नवीनतम सुरक्षा चेतावनी
| # | भेद्यता / सलाह | विवरण |
|---|---|---|
| Use-after-free Vulnerability in Mozilla Firefox (CVE-2025-12380) |
A vulnerability has been reported in Mozilla Firefox, which could allow a remote attacker to execute arbitrary code on a targeted system. Software Affected: Mozilla Firefox version before 144.0.2 Apply appropriate security updates as mentioned in:https://www.mozilla.org/en-US/security/advisories/mfsa2025-86/ |
|
| Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) (CVE-2025-11756) |
A vulnerability has been reported in Microsoft Edge (Chromium-based), which could allow a remote attacker to execute arbitrary code on a targeted system. Software Affected: Microsoft Edge (Chromium-based) version before 141.0.3537.85 Apply appropriate security updates as mentioned in:https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#october-17-2025 |
|
| Multiple Vulnerabilities in Microsoft Products (CIAD-2025-0037) |
Multiple vulnerabilities have been reported in Microsoft Products, which could allow an attacker to gain elevated privileges, obtain Information Disclosure, Bypass Security restrictions, conduct remote code execution attacks, perform spoofing attacks, cause a denial of service condition, or tamper with system settings. Software Affected: Open Source Software Apps Windows Developer Tools Microsoft Office Server Software System Center Apply appropriate security updates as mentioned in:https://msrc.microsoft.com/update-guide/releaseNote/2025-Oct |
|
| Multiple Vulnerabilities in Apple Products (CIAD-2025-0031) |
Multiple vulnerabilities have been reported in Apple Products, which could allow an attacker to execute arbitrary code, gain elevated privileges, disclose sensitive information, bypass security restrictions, or cause a denial of service condition on the targeted system. Software Affected: Apple iOS and iPadOS versions before 26, 18.7, 16.7.12, 15.8.5 Apple macOS Tahoe versions before 26 Apple macOS Sequoia versions before 15.7 Apple macOS Sonoma versions before 14.8 Apple TVOS versions before 26 Apple watchOS versions before 26 Apple visionOS versions before 26 Apple Satani versions before 26 Apple Xcode versions before 26 Apply appropriate updates as mentioned below:https://support.apple.com/en-us/125108
https://support.apple.com/en-us/125109 |
|
| Multiple Vulnerabilities in Microsoft Products (CIAD-2025-0030) |
Multiple vulnerabilities have been reported in Microsoft products, which could allow an attacker to bypass security restrictions, gain elevated privileges, obtain sensitive information, and conduct remote code execution, spoofing attacks, or cause a Denial of Service (DoS) condition on the targeted system. Software Affected: Microsoft Auto Update for Mac Microsoft Windows Microsoft Office Microsoft 365 Apps Microsoft Edge (Chromium-based) Apply appropriate updates as mentioned in:https://msrc.microsoft.com/update-guide/releaseNote/2025-Sep |
|
| Remote Code Execution Vulnerability in Google Chrome for Desktop (CIVN-2025-0245) |
Multiple vulnerabilities were reported in Google Chrome for Desktop, allowing remote attackers to execute arbitrary code or disclose sensitive information. Software Affected: Google Chrome versions before 141.0.7390.107/.108 for Windows and Mac Google Chrome versions before 141.0.7390.107 for Linux Apply appropriate updates as mentioned below:https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html |
|
| Multiple vulnerabilities in Mozilla Products (CIVN-2025-0237) |
Multiple vulnerabilities were reported in Mozilla products, allowing remote code execution or disclosure of sensitive information. Software Affected: Mozilla Firefox for iOS versions before 143.1 Mozilla Firefox versions before 143.0.3 Apply appropriate updates as mentioned below: |
|
| Multiple vulnerabilities in Microsoft Edge (Chromium-based) (CIVN-2025-0241) |
Multiple vulnerabilities in Microsoft Edge (Chromium-based) could allow remote attackers to obtain sensitive information and execute arbitrary code. Software Affected: Microsoft Edge (Chromium-based) versions before 140.0.7339.208 Apply appropriate updates as mentioned below: |
|
| Multiple vulnerabilities in Google Chrome for Desktop (CIVN-2025-0235) |
Multiple vulnerabilities could allow a remote attacker to execute arbitrary code, cause denial of service (DoS), or disclose information. Software Affected: Google Chrome versions before 140.0.7339.207/.208 for Windows/Mac Google Chrome versions before 140.0.7339.207 for Linux Apply appropriate updates as mentioned below:https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html |
|
| Denial of Service Vulnerability in Apple Products (CIVN-2025-0234) |
A vulnerability has been reported in Apple products, which could be exploited by an attacker to cause denial of service conditions or corrupt process memory on the targeted system. Multiple affected releases are listed below. Software Affected: Apple iOS / iPadOS versions before 18.7.1 Apple iOS / iPadOS versions before 26.0.1 Apple macOS Tahoe versions before 26.0.1 Apple macOS Sequoia versions before 15.7.1 Apple macOS Sonoma versions before 14.8.1 Apple visionOS versions before 26.0.1 Apply appropriate updates as mentioned below:https://support.apple.com/en-us/125326 https://support.apple.com/en-us/125327 https://support.apple.com/en-us/125328 https://support.apple.com/en-us/125329 |
|
| Multiple vulnerabilities in Google Chrome for Desktop (CIVN-2025-0211) |
Multiple vulnerabilities have been reported in Google Chrome, which could allow a remote attacker to execute arbitrary code on the targeted system. Software Affected: Google Chrome versions before 140.0.7339.127/.128 for Windows Google Chrome versions before 140.0.7339.132/.133 for Mac Google Chrome versions before 140.0.7339.127 for Linux Apply appropriate updates as mentioned below:https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html |
|
| Authorization Bypass vulnerability in WhatsApp for Apple Devices (CVE-2025-55177) |
A vulnerability has been reported in WhatsApp, which could allow an attacker to bypass authorization on the targeted device.
Software Affected: WhatsApp for iOS version before 2.25.21.73 WhatsApp Business for iOS version 2.25.21.78 WhatsApp for Mac version 2.25.21.78 Users are advised to update to the latest available versions of WhatsApp: https://www.whatsapp.com/security/advisories/2025/ |
|
| Multiple Vulnerabilities in Android, all OEMs, and users of Android (CIVN-2025-0202) |
Multiple vulnerabilities have been reported in Android versions 13, 14, 15, and 16. High risk of unauthorized access to data and system instability. Apply appropriate updates as mentioned in: https://source.android.com/docs/security/bulletin/2025-09-01 | |
| Zero-Day Vulnerabilities in Apple Products (CVE-2025-43300) |
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation. Kindly update to the latest version ASAP. | |
| Multiple Vulnerabilities in Adobe Products (CIVN-2025-0138) |
Software Affected: Adobe After Effects versions before 24.6.7 for Windows and MacOS, Adobe After Effects versions before 25.3 for Windows and MacOS. Kindly update to the latest version ASAP. | |
| WinRAR zero-day Under Active Exploitation (CVE-2025-8088) |
To safeguard against potential threats, update to the latest WinRAR version 7.13, released on July 31, 2025. | |
| Broad Credential Exposure Involving Multiple Online Services (CERT-In Advisory CIAD-2025-0024) |
Recently, several media outlets reported the exposure of approximately 16 billion login credentials, including usernames, passwords, authentication tokens, and associated metadata, from platforms such as Apple, Google, Facebook, Telegram, GitHub, and various virtual private network (VPN) services. Recommendations to mitigate risks Update Passwords Immediately: Change passwords for all affected services, prioritizing email, banking, social media, and government portals. Create strong, unique passwords (minimum 12 characters, including letters, numbers, and symbols). Avoid reusing passwords across services to prevent credential stuffing attacks. Make it a habit to change your passwords regularly. Enable Multi-Factor Authentication (MFA): Activate MFA on all accounts that support it, using authenticator apps, hardware tokens, or SMS-based verification. Transition to Passkeys: Where supported (e.g., Apple, Google), enable passkeys for password-less, phishing-resistant authentication using biometrics or device PINs. Protect Against Malware: Run antivirus scans to detect and remove infostealer malware. Ensure operating systems, browsers, and applications are updated to address known vulnerabilities. |
|
| Multiple Vulnerabilities in Mozilla Firefox (CIVN-2025-0138) |
Software Affected: Mozilla Firefox versions before 140. Please update to the latest version as soon as possible. A remote attacker could exploit these vulnerabilities by convincing a victim to trigger a specially crafted web request. | |
| The zero-day vulnerability in the Google Chrome Browser (CVE-2025-6554) |
To safeguard against potential threats, it's advised to update Chrome browser to versions 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, and 138.0.7204.96 for Linux. If you're unsure whether your browser is up to date, go to Settings > Help > About Google Chrome — it should trigger the latest update automatically. |
