Cyber Threat Digest – 2025-09-28

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

• CVE-2025-20362 — Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability — Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense (Added: 2025-09-25) — Details
• CVE-2025-20333 — Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability — Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense (Added: 2025-09-25) — Details
• CVE-2025-10585 — Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 (Added: 2025-09-23) — Details
• CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details
• CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details
• CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details
• CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details
• CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details

---

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

• CVE-2025-11063 — A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/edit_department.php. The manipulati… MEDIUM 6.9 — Details
• CVE-2025-11064 — A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Impacted is an unknown function of the file /admin/teachers.php. The manipulation of the arg… MEDIUM 6.9 — Details
• CVE-2025-11066 — A flaw has been found in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/bidlist.php. Executing manipulation of the argument ID… MEDIUM 6.9 — Details
• CVE-2025-11067 — A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipu… MEDIUM 4.8 — Details
• CVE-2025-11068 — A vulnerability was found in westboy CicadasCMS 1.0. Affected by this vulnerability is an unknown functionality of the file /system/cms/category/save. The manipulation of the argum… MEDIUM 4.8 — Details
• CVE-2025-11069 — A vulnerability was determined in westboy CicadasCMS 1.0. Affected by this issue is some unknown functionality of the file /system/org/save of the component Add Department Handler.… MEDIUM 4.8 — Details

---

📰 Security News

Top headlines from trusted sources.

• Fake Microsoft Teams installers push Oyster malware via malvertising
  — Sat, 27 Sep 2025 19:49:22 GMT
• Dutch teens arrested for trying to spy on Europol for Russia
  — Sat, 27 Sep 2025 14:17:44 GMT
• Microsoft's new AI feature will organize your photos automatically
  — Fri, 26 Sep 2025 19:41:18 GMT
• US investors to take over TikTok operations in the country
  — Fri, 26 Sep 2025 17:01:38 GMT
• Microsoft shares temp fix for Outlook encrypted email errors
  — Fri, 26 Sep 2025 16:43:48 GMT
• Microsoft Edge to block malicious sideloaded extensions
  — Fri, 26 Sep 2025 15:39:15 GMT