Alerts

Ivanti has released a security update to fix several vulnerabilities affecting multiple Ivanti products. The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, obtain sensitive information, perform denial of service attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one actively exploited zero-day vulnerability. Microsoft has fixed (134) vulnerabilities as they could allow the attacker to gain elevated privileges, bypass security restrictions, disclose sensitive information, perform spoofing or execute arbitrary code, and gain access to the affected

Microsoft has released an updated Microsoft Edge stable channel “135.0.3179.54” to address multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, gain elevated privileges, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: 1.

Google has released an updated Chrome version “135.0.7049.52” for Linux and version “135.0.7049.41/42” for Windows and Mac The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, gain elevated privileges, or access sensitive information through malicious web pages. Sample of the addressed vulnerabilities: 1. Google Chrome Use After Free in Navigations Vulnerability (CVE-2025-3066):

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks or perform denial of service attacks on the affected product. Sample of the addressed vulnerabilities: 1. Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service Vulnerability (CVE-2025-20212): CVSS:

Splunk has released security updates to fix multiple vulnerabilities affecting several Splunk products and third-party components. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, gain elevated privileges, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Code Execution Vulnerability through File

Google has released an updated Chrome version “134.0.6998.177/.178” for Windows to fix a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to bypass Chrome sandbox protections and infect systems with sophisticated malware. Google Chrome Browser’s Sandbox Security Bypass (CVE-2025-2783): CVSS: 8.3 Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required

VMware has released a security update to fix a vulnerability across VMware Tools for Windows. The addressed vulnerability could allow the attacker with non-administrative privileges on a Windows guest VM to bypass security restrictions and gain the ability to perform certain high-privilege operations within that VM. VMware Tools Authentication Bypass Vulnerability (CVE-2025-22230): CVSS: 7.8 Attack

Microsoft has released an updated Microsoft Edge stable channel “134.0.3124.83” to address multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected systems by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: 1. Microsoft Edge (Chromium-based)

Apache has released a security update to address a vulnerability affecting multiple versions of Apache Tomcat. The addressed vulnerability could allow the remote attacker to obtain sensitive information, manipulate data, or execute arbitrary code and gain access to the affected systems. Apache Tomcat Code Execution Vulnerability (CVE-2025-24813): CVSS: 8.6 Attack Vector: Network Attack Complexity: Low

Microsoft has released an updated Microsoft Edge version “134.0.3124.66” to address multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: 1. Microsoft Edge Code

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, bypass security restrictions, or gain elevated privileges to the affected product by using crafted commands at the prompt. Sample of the addressed vulnerabilities: 1. Cisco IOS XR Software CLI

Apple has released security updates to address a zero-day vulnerability in the WebKit cross-platform across macOS Sequoia and Safari. The addressed vulnerability could allow the remote attacker to execute arbitrary code caused by an out-of-bounds write in the WebKit component by persuading the victim to open a specially crafted web content. Apple Safari and macOS