📰 SSL & IT Security News
Stay up to date with the latest developments in SSL certificates, encryption standards, security exploits, and the wider IT security landscape.
Like our coverage? Support us 🍵: https://coff.ee/articgadgets
🛑 CVE-2025-20333: Cisco ASA/FTD Buffer Overflow Vulnerability
Date: 28-09-2025
A critical buffer overflow vulnerability affects Cisco Secure Firewall ASA and FTD VPN web servers, potentially allowing remote code execution. Attackers can exploit this flaw to gain full control of affected systems. The risk increases when chained with CVE-2025-20362, enabling more complex attacks. Cisco urges immediate patching to prevent exploitation.
🛑 CVE-2025-38352: Linux Kernel TOCTOU Race Condition Vulnerability
Date: 10-09-2025
A newly disclosed flaw, CVE-2025-38352, affects the Linux kernel through a time-of-check time-of-use (TOCTOU) race condition. This vulnerability poses a serious threat to confidentiality, integrity, and availability, as attackers could exploit timing gaps to manipulate system resources. With its high impact rating, administrators are urged to apply patches or mitigations promptly to reduce exposure.
📱End of an Era: Way to the Web Ltd and ConfigServer.com Cease Operations
Date: 08-09-2025
Way to the Web Ltd and ConfigServer.com officially closed down on 31 August 2025, following a public announcement made on 30 July 2025 to give customers time to transition. This shutdown impacts all commercial and free software products—including cxs, MSFE, osm, csf, cmq, cmm, cmc, and cse—widely used in DirectAdmin and other hosting environments. Users are urged to seek alternatives to maintain system security and functionality.
🛑 CVE-2020-24363: TP-Link TL-WA855RE Vulnerability Exposes Critical Risk
Date: 02-09-2025
The TP-Link TL-WA855RE is affected by a missing authentication fuction, for critical vulnerability CVE-2020-24363. An unauthenticated attacker on the same network can exploit this flaw by sending a TDDP_RESET POST request, forcing a factory reset and reboot. This allows the attacker to bypass access control by setting a new administrative password. Since the impacted devices may already be end-of-life (EoL) or end-of-service (EoS), users are strongly advised to discontinue their use.
🛑 Critical FreePBX Vulnerability Allows Unauthenticated RCE
Date: 30-08-2025
CVE-2025-57819 is a critical flaw in FreePBX versions 15, 16, and 17 that allows unauthenticated attackers to bypass the admin interface, manipulate the database, and execute arbitrary code. Security patches are available in versions 15.0.66, 16.0.89, and 17.0.3. Organizations should update immediately, restrict access to admin interfaces, and monitor for suspicious activity, as the vulnerability is already being actively exploited.
📱Apple's iPhone 17 and iOS 26: What to Expect
Date: 28-08-2025
Apple is set to unveil the iPhone 17 series on September 9, 2025, during its "Awe Dropping" event at the Steve Jobs Theater in Cupertino. The new lineup includes the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max, featuring upgrades like the A19 Pro chip, a 24MP front camera, and a 48MP triple-camera system.
Alongside the hardware, Apple is expected to introduce iOS 26, bringing enhanced AI capabilities, improved performance, and new features to the iPhone experience. Pre-orders for the iPhone 17 will begin on September 12, with availability starting on September 19.
🛑 Citrix Netscaler Critical Vulnerability Discovered, Score: 9,2
Date: 26-08-2025
Citrix warns of three new vulnerabilities in NetScaler ADC and Gateway (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424), including memory overflows and improper access control. CVE-2025-7775 is already actively exploited, allowing attackers to gain unauthorized access and potentially execute code remotely. Customers should urgently apply the latest patches to mitigate risk.
🏢 VirtualBox 7.2 Gets ARM-on-ARM Support
Date: 25-08-2025
Oracle officially released VirtualBox 7.2 on August 14, 2025, for the first time full virtualization support for Windows ARM guests on ARM hosts, including ARM native Guest Additions and a unified Windows installer package. This version also delivers a redesigned user interface featuring a vertical toolbar, improved 3D support, and integrated NVMe emulation in the open-source base.
🏢 Over 16 Million PayPal Accounts Allegedly Exposed in 2025 Data Leak
Date: 23-08-2025
A hacker known as "Chucky_BF" claims to have obtained 15.8 million PayPal credentials, including emails and plaintext passwords, offering them for sale on a dark web forum. While PayPal denies a new breach, attributing the data to older credential-stuffing attacks from infostealer malware, experts caution that reused passwords may still pose risks. Users are advised to change passwords, enable multi-factor authentication, and use password managers to enhance security.
🛑 Apple brings patch for exploit CVE-2025-43300
Date: 23-08-2025
Apple has released security updates to address CVE-2025-43300, an out-of-bounds write vulnerability in the Image I/O framework. This flaw, which could lead to memory corruption when processing malicious image files, has been exploited in targeted attacks. Affected devices include:
💻 Belgium's Telecom provider Orange got "Hacked"
Date: 20-08-2025
Belgium’s telecom provider Orange was reportedly hacked, exposing data from approximately 850,000 customer accounts, including names, phone numbers, SIM and PUK codes and tariff plans. The company confirmed that sensitive information such as passwords, banking details, and email addresses were not compromised as known for now.
💲Databricks eyes over $100 billion assessment as investors back AI growth plans
Date: 19-08-2025
Databricks is reportedly targeting a valuation of more than $100 billion as investors rally behind its aggressive expansion in artificial intelligence. The move strengthens confidence in the broader AI market and signals increasing pressure on rivals to accelerate innovation and scale.
📈 Global SSL Prices Expected to Rise
Date: 14-08-2025
Major certificate authorities announced upcoming price adjustments due to increased operational costs and stricter compliance requirements.
🛑 N-Central from N-Able Insecure Deserialization Vulnerability CVE-2025-8875
Date: 13-08-2025
N-Central contains an insecure deserialization vulnerability that could lead to command execution. Update is required to patch this vulnerability.
📜 EU to Enforce Shorter Certificate Lifespans
Date: 12-08-2025
European regulators plan to reduce maximum SSL/TLS certificate validity to 270 days.
🛑 OpenSSL Critical Vulnerability Discovered
Date: 10-08-2025
Buffer overflow in OpenSSL 3.2.1; patch to 3.2.2 required immediately.
💾 New Encryption Standard Proposed
Date: 05-08-2025
Draft for post-quantum TLS cipher suite submitted by IETF.