Apple Updates Everything
Apple patched all of its operating systems. This update ports a patch for a recently exploited vulnerability to older versions of iOS and macOS.
https://isc.sans.edu/diary/31942)
It Is 2025, And We Are Still Dealing With Default IoT Passwords And Stupid 2013 Router Vulnerabilities
Versions of the Mirai botnet are attacking devices made by Unipi Technology. These devices are using a specific username and password combination. In addition, this version of the Mirai botnet will also attempt exploits against an old Netgear vulnerability.
https://isc.sans.edu/diary/It%20Is%202025%2C%20And%20We%20Are%20Still%20Dealing%20With%20Default%20IoT%20Passwords%20And%20Stupid%202013%20Router%20Vulnerabilities/31940)
Output Messenger Vulnerability
The internal messenger application Output Messenger is currently used in sophisticated attacks. Attackers are exploiting a path traversal vulnerability that has not been fixed.
https://www.outputmessenger.com/cve-2025-27920/)
Commvault Correction
Commvault s patch indeed fixes the recent vulnerability. The Pioneer Release Will Dormann used to experiment will only offer patches after it has been registered, which leads to an error when assessing the patch s efficacy.
https://www.darkreading.com/application-security/commvault-patch-works-as-intended)
