Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV.
Separately, Microsoft is aware of existing public disclosure for one other freshly published vulnerability. Microsoft’s luck holds for a ninth consecutive Patch Tuesday, since neither of today’s zero-day vulnerabilities are evaluated as critical severity at time of publication. Today also sees the publication of eight critical remote code execution (RCE) vulnerabilities.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- CISA adds 8 vulnerabilities to list of actively exploited bugs
January 31, 2022
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they’re a mix of old and new. The goal of publishing these vulnerabilities is to raise awareness and remind federal organizations of their obligation to apply security updates ...
- Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
January 31, 2022
A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug (UXSS) Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by the ...
- 277,000 routers exposed to Eternal Silence attacks via UPnP
January 31, 2022
A malicious campaign known as ‘Eternal Silence’ is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors. UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding ...
- QNAP warns NAS users of DeadBolt ransomware, urges customers to update
January 27, 2022
Taiwanese network-attached storage giant QNAP urged its customers to update their systems this week after the DeadBolt ransomware was discovered targeting all NAS instances exposed to the internet. “QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP NAS and routers, and immediately update QTS to the ...
- Vulnerability in Apple iOS, iPad OS and MacOS could lead to disclosure of sensitive memory data
January 25, 2022
Cisco Talos recently discovered an out-of-bounds read vulnerability in Apple’s macOS and iOS operating systems that could lead to the disclosure of sensitive memory content. An attacker could capitalize on that information to aid in the exploitation of other vulnerabilities This vulnerability specifically exists in the DDS image parsing functionality of Apple’s ImageIO library that exists ...
- CISA adds 17 vulnerabilities to list of bugs exploited in attacks
January 22, 2022
This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies. “Binding Operational Directive ...