🇸🇦 Saudi Cyber Daily Digest

Craft CMS Craft CMS — CVE-2025-32432 Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use…

Apple Multiple Products — CVE-2025-43510 Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes. Required Action: Apply mitigations pe…

Apple Multiple Products — CVE-2025-43520 Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory. Required Action: Apply mitigati…

Laravel Livewire — CVE-2025-54068 Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01…

Apple Multiple Products — CVE-2025-31277 Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption. Required Action: Apply mitigatio…

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos_ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then…

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the H…

The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a f…

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin_edit_supplier.php. The manipulation of the argument Supplier_Name leads to sql injection. The attack can be initiat…

A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is requir…

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The …

A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available …

A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upl…

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of the file mindsql/core/mindsql_core.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used.…

A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclo…

XinLiangCoder php_api_doc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in list_method.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft …

H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison (!==). This allows an attacker to deduce the valid password character-by-character by…

Craft CMS is a content management system (CMS). In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw() combined with Craft::t() string interpolation. A low-privile…

The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions (rockpress_import, rockpress_import_status, rockpress_last_import, rockpress_reset_import, and…

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of the component show_merge_diff/quick_merge_summary/show_file_diff. The manipulation …

<strong>Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks</strong> Apple warns users of outdated iOS versions about web-based attacks using Coruna and DarkSword exploit kits. These sophisticated exploit kits deliver malicious web content targeting vul…

<strong>DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks</strong> The U.S. Department of Justice disrupted command-and-control infrastructure for multiple IoT botnets including AISURU, Kimwolf, JackSkid, and Mossad, which controlled 3 million…

<strong>Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover</strong> A critical vulnerability in Magento's REST API, dubbed PolyShell, allows unauthenticated attackers to upload malicious executables, execute remote code, and take over accounts. This…

<strong>The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks</strong> Cybercriminals are leveraging AI to create sophisticated phishing campaigns with personalized emails, deepfakes, and adaptive malware that bypass traditional security defenses. This evolution req…

<strong>Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams</strong> Google introduces mandatory 24-hour waiting period for Android sideloading from unverified developers to reduce malware and scam installations. This security enhancement aims to …

<strong>Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure</strong> Critical vulnerability CVE-2026-33017 in Langflow (CVSS 9.3) was exploited within 20 hours of disclosure, demonstrating rapid weaponization of authentication bypass flaws. The m…

<strong>Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets</strong> Trivy vulnerability scanner was compromised for the second time in a month, with attackers hijacking 75 GitHub Actions tags to deploy malware targeting CI/CD pipeline secrets…

<strong>AI Conundrum: Why MCP Security Can&#039;t Be Patched Away</strong> Model Context Protocol (MCP) introduces architectural security vulnerabilities in Large Language Model environments that cannot be resolved through traditional patching methods. Researchers warn these ris…

<strong>Interlock Ransomware Targets Cisco Enterprise Firewalls</strong> Interlock ransomware group exploited a critical Cisco firewall vulnerability weeks before public disclosure, demonstrating zero-day access capabilities. The gang specializes in double-extortion attacks and …

<strong>Cyber OpSec Fail: Beast Gang Exposes Ransomware Server</strong> The Beast ransomware gang inadvertently exposed their central cloud server, revealing files that document their systematic tactics targeting network backups. This operational security failure provides insigh…

<strong>Patch Now: Oracle&#039;s Fusion Middleware Has Critical RCE Flaw</strong> Oracle Fusion Middleware contains a critical remote code execution vulnerability affecting Identity and Web Services Managers. Attackers can exploit this flaw without authentication when these serv…

<strong>That “job brief” on Google Forms could infect your device</strong> Cybercriminals are using fake job offers distributed through Google Forms to deliver PureHVNC malware. This remote access trojan allows attackers to take complete control of infected devices, posing serio…

<strong>Could your face change what you pay? NYC wants limits on biometric tracking</strong> NYC lawmakers propose regulations to limit biometric tracking technologies that could enable surveillance-based pricing and customer profiling. This addresses privacy concerns and potent…

<strong>Russian Intelligence Services Target Commercial Messaging Application Accounts</strong> CISA and FBI warn of ongoing phishing campaigns by Russian Intelligence Services targeting commercial messaging applications to bypass encryption and compromise accounts. These sophis…

<strong>CISA Adds Five Known Exploited Vulnerabilities to Catalog</strong> CISA added five actively exploited vulnerabilities to its KEV Catalog, including critical flaws in Apple products and Craft CMS. Organizations must prioritize patching these vulnerabilities as they are be…

<strong>The Iran War: What You Need to Know</strong> Insikt Group provides continuous tracking and threat analysis of cyber, physical, and geopolitical aspects of US-Israeli strikes on Iran. The report includes updated threat scenarios relevant to regional cybersecurity posture …

<strong>Feds Disrupt IoT Botnets Behind Huge DDoS Attacks</strong> U.S., Canadian, and German authorities dismantled four major botnets that compromised over 3 million IoT devices including routers and cameras. The operation disrupted infrastructure used to launch massive DDoS a…