top of page
perceptive_background_267k.jpg

⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

Published:

15 december 2025 om 12:24:00

Alert date:

15 december 2025 om 12:51:29

Source:

thehackernews.com

Click to open the original link from this advisory

Operating Systems, Zero-Day Vulnerabilities, Web Technologies, Enterprise Applications, Mobile & IoT, Ransomware & Malware, Identity & Access, Data Breach & Exfiltration

Weekly cybersecurity recap covering multiple critical vulnerabilities including Apple zero-day exploits, WinRAR exploitation, LastPass regulatory fines, .NET remote code execution flaws, and OAuth-based scams. The article highlights actively exploited vulnerabilities in commonly used software including smartphones, web browsers, and file compression tools. Several threats were being exploited before patches were available. The recap emphasizes urgent security updates needed to protect against these active threats. Multiple software platforms and services are affected across different attack vectors.

Technical details

Multiple critical vulnerabilities are being actively exploited including Apple zero-days CVE-2025-14174 (memory corruption) and CVE-2025-43529 (use-after-free) via malicious web content. SOAPwn vulnerability exploits HTTP client proxies in .NET applications allowing RCE through arbitrary file writes and NTLM relay attacks. WinRAR path traversal flaw CVE-2025-6218 enables code execution. React2Shell CVE-2025-55182 (CVSS 10.0) faces widespread exploitation by Chinese APT groups. ConsentFix attack variant tricks users into pasting OAuth authorization codes from localhost URLs.

Mitigation steps:

Install urgent security updates immediately for Apple devices (iOS, iPadOS, macOS, tvOS, watchOS, visionOS, Safari), update Google Chrome, patch WinRAR, update .NET applications, apply React and Next.js patches, update Microsoft Windows systems, patch Fortinet and Ivanti products, implement MFA that is phishing-resistant, monitor for suspicious OAuth flows, review calendar subscription sources, implement endpoint detection for malicious PowerShell activities, apply patches for all trending CVEs listed, check for indicators of compromise from listed malware families.

Affected products:

Apple iOS
Apple iPadOS
Apple macOS
Apple tvOS
Apple watchOS
Apple visionOS
Apple Safari
Google Chrome
Microsoft .NET Framework
WinRAR
React
Next.js
CentreStack
Triofox
Gogs
Microsoft Windows
Fortinet products
Ivanti Endpoint Manager
SAP products
LastPass

Related links:

https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html
https://thehackernews.com/2025/12/chrome-targeted-by-active-in-wild.html
https://thehackernews.com/2025/12/net-soapwn-flaw-opens-door-for-file.html
https://thehackernews.com/2025/12/hard-coded-gladinet-keys-let-attackers.html
https://thehackernews.com/2025/12/warning-winrar-vulnerability-cve-2025.html
https://thehackernews.com/2025/12/react2shell-exploitation-escalates-into.html
https://thehackernews.com/2025/12/wirte-leverages-ashenloader-sideloading.html
https://cwe.mitre.org/top25/archive/2025/2025_cwe_top25.html
https://www.justice.gov/opa/pr/justice-department-announces-actions-combat-two-russian-state-sponsored-cyber-criminal
https://blogs.jpcert.or.jp/en/2025/11/APT-C-60_update.html
https://pushsecurity.com/blog/consentfix

Related CVE's:

Related threat actors:

IOC's:

MINOCAT tunneling utility, SNOWLIGHT downloader, COMPOOD backdoor, HISONIC backdoor, ANGRYREBEL.LINUX, Noodle RAT, AshTag malware framework, SpyGlace malware, LOTUSHARVEST malware

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page