AI powered ransomware discovered, update your Firefox to version 142 now, Linux vulnerability allowing privilege escalation...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. We’ve also got the latest CVE information to help you stay ahead of vulnerabilities. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.Â
News & Articles
NVIDIA NeMo AI Curator Enables Code Execution and Privilege Escalation
NVIDIA has issued a critical security bulletin addressing a high-severity vulnerability in its NeMo Curator platform that could allow attackers to execute malicious code and escalate privileges on affected systems.Â
The vulnerability, designated CVE-2025-23307, affects all versions of NVIDIA NeMo Curator prior to release 25.07 across Windows, Linux, and macOS platforms.
The security flaw stems from improper input validation in the NeMo Curator’s file processing mechanisms, enabling threat actors to craft malicious files that trigger code injection attacks.Â
The company emphasises that local access requirements may limit the vulnerability’s immediate exploitability in properly segmented environments.
Mozilla Firefox High Severity Vulnerabilities Enables Remote Code Execution
Mozilla has released Firefox 142 to address multiple high-severity security vulnerabilities that could allow attackers to execute arbitrary code remotely on affected systems.Â
The security advisory, published on 19th August 2025, reveals nine distinct vulnerabilities ranging from sandbox escapes to memory safety bugs, with several classified as high-impact threats capable of enabling remote code execution (RCE).
Organisations and individual users must prioritise immediate updates to Firefox 142 to mitigate these critical security risks.Â
The memory safety vulnerabilities particularly concern enterprise environments, as they affect both standard Firefox releases and ESR versions commonly deployed in corporate settings.
Linux Kernel Netfilter Vulnerability Let Attackers Escalate Privileges
A critical vulnerability in the Linux kernel’s netfilter ipset subsystem has been discovered that allows local attackers to escalate privileges to root-level access.Â
The flaw, identified in the bitmap:ip implementation within the ipset framework, stems from insufficient range validation when processing CIDR notation in IP address ranges.Â
This missing bounds check enables attackers to trigger out-of-bounds memory writes in kernel space, ultimately providing a pathway to full system compromise.Â
The vulnerability affects kernel versions up to 6.12.2 and has been addressed through a recently released patch that implements proper range validation across all code paths.
Organisations running affected kernel versions should prioritize applying the available patch, which addresses the issue by implementing a comprehensive range validation that checks both ip < map->first_ip and ip_to > map->last_ip conditions regardless of how the IP range is specified.
Someone has Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock.
Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month.
The emergence of PromptLock is another sign that AI has made it easier for cybercriminals, even those who lack technical expertise, to quickly set up new campaigns, develop malware, and create compelling phishing content and malicious sites.
Latest Vulnerabilities & Exploits
CVE-2025-43284
Critical - macOS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to cause unexpected system termination.
CVE-2025-48979
Critical - UISP
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
CVE-2025-54142
Medium - Akamai Ghost
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards.
CVE-2025-9600
Medium - itsourcecode Apartment Management
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/member_type_setup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Sources:Â CyberSecurityNews, The HackerNews