#vulnerabilities

#vulnerabilities

Based on over 4,400 Java tasks, the report finds that depending on which of the four levels of reasoning capabilities that OpenAI now makes available, the overall quality of the code, especially in terms of the vulnerabilities generated, significantly improves. However, the overall volume of code being generated per task also substantially increases, which creates additional maintenance challenges for application developers that are not going to be familiar with how code might have been constructed in the first place.

At least one implementation of the end-to-end encryption solution endorsed by ETSI has a similar issue that makes it equally vulnerable to eavesdropping.

CISA analysed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.

The first vulnerability (CVE-2025-23320 - 7.5) relates to a bug in the Python backend, triggered by exceeding the shared memory limit, using a very large request.

A leak happened here somewhere,” Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register. “And now you’ve got a zero-day exploit in the wild, and worse than that, you’ve got a zero-day exploit in the wild that bypasses the patch, which came out the next day.

In the first half of 2025, it was observed that groups affiliated with China targeted key sectors like telecommunications and semiconductors through advanced cyber espionage activities.

The number of CVE reports is projected to exceed 40,000 in 2025, with an average of 131 reports per day observed in early 2025.

CVE-2025-32462 has received a lower CVSS score due to the conditions that are needed. Namely, successful execution would require someone to make a misconfiguration and deploy a Sudoers file with an incorrect host for this vulnerability to work.

Cybersecurity researchers revealed that a critical vulnerability, CVE-2025-5777, in Citrix network management devices has been exploited for over a month, contradicting Citrix's claims.

Bobby Cooke from IBM X-Force Red confirmed that the Microsoft Teams application was 'a viable WDAC bypass,' demonstrating significant security vulnerabilities in Windows Defender.

Adobe's June 2025 updates address 254 CVEs across multiple products, prioritizing those in Commerce and introducing a substantial fix for Experience Manager, despite no known exploits.