Patch/Configuration Management

The flaw is a local privilege escalation issue stemming from insufficient authorization within the appliance management console.

Vendors take an average of 41 days to publish CVE-specific rules, according to Miggo Security.

The JumpCloud uninstaller can be exploited to escalate privileges to system.

Fixes have been issued by Atlassian to address nearly 30 third-party flaws across its products, including the maximum severity XML external entity injection vulnerability in the open source content analysis toolkit Apache Tika, tracked as CVE-2025-66516, reports SecurityWeek.

The vulnerability, impacting ArrayOS versions 9.4.5.8 and earlier, has been confirmed to be exploited in Japan, where attackers dropped web shells on compromised devices.

Threat actors reduce exposure and save money by targeting cloud misconfigurations instead of software zero-days.

Apple announced that it has issued emergency updates to fix the two zero-day vulnerabilities in WebKit that have been exploited in "extremely sophisticated" attacks targeting specific individuals, reports BleepingComputer.