Attacks weaponizing the Cisco Adaptive Security Appliance vulnerabilities, tracked as CVE-2025-20333 and CVE-2025-20362, were reported by the Cybersecurity and Infrastructure Security Agency to have successfully compromised a federal civilian executive branch agency with the FIRESTARTER malware in September, according to The Record, a news site by cybersecurity firm Recorded Future.
The vulnerability, with a critical severity score of 9.8 out of 10, stems from a missing file-type validation in the "fetch_gravatar_from_remote" function.
More than 1,300 internet-exposed Microsoft SharePoint servers remain vulnerable to ongoing intrusions weaponizing the zero-day spoofing flaw, tracked as CVE-2026-32201, while fewer than 200 online SharePoint instances have been fixed since last week's Patch Tuesday release, BleepingComputer reports.
The vulnerability, identified as CVE-2026-28950, was patched on April 22, 2026, in iOS 26.4.2 and iPadOS 26.4.2, as well as in iOS 18.7.8 and iPadOS 18.7.8.
A BeyondTrust report found a twofold increase in critical flaws in Microsoft software despite a 6% drop in total vulnerabilities to 1,273 this year, indicating that fewer but more severe security issues are being discovered, reports HackRead.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
