Welcome back to VulnVerse! It's our 24th weekly dispatch, and we've got another jam-packed edition for you. Let's dive into the latest vulnerabilities, exploits, and cyber threats.

Content:

• Vulnerabilities and Exploits 🔥: 22

• Data Breaches 💥: 4

• Malware and Ransomware 🐛: 6

• Software and System Issues ⚙️: 1

• Cloud ☁️: 6

• Cybersecurity Measures and Recommendations 🔒️: 6

• Advanced Persistent Threats (APT) 🕵️: 5

Vulnerabilities and Exploits 🔥

CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

Highlights the exploitation of a zero-day vulnerability in Ivanti Connect Secure, CVE-2025-0282, describing its risks, active exploits, and recommendations for immediate mitigation.

Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection

Analyzes a new credit card skimmer targeting WordPress checkout pages through database injections, detailing its operation, impact, and prevention strategies.

Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation

Details the discovery of a zero-day vulnerability in Ivanti Connect Secure VPNs, emphasizing its exploitation in the wild and the critical need for patching to secure affected systems.

A Newly Discovered Zero-Day Exposes NTLM Credentials to Theft by Lucie Cardiet

Explains a new zero-day vulnerability that enables theft of NTLM credentials, highlighting the potential impact on enterprise systems and offering mitigation advice.

PAN-SA-2025-0001 Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials

Shares information on a critical security advisory from Palo Alto Networks, detailing the vulnerabilities, risks, and patches necessary to secure affected systems.

Samsung S24: Out of bounds write in APE Decoder [368695689]

Documents a newly identified exploit in Chrome as part of Project Zero, providing detailed analysis and recommendations for developers to secure their applications.

Privilege Escalation and OS Command Injection Vulnerabilities

Addresses critical vulnerabilities in Moxa devices, including privilege escalation and OS command injection, with recommendations for patching and securing impacted systems.

Critical Vulnerabilities Found in Fancy Product Designer Plugin

Identifies critical vulnerabilities in the Fancy Product Designer WordPress plugin, describing the risks, exploitation methods, and necessary updates to secure affected sites.