Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild.
The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image.
„Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,“ the company said in an advisory.
The iPhone maker said the bug was internally discovered and that it was addressed with improved bounds checking. The following versions address the security defect –
- iOS 18.6.2 and iPadOS 18.6.2 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- iPadOS 17.7.10 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
- macOS Ventura 13.7.8 – Macs running macOS Ventura
- macOS Sonoma 14.7.8 – Macs running macOS Sonoma
- macOS Sequoia 15.6.1 – Macs running macOS Sequoia
It’s currently not known who is behind the attacks and who may have been targeted, but it’s likely that the vulnerability has been weaponised as part of highly targeted attacks.
Source: The hacker news / Bleeping computer
Link: https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft.
The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said.
- CVE-2025-31324 (CVSS score: 10.0) – Missing Authorization check in SAP NetWeaver’s Visual Composer development server
- CVE-2025-42999 (CVSS score: 9.1) – Insecure Deserialization in SAP NetWeaver’s Visual Composer development server
The vulnerabilities were addressed by SAP back in April and May 2025, but not before they were abused by threat actors as zero-days since at least March.
Multiple ransomware and data extortion groups, including Qilin, BianLian, and RansomExx, have been observed weaponizing the flaws, not to mention several China-nexus espionage crews who have also put them to use in attacks targeting critical infrastructure networks.
Source: The hacker news / Securityweek
Link: https://thehackernews.com/2025/08/public-exploit-for-chained-sap-flaws.html
Link: https://www.securityweek.com/new-exploit-poses-threat-to-sap-netweaver-instances/
PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain
Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.
Attackers are deploying a sophisticated, modular backdoor that mimics ChatGPT Desktop to disguise itself as part of an attack chain that exploits a critical Windows flaw to deliver the Play ransomware.
A threat group that Microsoft tracks as Storm-2460 is deploying the PipeMagic backdoor in an attack campaign that exploits CVE-2025-29824, an elevation-of-privilege vulnerability in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems, Microsoft Threat Intelligence (MTI) revealed in a blog post on Aug. 18.
The flaw — found in the CLFS Driver, a kernel-level component that manages logging for different Windows services and applications — was a zero-day flaw when it was discovered in April. Microsoft patched it as part of its April Patch Tuesday raft of security updates.
Source: Dark reading
GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models
The new GPT-5 is easy to jailbreak. Researchers have discovered the cause – an SSFR-like flaw in its internal routing mechanism.
When you ask GPT-5 a question, the answer may not come from GPT-5. The model includes an initial router that parses the prompt and decides which of the various GPT models to query. It may be the GPT-5 Pro you expect, but it could equally be GPT 3.5, GPT-4o, GPT-5-mini, or GPT-5-nano.
The reasoning behind this variability in the source of the response is probably to balance the LLM’s efficiency (by using faster, lighter and possibly more focused models on the simpler queries) and cost (GPT-5’s strong reasoning capabilities make it very expensive to run). Researchers at Adversa AI have estimated that this re-routing could be saving OpenAI up to $1.86 billion per year. But the process is opaque.
Worse, the researchers at Adversa have discovered and explained that this internal routing can be manipulated by the user to make GPT-5 redirect the query to the user’s model of choice by including specific ‘trigger’ phrases in the prompt.
Adversa has named, or perhaps more accurately described the vulnerability PROMISQROUTE, which stands for ‘Prompt-based Router Open-Mode Manipulation Induced via SSRF-like Queries, Reconfiguring Operations Using Trust Evasion’. “It’s an evasion attack on the router,” explains Alex Polyakov (co-founder and CEO at Adversa AI). “We manipulate the decision-making process, which is fairly simple, deciding which model should handle the request.”
Source: Securityweek
Link: https://www.securityweek.com/gpt-5-has-a-vulnerability-it-may-not-be-gpt-5-answering-your-call/
The OSINT Intelligence Cycle Part 1: Planning and Direction
Many newcomers to open source intelligence immediately gravitate towards the tools and become reliant on them rather quickly. This becomes problematic when the tools break, become deprecated, or otherwise unavailable. While automation, collection assistance, and visualization tools can help immensely in an investigation, they cannot analyze the work and do your job for you.
One of my most repeated bits of advice for those new to OSINT or those wishing to improve their current OSINT skills is to go back to the basics, namely the intelligence cycle. This series of articles aims to reframe each phase of the intelligence cycle to show specifically how I apply it during one of my OSINT investigations.
The planning and direction phase of the OSINT intelligence cycle is where an analyst should determine their investigative requirements, outline what questions they are attempting to answer, and make note of any special circumstances that might arise due to the target, the situation, or the platforms that might be used.
At best, going into an OSINT investigation without a plan or direction can cause an investigation to take longer than needed. At worst? An investigator may lack the proper dependencies required for the investigation or risk being detected by the target due to technical oversights. During this phase of the intelligence cycle, I tend to take the following steps.
Source: Secjuice
Link: https://www.secjuice.com/osint-intelligence-cycle-part-i-planning-and-direction/