Cyber Threat Digest – 2025-10-11

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

• CVE-2021-43798 — Grafana Path Traversal Vulnerability — Grafana Labs Grafana (Added: 2025-10-09) — Details
• CVE-2025-27915 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) (Added: 2025-10-07) — Details
• CVE-2021-22555 — Linux Kernel Heap Out-of-Bounds Write Vulnerability — Linux Kernel (Added: 2025-10-06) — Details
• CVE-2010-3962 — Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability — Microsoft Internet Explorer (Added: 2025-10-06) — Details
• CVE-2021-43226 — Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows (Added: 2025-10-06) — Details
• CVE-2013-3918 — Microsoft Windows Out-of-Bounds Write Vulnerability — Microsoft Windows (Added: 2025-10-06) — Details
• CVE-2011-3402 — Microsoft Windows Remote Code Execution Vulnerability — Microsoft Windows (Added: 2025-10-06) — Details
• CVE-2010-3765 — Mozilla Multiple Products Remote Code Execution Vulnerability — Mozilla Multiple Products (Added: 2025-10-06) — Details

---

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

• CVE-2025-60868 — The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and d… MEDIUM 6.5 — Details
• CVE-2025-61152 — python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token wit… MEDIUM 6.5 — Details
• CVE-2025-61319 — ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized pay… MEDIUM 6.1 — Details
• CVE-2025-8886 — Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in U… MEDIUM 6.7 — Details
• CVE-2025-8887 — Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. A… MEDIUM 6.1 — Details
• CVE-2025-60378 — Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails,… HIGH 8.1 — Details

---

📰 Security News

Top headlines from trusted sources.

• Windows 11 23H2 Home and Pro reach end of support in 30 days
  — Fri, 10 Oct 2025 19:34:13 GMT
• Hackers exploiting zero-day in Gladinet file sharing software
  — Fri, 10 Oct 2025 19:08:12 GMT
• Cybersecurity For Dummies, 3rd Edition eBook FREE for a Limited Time
  — Fri, 10 Oct 2025 18:11:25 GMT
• Google Chrome to revoke notification access for inactive sites
  — Fri, 10 Oct 2025 17:00:00 GMT
• Apple now offers $2 million for zero-click RCE vulnerabilities
  — Fri, 10 Oct 2025 16:50:35 GMT
• Copilot on Windows can now connect to email, create Office docs
  — Fri, 10 Oct 2025 14:49:09 GMT