Author: Sergiu Gatlan

​Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. This medium severity flaw (CVE-2025-21590) was reported by Amazon security engineer Matteo Memelli and is caused by an improper isolation or compartmentalization weakness. Successful exploitation lets local attackers with high privileges execute arbitrary code on vulnerable routers to compromise the devices’ integrity. “At least one instance of malicious exploitation (not at Amazon) has been reported to the Juniper SIRT. Customers are encouraged to upgrade to a fixed release as soon as it’s available and in the meantime take steps…

Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in “extremely sophisticated” attacks. The vulnerability is tracked as CVE-2025-24201 and was found in the WebKit cross-platform web browser engine used by Apple’s Safari web browser and many other apps and web browsers on macOS, iOS, Linux, and Windows. “This is a supplementary fix for an attack that was blocked in iOS 17.2,” the iPhone maker said in security advisories issued on Tuesday. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted…