Both vulnerabilities carry a CVSS score of 9.1, indicating their severity and potential impact. CVE-2024-55573 exploits a flaw in the form used to create virtual metrics, while CVE-2024-53923 targets the media upload functionality in Centreon Web.

The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple's Core Media framework.

With proof-of-concept exploits available, attackers could quickly weaponize these flaws for advanced persistent threats (APTs), ransomware operations, or espionage campaigns.

The attack leverages differences in how web servers, frameworks, and browsers handle cookies based on legacy standards such as RFC2109, in contrast to the modern RFC6265 standard.

The campaign, first observed on January 22, 2025, involves threat actors leveraging recently disclosed vulnerabilities in SimpleHelp to compromise devices running the software.

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials.

Organizations relying on One Identity Manager must act swiftly to patch their systems and prevent potential breaches that could compromise their valuable data and operations.

AMD is aware of a newly reported processor vulnerability. Execution of the attack requires both local administrator-level access to the system, and the development and execution of malicious microcode.

Mitel has released fixes for both vulnerabilities and strongly recommends that customers update their OpenScape 4000 and OpenScape 4000 Manager systems to the latest versions as soon as possible.

This campaign resulted in compromising over 18,459 devices globally. The stolen data included sensitive information like browser credentials, Discord tokens, Telegram data, and system information from the compromised devices.