Morning Overview on MSN

Leaked iPhone exploit kit on GitHub targets older iOS versions

An exploit kit known as Coruna has appeared on GitHub, bundling working attack code for several Apple iOS vulnerabilities ...
SecurityWeek

‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

The DarkSword iOS exploit chain was used by the Russian APT behind the Coruna exploit in attacks targeting Ukraine.

New DarkSword iOS exploit used in infostealer attack on iPhones

A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal ...
Bleeping Computer

Critical Ivanti RCE flaw with public exploit now used in attacks

CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks.
Infosecurity Magazine

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability ...

Apple confirms today’s iOS and iPadOS updates for older devices address the Coruna exploit

Apple has detailed the security content for iOS and iPadOS 16.7.15, 15.8.7, 16.7.15, and 15.8.7, confirming that they address ...
The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...

Zero-day allows code execution in WindChill and FlexPLM

The manufacturer warns and urges admins to urgently secure their instances with a workaround. A patch is still pending.
The Hacker News

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Veeam fixes 7 Backup & Replication flaws, including CVSS 9.9 RCE bugs, warning attackers may exploit unpatched systems.