Renault suffers a cyber attack, Discord compromised, WhatsApp malware and Microsoft disables some images...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. We’ve also got the latest CVE information to help you stay ahead of vulnerabilities. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.Â
News & Articles
Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users
Microsoft has announced a significant security enhancement for Outlook users, implementing the retirement of inline SVG image support across Outlook for Web and the new Outlook for Windows platforms.
This change represents a proactive measure to strengthen email security infrastructure and protect users from potential cybersecurity threats.
The rollout timeline has been strategically structured to ensure comprehensive coverage across all Microsoft 365 environments. The worldwide deployment commenced in early September 2025 and was completed by mid-September 2025, affecting standard commercial tenants.
The retirement of inline SVG support addresses critical security vulnerabilities, particularly cross-site scripting (XSS) attacks that can exploit SVG’s XML-based structure.
Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked
A data breach at a third-party customer service provider has exposed the personal data of some Discord users, including names, email addresses, and a small number of scanned government-issued photo IDs.
The incident did not compromise Discord’s main systems, and the unauthorised access was limited to data handled by the company’s support teams.
Discord announced that it recently discovered an unauthorised party had gained access to its customer support ticketing system by compromising one of its third-party service vendors.
The data exposed in the breach pertains to users who interacted with Discord’s Customer Support or Trust & Safety teams. The compromised information may include full names, Discord usernames, email addresses, and other contact details provided during support interactions.
Renault UK Suffers Cyberattack – Hackers Stolen Users Customers Personal Data
Renault UK has notified customers of a data breach after a cyberattack on one of its third-party service providers resulted in the theft of personal information.
The company has assured its clients that its own internal systems were not compromised and that no financial data was exposed.
Renault UK began sending emails to affected drivers to inform them of “a cyber-attack on one of our third-party providers, leading to some Renault UK customers’ personal data being taken from one of their systems.”
While financial details and passwords were not affected, a significant amount of personal and vehicle-related information was stolen.
According to a statement from a Renault UK spokesperson, the compromised data includes some or all of the following for affected customers: full names, addresses, dates of birth, gender, and phone numbers.
Furthermore, vehicle-specific details such as Vehicle Identification Numbers (VIN) and vehicle registration numbers were also part of the exfiltrated data set.
Researchers Warn of Self-Spreading WhatsApp Malware
Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp.
The campaign, codenamed SORVEPOTEL by Trend Micro, weaponises the trust with the platform to extend its reach across Windows systems, adding the attack is “engineered for speed and propagation” rather than data theft or ransomware.
“SORVEPOTEL has been observed to spread across Windows systems through convincing phishing messages with malicious ZIP file attachments,” researchers said.
Once the attachment is opened, the malware automatically propagates via the desktop web version of WhatsApp, ultimately causing the infected accounts to be banned for engaging in excessive spam. There are no indications that the threat actors have leveraged the access to exfiltrate data or encrypt files.
Latest Vulnerabilities & Exploits
CVE-2025-11273 – Medium
A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function redirectToAuthorization of the file /src/main/services/mcp/oauth/provider.ts. The manipulation of the argument URL results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-11272 – Medium
A vulnerability has been found in SeriaWei ZKEACMS up to 4.3. This affects the function Delete of the file src/ZKEACMS.Redirection/Controllers/UrlRedirectionController.cs of the component POST Request Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-53616 – High
In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP (ipimap)->i_imap in diUnmount.
CVE-2023-53615 – Medium
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice.
CVE-2025-55972 – High
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, an attacker can cause the device to become unresponsive. This denial persists as long as the attack continues and affects all forms of TV operation. Manual user control and even reboots do not restore functionality unless the flood stops.
CVE-2025-44007 – High
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 (2025/07/09 ) and later
CVE-2024-56804 – Medium
An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later.
CVE-2025-61591 – High
Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during the interaction process, leading to command injection and potential remote code execution. If chained with an untrusted MCP service via OAuth, this command injection vulnerability could allow arbitrary code execution on the host by the agent. This can then be used to directly compromise the system by executing malicious commands with full user privileges. This issue does not currently have a fixed release version, but there is a patch, 2025.09.17-25b418f.
CVE-2025-56551 – High
An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request.
CVE-2021-42193 – Medium
nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires
Sources:Â CyberSecurityNews, The Hacker News