#vulnerabilities

#vulnerabilities

A leak happened here somewhere,” Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register. “And now you’ve got a zero-day exploit in the wild, and worse than that, you’ve got a zero-day exploit in the wild that bypasses the patch, which came out the next day.

In the first half of 2025, it was observed that groups affiliated with China targeted key sectors like telecommunications and semiconductors through advanced cyber espionage activities.

The number of CVE reports is projected to exceed 40,000 in 2025, with an average of 131 reports per day observed in early 2025.

CVE-2025-32462 has received a lower CVSS score due to the conditions that are needed. Namely, successful execution would require someone to make a misconfiguration and deploy a Sudoers file with an incorrect host for this vulnerability to work.

Cybersecurity researchers revealed that a critical vulnerability, CVE-2025-5777, in Citrix network management devices has been exploited for over a month, contradicting Citrix's claims.

Bobby Cooke from IBM X-Force Red confirmed that the Microsoft Teams application was 'a viable WDAC bypass,' demonstrating significant security vulnerabilities in Windows Defender.

Cybersecurity researchers discovered over 20 misconfigurations in Salesforce Industry Cloud, putting sensitive data at risk of exposure to unauthorized access.

Adobe's June 2025 updates address 254 CVEs across multiple products, prioritizing those in Commerce and introducing a substantial fix for Experience Manager, despite no known exploits.

The Orca Security report reveals that while AI adoption in cloud environments has reached 84%, 62% of organizations still have vulnerable AI packages, highlighting significant security risks.