June Patch Tuesday digs into 67 bugs
An extremely Windows-heavy month, with a surprise cameo by… Sophos?!
Similar Posts
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
Bys sA critical security vulnerability has been disclosed in AMI’s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. “A local or remote attacker can exploit the vulnerability by accessing the
Trump’s Top Aides Suffer Another Series of Embarrassing Data Blunders
Bys sYasmeen Hamadeh reports: When it rains, it pours—at least that’s the case for Mike Waltz and the country’s top national security officials this week. After President Donald Trump’s national security adviser accidentally added a prominent journalist to a private Signal chat with more than a dozen top government officials, it emerged that he had made…
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
Bys sMongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. “The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations,…
Archer Health was leaking protected health information. Criminals appear to have found it.
Bys sFrom our “No Need to Hack When It’s Leaking” files, a report involving Archer Health, an in-home healthcare provider. Website Planet recently reported a misconfigured bucket that was found by researcher Jeremiah Fowler. The unencrypted and non-password-protected database reportedly contained approximately 145k files (totaling 23 GB). “In a limited sampling of the exposed files, I……
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
Bys sThreat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log…
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Bys sCybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. “These vulnerabilities all traced back to the same root cause: the overlooked unsafe use of ZeroMQ (ZMQ) and Python’s pickle deserialization,”