Critical Vulnerabilities Exploited: Microsoft and Apple Under Attack
Critical Vulnerabilities Exploited: Microsoft and Apple Under Attack
On August 25, 2025, cybersecurity experts reported alarming incidents involving critical vulnerabilities in Microsoft and Apple products. A patched privilege escalation flaw in Microsoft Windows, identified as CVE-2025-29824, has been actively exploited by threat actors to deploy the PipeMagic backdoor in ransomware attacks. Despite an April 2025 patch, attackers continue to leverage this vulnerability to gain full remote access to compromised systems. Meanwhile, Apple issued emergency updates for a zero-day vulnerability (CVE-2025-43300) in its ImageIO framework, which has been described as extremely sophisticated and poses serious privacy risks. The combination of these vulnerabilities underscores the pressing need for organizations to maintain their cybersecurity posture.
Also In Security Today
- Ransomware Attacks: The Qilin ransomware gang has targeted U.S. pharmaceutical company Inotiv, encrypting sensitive data and disrupting operations significantly. This incident emphasizes the healthcare sector's vulnerability to ransomware threats. Read more.
- Data Breaches: A significant data breach at Orange Belgium exposed personal data from approximately 850,000 customer accounts, highlighting ongoing risks in the telecommunications sector. Read more.
- New Phishing Methods: Cybercriminals are adopting AI prompt injection methods to enhance the effectiveness of phishing campaigns aimed at Gmail users, showcasing an evolving threat landscape. Read more.