⚠️ iOS 18.4.1: Apple patches two critical zero-days — and the U.S. government is taking no chances.

Federal agencies have been ordered to update by May 8 — but this isn’t just about public sector risk.

🔐 The vulnerabilities are under active exploitation
📱 All iPhone users are exposed
⏰ Delaying could open the door to real-world attacks
🧠 Pro tip: enable auto-updates and confirm your device is running 18.4.1

Don’t wait for a mandate to protect your digital life.

#iOSUpdate #iPhoneSecurity #CyberSecurity #ZeroDay #MobileSecurity
https://www.forbes.com/sites/kateoflahertyuk/2025/04/19/new-ios-1841-warning-you-have-18-days-to-update-your-iphone/

Watching episode 1 of #ZeroDay with Robert Di Nero.

At the 27:56 mark he's walking down a corridor and his legs are very odd. Almost like he's had a stroke. But more importantly, why are his pants so short??!

🚨 Windows NTLM flaw (CVE-2025-24054) is under active exploitation! Learn how this critical vulnerability impacts your security and what you can do to stay safe. 🛡️

#CyberSecurity #InfoSec #ThreatIntel #Vulnerability #WindowsSecurity #CVE #ZeroDay #SecurityNews

Learn more: https://zerodaily.me/blog/2025-04-18-windows-ntlm-cve-2025-24054-under-active-exploitation

Ein bekannter schickte folgende Nachricht:

"Hi,

Live from Belgium, all the public services of the French part of the country (Wallonia) are offline because a very serious intrusion has been discovered yesterday evening.

A friend told me it’s due to an exploited #zeroday #vulnerability in a Ivanti #VPN endpoint."

Es sieht so aus als wenn er recht hat DNS Auflösung und direkte ansprache via IP ist nicht möglich.

#ivanti #wallonie #belgium

⚠️ Over 16,000 Fortinet devices have been compromised with a stealthy symlink backdoor — even after being patched.

A report from The Shadowserver Foundation reveals that attackers left behind a persistent backdoor on FortiGate devices by abusing symbolic links. These links provide read-only access to sensitive configuration files, even after vulnerabilities were patched.

Here’s what happened:
- Threat actors exploited FortiOS zero-days throughout 2023 and 2024
- They planted symbolic links in language file folders on SSL-VPN enabled devices
- These links connected public folders to the root filesystem
- Even after patching, the symlinks gave attackers continued visibility into sensitive files

Fortinet says this isn’t due to a new vulnerability — it’s a "persistence mechanism" that evaded detection by living in user-accessible directories.

The impact:
- Over 16,000 devices globally are affected
- Attackers may have had access to configuration files, including credentials
- Fortinet is notifying affected customers and has released updated AV/IPS signatures to detect and remove the malicious symlinks

🔐 If you're using FortiGate:
- Check for recent alerts from Fortinet
- Update to the latest firmware
- Reset all credentials
- Audit logs for suspicious access behavior

At Efani, we view this as a critical reminder: patching isn’t the end of an incident — it’s the start of validation. Persistence mechanisms like this one don’t need new vulnerabilities to survive.

#CyberSecurity #Fortinet #Persistence #ZeroDay #EfaniSecure #NetworkSecurity

Apple Patches 2 Exploited iOS Zero-Days in CoreAudio and RPAC

#Apple #iOS #AppleSecurity #iOSUpdate #ZeroDay #Cybersecurity #CoreAudio #ARM #AppleSilicon #PatchAlert #SecurityUpdate

https://winbuzzer.com/2025/04/17/apple-patches-2-exploited-ios-zero-days-in-coreaudio-and-rpac-xcxwbn/

🔐 Apple just patched two iOS zero-days — both actively exploited in targeted attacks.

On April 17, Apple released emergency updates for iOS, macOS, iPadOS, tvOS, and visionOS to address CVE-2025-31200 and CVE-2025-31201 — both part of a sophisticated threat campaign aimed at specific individuals.

What was patched:

- CVE-2025-31200 – A memory corruption flaw in Core Audio that could enable code execution via a malicious media file
- CVE-2025-31201 – A vulnerability in RPAC that allowed attackers to bypass Pointer Authentication (used for memory safety)

Both flaws were exploited in the wild. Google’s Threat Analysis Group (TAG) helped identify one of them.

This brings the total to five zero-days patched by Apple in 2025, including previously exploited bugs in WebKit, Accessibility, and Core Media components.

🚨 Devices affected:

- iPhones: XS and later
- iPads: 7th gen and later
- macOS Sequoia devices
- Apple Vision Pro
- All Apple TV models

Apple rarely comments on details, but said the exploits were part of "extremely sophisticated attacks" — consistent with nation-state level activity or high-value surveillance operations.

At @Efani, we view this as a reminder:
Even the most secure platforms are never immune. Patching is protection.

If you're using Apple products, update now — and ensure auto-update policies are enforced across all endpoints.

#CyberSecurity #ZeroDay #AppleSecurity #iOS #EfaniSecure #VulnerabilityManagement