Cyber Threat Digest – 2025-09-21

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

• CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details
• CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details
• CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details
• CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details
• CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details
• CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details
• CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details
• CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp (Added: 2025-09-02) — Details

---

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

---

📰 Security News

Top headlines from trusted sources.

• Canada dismantles TradeOgre exchange, seizes $40 million in crypto
  — Sat, 20 Sep 2025 17:11:40 GMT
• Microsoft starts rolling out Gaming Copilot on Windows 11 PCs
  — Fri, 19 Sep 2025 18:46:22 GMT
• FBI warns of cybercriminals using fake FBI crime reporting portals
  — Fri, 19 Sep 2025 16:43:29 GMT
• CISA exposes malware kits deployed in Ivanti EPMM attacks
  — Fri, 19 Sep 2025 15:46:44 GMT
• Fortra warns of max severity flaw in GoAnywhere MFT's License Servlet
  — Fri, 19 Sep 2025 14:20:52 GMT
• Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses
  — Fri, 19 Sep 2025 14:01:11 GMT