Cyberdudebivash

Global Cybersecurity Threat Intel — CVEs Breakdown (09 July 2025)

, , , ,

Highlights & Exploit Trends

1. Android Zero-Days Patched

Google’s September 2025 Android update addresses 84 vulnerabilities, including two active zero-days:

  • CVE-2025-38352: Privilege escalation in Android Kernel.
  • CVE-2025-48543: Android Runtime exploit bypassing sandbox protections.
    Additionally, a remote code exec flaw (CVE-2025-48539) was fixed. Qualcomm components (including Snapdragon chips) were also extensively patched.
    Tom’s GuideSoC Radar

2. Critical Citrix NetScaler Flaws Under Attack

Three high-severity vulnerabilities—CVE-2025-7775 (RCE, CVSS 9.2), CVE-2025-7776, and CVE-2025-8424—are under active exploitation. Enterprises must patch immediately, with many affected devices running unsupported firmware. Attackers are streamlining exploits with AI-driven HexStrike automation.
IT ProTechRadar

3. TP-Link Routers Bribed into Botnets

Two vulnerabilities in EOL routers (CVE-2025-50224 and CVE-2025-9377) were exploited by the Chinese-linked Quad7 botnet to launch password-spraying attacks on Microsoft 365 accounts. CISA has added CVE-2025-9377 to its Known Exploited Vulnerabilities list and mandates patching or replacement within 3 weeks.
TechRadarTom’s Guide

4. WhatsApp & iPhone “Zero-Click” Exploit

A sophisticated zero-click exploit (CVE-2025-55177) combined with an Apple OS-level flaw (CVE-2025-43300) allows spyware installation without user interaction. Targets include civil society individuals. Immediate updates (WhatsApp v2.25.21.73+) and enabling Lockdown Mode are highly recommended.
New York Post

5. Active SharePoint RCE Campaign — “ToolShell”

Multiple RCE vulnerabilities (CVE-2025-49704497065377053771) in on-prem SharePoint servers are actively exploited by Storm-2603. Thousands of services are impacted, often combined with Warlock ransomware. SharePoint, Excel, OneDrive, Teams integrations amplify risks. Patching, rotating machine keys, and ZTNA deployment are urgent mitigation steps.
TechRadarUnit 42Microsoft

Broader CVE News & Briefs

  • CitrixNetScaler “CitrixBleed2”: PoC exploits for CVE-2025-5777 are now publicly available.
    American Hospital Association
  • FortiSIEM RCECVE-2025-25256 allows unauthenticated remote command execution. Exploit code is circulating.
    SoC Radar
  • MediaTek Wi-Fi Privilege EscalationCVE-2025-20681 (out-of-bounds write) in wlan AP driver; patch available.
    NVD
  • ServiceNow “Count(er) Strike” VulnerabilityCVE-2025-3648 allows low-privileged data enumeration via UI/table count leaks.
    CM Alliance
  • Qantas data breach confirmed, alongside Microsoft’s July Patch Tuesday (137 vulnerabilities, including a SQL Server zero-day CVE-2025-49719).
    CISO PlatformCyberMaxx
  • Erlang/OTP Exploits in the WildCVE-2025-32433 is actively exploited.
    TXOne Networks

Global Cybersecurity Threat Intel

cyberdudebivash.com | cyberbivash.blogspot.com | cryptobivash.code.blog

#CyberDudeBivash #GlobalCVEAlert #ZeroDay #SharePointRCE #CitrixFlaws #AndroidSecurity #ThreatIntel #PatchNow #CyberDefense

Leave a comment

Design a site like this with WordPress.com
Get started