Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV.
Separately, Microsoft is aware of existing public disclosure for one other freshly published vulnerability. Microsoft’s luck holds for a ninth consecutive Patch Tuesday, since neither of today’s zero-day vulnerabilities are evaluated as critical severity at time of publication. Today also sees the publication of eight critical remote code execution (RCE) vulnerabilities.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- CISA Releases Two Industrial Control Systems Advisories
November 17, 2022
CISA has released two (2) Industrial Control Systems (ICS) advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-321-01 Red Lion Crimson ICSA-22-321-02 Cradlepoint IBR600 Read more… Source: U.S. Cybersecurity and Infrastructure Security ...
- F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ
November 17, 2022
F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints. While these flaws require specific criteria to exist, making them very difficult to exploit, F5 warns that it could lead to a complete compromise of the devices. The first flaw is ...
- Pilfered Keys: Free App Infected by Malware Steals Keychain Data
November 16, 2022
Today, malware spreads easily, infecting computers of various users. Commonly found on filesharing websites, they disguise themselves as normal applications. Users are then enticed to download them to save money on those programs. However, users risk their security in doing so. Free apps that are infected by a trojan will also affect users who download ...
- CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network
November 16, 2022
Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware ...
- Electricity/Energy Cybersecurity: Trends & Survey Response
November 16, 2022
Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, we will discuss the characteristics of each industry, the motivations and ...
- Cyber vulnerability in networks used by spacecraft, aircraft and energy generation systems
November 15, 2022
A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA. It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by ...