The Breach News

Apple Releases Backported Fix for CVE-2025-43300 Following Targeted Spyware Attack

September 16, 2025
Vulnerability | Spyware

On Monday, Apple announced backported fixes for the recently addressed security vulnerability CVE-2025-43300, which has been actively exploited. This critical flaw, with a CVSS score of 8.8, is an out-of-bounds write issue in the ImageIO component that can lead to memory corruption when processing malicious image files. Apple noted that this vulnerability may have been leveraged in a sophisticated attack against specific individuals. In a related development, WhatsApp reported a vulnerability (CVE-2025-55177, CVSS score: 5.4) within its iOS and macOS messaging apps that was exploited alongside CVE-2025-43300 in targeted spyware attacks against fewer than 200 victims. The original fix for the vulnerability was rolled out by Apple in late August with the releases of iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1. Additional releases have also been made for other platforms…

Apple Addresses Vulnerability CVE-2025-43300 After Reports of Targeted Spyware Attacks September 16, 2025 Apple has recently implemented backported fixes for a significant security vulnerability, CVE-2025-43300, which has reportedly been exploited in sophisticated, targeted spyware incidents. The flaw, rated 8.8 on the CVSS scale, pertains to an out-of-bounds write issue within…

Read More

Apple Releases Backported Fix for CVE-2025-43300 Following Targeted Spyware Attack

September 16, 2025
Vulnerability | Spyware

On Monday, Apple announced backported fixes for the recently addressed security vulnerability CVE-2025-43300, which has been actively exploited. This critical flaw, with a CVSS score of 8.8, is an out-of-bounds write issue in the ImageIO component that can lead to memory corruption when processing malicious image files. Apple noted that this vulnerability may have been leveraged in a sophisticated attack against specific individuals. In a related development, WhatsApp reported a vulnerability (CVE-2025-55177, CVSS score: 5.4) within its iOS and macOS messaging apps that was exploited alongside CVE-2025-43300 in targeted spyware attacks against fewer than 200 victims. The original fix for the vulnerability was rolled out by Apple in late August with the releases of iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1. Additional releases have also been made for other platforms…

Recent BreachForums Relaunch Linked to Impersonation of ShinyHunters Admin

Cybercrime , Data Security , Fraud Management & Cybercrime Post-Reboot, Cybercrime Group Claims No Ties to Hacker Site Mathew J. Schwartz (euroinfosec) • April 3, 2026 Image: Shutterstock BreachForums continues to be a focal point of controversy following its recent reboot. An individual claiming affiliation with the ShinyHunters extortion group…

Read MoreRecent BreachForums Relaunch Linked to Impersonation of ShinyHunters Admin

Groups Oppose HHS’s Proposed Rollbacks on Health IT

Healthcare, Industry Specific, Standards, Regulations & Compliance Healthcare Groups Warn of Risks from HHS’ Proposed IT Certification Changes Marianne Kolbasuk McGee ( HealthInfoSec) • March 3, 2026 Proposed reductions in health IT certification requirements by HHS are facing resistance from industry groups concerned about privacy and security implications. (Image: Getty…

Read MoreGroups Oppose HHS’s Proposed Rollbacks on Health IT

State-Sponsored Hackers Likely Targeted MS Exchange 0-Days at Approximately 10 Organizations

On Friday, Microsoft reported a significant security incident involving the exploitation of two zero-day vulnerabilities in Microsoft Exchange servers by a single threat actor group as far back as August 2022. This group successfully gained initial access through coordinated attacks targeting fewer than ten organizations worldwide. The compromises facilitated the…

Read MoreState-Sponsored Hackers Likely Targeted MS Exchange 0-Days at Approximately 10 Organizations

StoneDrill Disk Wiping Malware Discovered Targeting European Industries

A newly identified disk-wiping malware known as StoneDrill has emerged, targeting a petroleum company in Europe. This malware bears similarities to the infamous Shamoon, which notoriously deleted data from 35,000 computers at Saudi Arabia’s national oil company back in 2012. Disk-wiping malware like StoneDrill can inflict severe damage on organizations…

Read MoreStoneDrill Disk Wiping Malware Discovered Targeting European Industries

🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More

Cybersecurity Weekly Update: New Vulnerabilities and Persistent Threats This week, the cybersecurity landscape revealed alarming developments as multiple organizations fell victim to sophisticated attacks, highlighting the evolving tactics employed by cybercriminals. Notably, Fortinet disclosed a serious vulnerability affecting its FortiWeb application firewall, categorized as CVE-2025-58034. This flaw, assigned a medium…

Read More🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More

JetStream Secures $34M Seed Funding to Advance AI Governance

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Ex-CrowdStrike Product Leader Unveils Blueprint Model to Tackle MCP Server Issues and Cost Management Michael Novinson (MichaelNovinson) • March 3, 2026 Raj Rajamani, co-founder and CEO of JetStream (Image: JetStream) JetStream, a startup focusing on artificial intelligence governance, has successfully…

Read MoreJetStream Secures $34M Seed Funding to Advance AI Governance

Research Identifies Supply Chain Vulnerabilities in Packagist PHP Repository

Researchers have uncovered a critical security vulnerability in Packagist, the widely used PHP software package repository, which has since been patched. This flaw had the potential to facilitate malicious software supply chain attacks, posing significant risks to developers who rely on Packagist for managing project dependencies through Composer, the PHP…

Read MoreResearch Identifies Supply Chain Vulnerabilities in Packagist PHP Repository

Proposed Legislation Would Permit Cyber Crime Victims to Engage in Hacking Back

The debate surrounding the legality and morality of counter-hacking actions, known colloquially as “hacking back,” has resurfaced as a significant concern among cybersecurity professionals and lawmakers. As cybersecurity incidents continue to escalate, victims are often left questioning whether they can retaliate against their attackers. While hacking back is considered illegal…

Read MoreProposed Legislation Would Permit Cyber Crime Victims to Engage in Hacking Back