⚡ Weekly Recap: Apple 0-days, Winrar Exploit, Lastpass Fines, .net...

If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready.

Below, we list the urgent updates you need to install right now to stop these active threats.

Apple and Google Release Fixes for Actively Exploited Flaws — Apple released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari web browser to address two zero-days that the company said have been exploited in highly targeted attacks. CVE-2025-14174 has been described as a memory corruption issue, while the second, CVE-2025-43529, is a use-after-free bug. They can both be exploited using maliciously crafted web content to execute arbitrary code. CVE-2025-14174 was also addressed by Google in its Chrome browser since it resides in its open-source Almost Native Graphics Layer Engine (ANGLE) library. There are currently no details on how these flaws were exploited, but evidence points to it likely having been weaponized by commercial spyware vendors.

This playbook is for security leaders who are scaling CloudSec teams and need a structure that keeps up with cloud complexity. Built specifically for modern cloud-forward security teams, it breaks down how CISOs are structuring cloud security functions today – including emerging roles, team models, reporting lines, and practical templates for planning headcount and responsibilities across cloud, AppSec, platform security, and more.

Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week's most serious security flaws. Check them, fix what matters first, and stay protected.

This week's list includes — CVE-2025-43529, CVE-2025-14174 (Apple), CVE-2025-14174 (Google Chrome), CVE-2025-55183, CVE-2025-55184, CVE-2025-67779 (React), CVE-2025-8110 (Gogs), CVE-2025-62221 (Microsoft Windows), CVE-2025-59718, CVE-2025-59719 (Fortinet), CVE-2025-10573 (Ivanti Endpoint Manager), CVE-2025-42880, CVE-2025-55754, CVE-2025-42928 (SAP), CVE-2025-9612, CVE-2025-9613, CVE-2025-9614 (PCI Express Integrity and Data Encryption protocol), CVE-2025-27019, CVE-2025-27020 (Infinera MTC-9), CVE-2025-65883 (Genexis Platinum P4410 router), CVE-2025-64126, CVE-2025-64127, CVE-2025-64128 (Zenitel TCIV-3+), CVE-2025-66570 (cpp-httplib), CVE-2025-63216 (Itel DAB Gateway), CVE-2025-63224 (Itel DAB Encoder)

Source: The Hacker News