FreePBX, beloved by many for its user-friendly web interface, recently had a SQL injection vulnerability uncovered. This flaw allows mischievous attackers to manipulate the database and execute arbitrary code. So, if your phone starts making prank calls to unknown galaxies, it might be time to check your FreePBX settings.

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These cyber gremlins are a frequent attack vector for hackers and pose significant risks to federal networks. CISA urges all organizations to squash these bugs promptly, as they continue to update the catalog with new threats.

Oracle E-Business Suite users, brace yourselves! A surprise security bulletin reveals a vulnerability that could make your servers as inviting as a free buffet. The exploit involves server-side request forgery (SSRF) and the use of an invalid HTTP version 1.2. It’s time to patch up and block those sneaky scripts!

Oracle E-Business Suite users, brace yourselves! CVE-2025-61882 is on the loose. This vulnerability is remotely exploitable without authentication, meaning hackers could waltz in, no credentials needed. Oracle urgently advises applying their Security Alert updates faster than you can say “patch it up.” Protect your systems before it’s too late!

Join Johannes Ullrich at the Internet Storm Center for a deep dive into application security. If you’re in Denver from October 4th to 9th, 2025, you won’t want to miss this chance to learn how to secure web apps, APIs, and microservices. Who knew keeping the internet safe could be so much fun?

“Glass Cage” exploits iOS 18.2 with a silent PNG attack via iMessage. The zero-click exploit bypasses Apple’s defenses, leading to kernel-level access, iCloud Keychain theft, and optional device bricking. Despite detailed reports, Apple and MITRE ignored it, but CNVD gave credit. Who knew a PNG could be the most dangerous thing on your phone?

Zero-click iMessage exploit chain discovered in iOS 18.2 remained unpatched until iOS 18.4.1. It allowed Secure Enclave key theft and crypto wallet exfiltration. Despite responsible disclosure, Apple issued a silent fix, leaving users in the dark. This disclosure aims to resist suppression and promote awareness.

View CSAF: The Hitachi Energy MSM Product has a CVSS v3 score of 7.5 due to critical vulnerabilities. While it’s not designed for direct internet connection, it can still be exploited remotely—like a cat burglar with a skeleton key to your digital safe. Disconnect it from the web and follow recommended security practices.

View CSAF: Raise3D’s Pro2 Series printers are in the hot seat with a vulnerability that’s easier to exploit than a piñata at a toddler’s birthday party. With a CVSS v4 score of 8.8, this authentication bypass could expose your data faster than a magician’s reveal. Disable developer mode and stay vigilant!

CISA released two ICS advisories on October 2, 2025, revealing the latest security vulnerabilities. It’s like finding a plot twist in a detective novel, except the culprit is a sneaky cyber exploit! CISA suggests users and administrators dive into these advisories for all the technical drama and potential solutions.

CISA has spiced up its Known Exploited Vulnerabilities Catalog with five new cyber threats. Like a never-ending sequel, these vulnerabilities keep hackers entertained and agencies on their toes. Federal agencies, don’t snooze on those due dates! Everyone else, get your vulnerability management groove on—because cyber threats never take a day off!

Attackers are snooping around the .well-known directory like it’s a buffet of secrets. They’re hitting URLs like terraform.json and ai-plugin.json, hoping to uncover valuable info. But before you panic-delete, remember: some of these files are essential. So, chat with your developers, review content, and keep your .well-known directory in check!

Catch the ISC Stormcast podcast for October 2nd, 2025, where Jesse La Grew, your handler on duty, keeps the threat level at green while unraveling the mysteries of securing web apps and microservices. Tune in for a dose of cybersecurity wisdom with a side of humor!

Brace yourself, cyber warriors! Cisco Cyber Vision Center vulnerabilities could let remote attackers conduct cross-site scripting (XSS) attacks. The catch? They need those elusive admin credentials. Quick fix: Cisco’s got updates—no workarounds though. So, update now or risk wearing a digital dunce cap!

Cisco urges customers to ditch the temporary duct tape fixes and upgrade to a fixed software release pronto. While workarounds are nice, they aren’t the long-term solution to fend off vulnerabilities. Upgrade the software now for peace of mind and fewer tech nightmares.

TOTOLINK X6000R routers are in hot water with three new security flaws. From crashing routers to letting hackers run wild, these vulnerabilities are no laughing matter. Firmware updates are a must to avoid turning your router into a hacker’s playground. Protect yourself and your network—update now!

Join us for a comedic deep dive into the world of application security. Discover how securing web apps, APIs, and microservices can be as thrilling as watching a squirrel on espresso navigate a traffic circle. Get ready to laugh your way through class in Denver, October 2025!

DShield honeypots attract cybercriminals like bees to honey. To analyze their password attempts, an intern developed a tool using HaveIBeenPwned’s API to identify passwords not seen in breaches. Surprisingly, 7.4% of passwords were unseen, shedding light on hacker targets and innovations in password mutations. They really need a new hobby.

The LG Innotek LND7210 and LNV7210R camera models are the latest stars in the vulnerability spotlight, featuring an “authentication bypass” flaw that could give attackers administrative access. The CVSS v4 score is a thrilling 8.8, but alas, these cameras are end-of-life and can’t be patched. Talk about a plot twist!

View CSAF: National Instruments’ Circuit Design Suite has vulnerabilities ripe for a digital heist, making even the calmest IT guy break a sweat. With CVSS v4 scores hitting 8.4, attackers can execute arbitrary code like it’s a walk in the park. Update to version 14.3.2 or later to avoid unexpected “features.”