Mozilla Patches Critical Firefox 0-Day Flaws CVE-2025-4918 & CVE-2025-4919
Friday, November 21, 2025
Top 5 Cybersecurity Stories You Should Know
-
Mozilla Patches Critical Firefox 0-Day Flaws CVE-2025-4918 & CVE-2025-4919 — tl;dr: Mozilla has released an urgent update for Firefox to address two critical 0-day vulnerabilities, CVE-2025-4918 and CVE-2025-4919, that could allow remote code execution. Discovered by researchers from Palo Alto Networks and Trend Micro, these flaws relate to improper memory handling in the JavaScript engine, posing significant risks to users. All Firefox users are strongly advised to update to version 138.0.4 immediately to mitigate potential exploitation. For those unable to update, it is recommended to avoid unfamiliar websites and disable JavaScript temporarily.
↪ https://gbhackers.com/critical-firefox-0-day-flaws/ -
WK Kellogg Reports Data Breach Tied to Clop Ransomware Exploiting Cleo Vulnerabilities — tl;dr: WK Kellogg Co has disclosed a data breach linked to the Clop ransomware group, which exploited two zero-day vulnerabilities in Cleo's managed file transfer software (CVE-2024-50623 and CVE-2024-55956). The breach, which occurred on December 7, 2024, involved unauthorized access to employee files, potentially exposing personal information such as names and Social Security numbers. Affected individuals are advised to enroll in free identity monitoring services and consider placing fraud alerts on their credit files. This incident highlights the ongoing risks associated with ransomware attacks targeting third-party software providers.
↪ https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/ -
Google Patches Chrome Zero-Day Vulnerability CVE-2023-6345 Exploited in the Wild — tl;dr: Google has addressed a critical zero-day vulnerability in Chrome, identified as CVE-2023-6345, which was actively exploited in the wild. This integer overflow flaw in the Skia graphics library poses risks such as arbitrary code execution and system crashes. Users are urged to update their Chrome browsers to version 119.0.6045.199 for Mac and Linux, and 119.0.6045.199/.200 for Windows, to mitigate potential threats. The update also resolves five other high-severity vulnerabilities, emphasizing the importance of maintaining up-to-date software for enhanced security.
↪ https://blog.deurainfosec.com/chrome-zero-day-vulnerability-that-exploited-in-the-wild/ -
Harvard Investigates Data Breach; F5 Networks Hacked by State-Sponsored Attackers — tl;dr: Harvard University is probing a data breach linked to the Clop ransomware gang, which claims to have exploited a zero-day vulnerability in Oracle's E-Business Suite (CVE-2025-61882). Meanwhile, F5 Networks reported that government-backed hackers accessed its systems, stealing source code and customer data, prompting urgent patching recommendations for affected products. Additionally, Vietnam Airlines suffered a cyberattack exposing data of 7.3 million passengers. Organizations using F5 products and Oracle's E-Business Suite should prioritize updates to mitigate risks and protect sensitive information.
↪ https://infosec-mashup.santolaria.net/p/infosec-mashup-42-2025 -
Washington Post Data Breach Tied to Zero-Day CVE-2025-61884 Exploit by Clop Ransomware — tl;dr: The Washington Post has confirmed a data breach affecting nearly 10,000 employees and contractors, linked to a zero-day exploit (CVE-2025-61884) in Oracle E-Business Suite. The Clop ransomware group exploited this vulnerability, accessing sensitive personal and financial data between July 10 and August 22, 2025. Affected individuals have been offered 12 months of identity protection services. The incident highlights the importance of proactive vulnerability management and monitoring of enterprise software environments to prevent similar attacks. Organizations are advised to implement security patches and consider credit freezes as precautionary measures.
↪ https://freedium.cfd/https://medium.com/p/78191151931a
Featured LufSec Resource
AI Hacking: Secure Large Language Models — Red-team and harden LLM apps with practical guardrails.
Explore →
Connect with LufSec
- YouTube: https://www.youtube.com/@lufsec
- Instagram: https://www.instagram.com/lufsec
