models, reporting lines, and practical templates for planning headcount and responsibilities across cloud, AppSec, platform security, and more. 🔔 Top News ‎️‍🔥 Trending CVEs Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week’s most serious security flaws. Check them, fix what matters first, and stay protected. This week’s list includes — CVE-2025-43529, CVE-2025-14174 (Apple), CVE-2025-14174 (Google Chrome), CVE-2025-55183, CVE-2025-55184, CVE-2025-67779 (React), CVE-2025-8110 (Gogs), CVE-2025-62221 (Microsoft Windows), CVE-2025-59718, CVE-2025-59719 (Fortinet), CVE-2025-10573 (Ivanti Endpoint Manager), CVE-2025-42880, CVE-2025-55754, CVE-2025-42928 (SAP), CVE-2025-9612, CVE-2025-9613, CVE-2025-9614 (PCI Express Integrity and Data Encryption protocol), CVE-2025-27019, CVE-2025-27020 (Infinera MTC-9), CVE-2025-65883 (Genexis Platinum P4410 router), CVE-2025-64126, CVE-2025-64127, CVE-2025-64128 (Zenitel TCIV-3+), CVE-2025-66570 (cpp-httplib), CVE-2025-63216 (Itel DAB Gateway), CVE-2025-63224 (Itel DAB Encoder) CVE-2025-13390 (WP Directory Kit plugin), CVE-2025-65108 (md-to-pdf), CVE-2025-58083 (General Industrial Controls Lynx+ Gateway), CVE-2025-66489 (Cal.com), CVE-2025-12195, CVE-2025-12196, CVE-2025-11838, CVE-2025-12026 (WatchGuard), CVE-2025-64113 (Emby Server), CVE-2025-66567 (ruby-saml), CVE-2025-24857 (Universal Boot Loader), CVE-2025-13607 (D-Link DCS-F5614-L1, Sparsh Securitech, Securus CCTV), CVE-2025-13184 (TOTOLINK AX1800), CVE-2025-65106 (LangChain), CVE-2025-67635 (Jenkins), CVE-2025-12716, CVE-2025-8405, CVE-2025-12029, CVE-2025-12562 (GitLab CE/EE), and CVE-2025-64775 (Apache Struts 2). 📰 Around the Cyber World 🎥 Cybersecurity Webinars 🔧 Cybersecurity Tools Disclaimer: These tools are for learning and research only. They haven’t been fully tested for security. If used the wrong way, they could cause harm. Check the code first, test only in safe places, and follow all rules and laws. Conclusion We listed a lot of fixes today, but reading about them doesn't secure your device—installing them does. The attackers are moving fast, so don't leave these updates for 'later.' Take five minutes right now to check your systems, restart if you need to, and head into the weekend knowing you are one step ahead of the bad guys.