{"id":4725,"date":"2025-05-27T09:17:19","date_gmt":"2025-05-27T08:17:19","guid":{"rendered":"https:\/\/www.d2na.com\/?p=4725"},"modified":"2025-05-27T09:27:37","modified_gmt":"2025-05-27T08:27:37","slug":"weekly-security-news-27th-may-2025","status":"publish","type":"post","link":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/","title":{"rendered":"Weekly Security News – 27th May 2025"},"content":{"rendered":"<\/span> 7<\/span> mins read<\/span><\/span>\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Linux kernel 0-day discovered, patches for Ivanti and Samsung, payroll logins being stolen, Google domains compromised...<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.\u00a0<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Vulnerabilities and Patches<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Ivanti has\u00a0released\u00a0security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution.<\/p>\n

The vulnerabilities in question are listed below –<\/p>\n

    \n
  • CVE-2025-4427\u00a0(CVSS score: 5.3) – An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials<\/li>\n
  • CVE-2025-4428\u00a0(CVSS score: 7.2) – A remote code execution vulnerability in Ivanti Endpoint Manager Mobile allowing attackers to execute arbitrary code on the target system<\/li>\n<\/ul>\n

    An attacker that successfully exploits these flaws could chain them together to execute arbitrary code on a vulnerable device without authentication.<\/p>\n

    The flaws impact the following versions of the product –<\/p>\n

      \n
    • 11.12.0.4 and prior (Fixed in 11.12.0.5)<\/li>\n
    • 12.3.0.1 and prior (Fixed in 12.3.0.2)<\/li>\n
    • 12.4.0.1 and prior (Fixed in 12.4.0.2)<\/li>\n
    • 12.5.0.0 and prior (Fixed in 12.5.0.1)<\/li>\n<\/ul>\n

      Ivanti, which credited CERT-EU for reporting the issues,\u00a0said\u00a0it’s “aware of a very limited number of customers who have been exploited at the time of disclosure” and that the vulnerabilities are “associated with two open-source libraries integrated into EPMM.”<\/p>\n

      The company, however, did not disclose the names of the impacted libraries. It’s also not known what other software applications relying on the two libraries could be affected. Furthermore, the company said it’s still investigating the cases, and that it does not have reliable indicators of compromise associated with the malicious activity.<\/p>\n

      “The risk to customers is significantly reduced if they already filter access to the API using either the built-in Portal ACLs functionality or an external web application firewall,” Ivanti noted.<\/p>\n

      “The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products.”<\/p>\n

      Separately, Ivanti has also\u00a0shipped patches\u00a0to contain an authentication bypass flaw in on-premise versions of Neurons for ITSM (CVE-2025-22462, CVSS score: 9.8) that could allow a remote unauthenticated attacker to gain administrative access to the system. There is no evidence that the security defect has been exploited in the wild.<\/p>\n

      With zero-days in Ivanti appliances becoming a\u00a0lightning rod for threat actors\u00a0in recent years, it’s imperative that users move quickly to update their instances to the latest versions for optimal protection.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild.<\/p>\n

      The vulnerability, tracked as\u00a0CVE-2025-4632\u00a0(CVSS score: 9.8), has been described as a path traversal flaw.<\/p>\n

      “Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary files as system authority,” according to an\u00a0advisory\u00a0for the flaw.<\/p>\n

      It’s worth noting that CVE-2025-4632 is a patch bypass for CVE-2024-7399, another path traversal flaw in the same product that was remediated by Samsung in August 2024.<\/p>\n

      CVE-2025-4632 has since been\u00a0exploited\u00a0in the wild shortly after the release of a proof-of-concept (PoC) by SSD Disclosure on April 30, 2025, in some instances to even deploy the Mirai botnet.<\/p>\n

      While it was initially assumed that the attacks were targeting CVE-2024-7399, cybersecurity company Huntress first revealed the existence of an unpatched vulnerability last week after finding signs of exploitation even on MagicINFO 9 Server instances running the latest version (21.1050).<\/p>\n

      In a follow-up report published on May 9, Huntress\u00a0revealed\u00a0three separate incidents that involved the exploitation of CVE-2025-4632, with unidentified actors running an identical set of commands to download additional payloads like “srvany.exe” and “services.exe” on two hosts and executing reconnaissance commands on the third.<\/p>\n

      Users of the Samsung MagicINFO 9 Server are recommended to apply the latest fixes as soon as possible to safeguard against potential threats.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Linux kernel SMB 0-Day Vulnerability Uncovered Using ChatGPT<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      A zero-day vulnerability in the Linux kernel was discovered, utilizing OpenAI\u2019s o3 model. This finding, assigned CVE-2025-37899, marks a significant advancement in AI-assisted vulnerability research.<\/p>\n

      The vulnerability, officially confirmed on May 20, 2025, affects the ksmbd component of the Linux kernel an in-kernel server that implements the SMB3 protocol for sharing files over networks.<\/p>\n

      Specifically, a\u00a0use-after-free vulnerability\u00a0in the handler for the SMB \u2018logoff\u2019 command was identified that could potentially lead to serious security breaches.<\/p>\n

      \u201cI found the vulnerability with nothing more complicated than the o3 API \u2013 no scaffolding, no agentic frameworks, no tool use,\u201d stated Sean, who discovered the flaw. \u201cThis is, as far as I\u2019m aware, the first public discussion of a vulnerability of that nature being found by a large language model, Sean said.<\/p>\n

      The technical details reveal that when one thread is processing a logoff command, it frees the sess->user object.<\/p>\n

      However,\u00a0suppose another connection has sent a session setup request to bind to the session being freed. In that case, the handler for that connection could simultaneously be accessing sess->user, resulting in a classic use-after-free scenario.<\/p>\n

      Such vulnerabilities can lead to memory corruption and potentially allow attackers to execute arbitrary code with kernel privileges.<\/p>\n

      OpenAI\u2019s o3 model, released on April 16, 2025, represents a significant advancement in AI reasoning capabilities. The model is designed to \u201cthink for longer before responding\u201d and demonstrates substantially improved performance in complex tasks, including coding and mathematics.<\/p>\n

      Its ability to\u00a0understand complex code structures and reason about concurrent operations proved crucial in identifying this vulnerability.<\/p>\n

      \u201cWith o3,\u00a0LLMs have made a leap forward in their ability to reason about code, and if you work in vulnerability research, you should start paying close attention,\u201d Sean noted. \u201cThey are now at a stage where they can make you significantly more efficient and effective.\u201d<\/p>\n

      Security experts rate this vulnerability with a high severity score, though the Exploit Prediction Scoring System (EPSS) currently estimates a relatively low exploitation probability of 0.02%. The vulnerability affects multiple Linux kernel versions up through 6.12.27, 6.14.5, and\u00a06.15-rc4.<\/p>\n

      Linux distributions, including SUSE, are already working on patches. The SUSE Security Team currently rates the issue as having \u201cmoderate severity.\u201d Users are encouraged to apply updates as they become available.<\/p>\n

      The discovery marks a watershed moment in how AI systems might transform security research. Rather than replacing human security researchers, models like o3 are proving to be powerful assistants that can efficiently analyze complex codebases.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Cyber Attacks<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Critical Samlify SSO flaw lets attackers log in as admin<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      A\u00a0critical Samlify authentication bypass vulnerability has been discovered that allows\u00a0attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses.<\/p>\n

      Samlify is a high-level authentication library that helps developers integrate SAML SSO and Single Log-Out (SLO) into Node.js applications. It is a popular tool for building or connecting to identity providers (IdPs) and service providers (SPs) using SAML.<\/p>\n

      The library is used by SaaS platforms, organizations implementing SSO for internal tools, developers integrating with corporate Identity Providers like Azure AD or Okta, and in federated identity management scenarios. It is very popular, measuring over 200,000 weekly downloads on npm.<\/p>\n

      The flaw, tracked as\u00a0CVE-2025-47949, is a critical (CVSS v4.0 score: 9.9) Signature Wrapping flaw impacting all versions of Samlify before 2.10.0.<\/p>\n

      As EndorLabs explained in a report, Samlify correctly verifies that the XML document providing a user’s identity is signed. Still, it proceeds to read fake\u00a0assertions from a part of the XML that isn’t.<\/p>\n

      Attackers holding a valid signed SAML response through interception or via public metadata can modify it to exploit the parsing flaw in the library and authenticate as someone else.<\/p>\n

      “The attacker then takes this legitimately signed XML document and manipulates it. They insert a second, malicious SAML Assertion into the document,”\u00a0explains EndorLabs.<\/p>\n

      “This malicious assertion contains the identity of a target user (e.g., an administrator’s username).”<\/p>\n

      “The crucial part is that the valid signature from the original document still applies to a benign part of the XML structure, but the SP’s vulnerable parsing logic will inadvertently process the unsigned, malicious assertion.”<\/p>\n

      This is a complete SSO bypass, allowing unauthorized remote attackers to perform privilege escalation and log in as administrators.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      In Other News...<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Hackers Exploiting Trusted Google Domains to Inject Malicious Scripts<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      A sophisticated new malvertising scheme has emerged, transforming legitimate e-commerce websites into phishing platforms without the knowledge of site owners or advertisers.<\/p>\n

      Cybercriminals are exploiting integrations with Google APIs to inject malicious scripts into e-commerce sites using JSONP calls.<\/p>\n

      These scripts silently redirect unsuspecting shoppers to fraudulent payment pages, tricking them into disclosing credit card details while believing they are transacting with trusted merchants.<\/p>\n

      Unlike traditional malvertising campaigns that rely on suspicious ads or obvious redirects, this attack weaponizes the legitimacy of high-quality sites and clean ad placements.<\/p>\n

      Shoppers click on legitimate advertisements and visit real storefronts only to encounter invisible threats operating beneath the surface.<\/p>\n

      One notable victim was Ray-Ban\u2019s Indian store (india.ray-ban.com), where attackers compromised the site\u2019s backend, transforming a trusted retail destination into an unwitting phishing platform.<\/p>\n

      GeoEdge researchers\u00a0identified\u00a0that this attack gives cybercriminals a double advantage: they hijack the credibility of established brands while leveraging the brands\u2019 own marketing investments to drive traffic to their scams.<\/p>\n

      Although the current scale of attacks remains relatively small, their\u00a0persistence\u00a0is particularly concerning.<\/p>\n

      The vulnerability was disclosed to Google in November 2024, yet several compromised sites remain active, continuing to expose users to ongoing risk.<\/p>\n

      The technical foundation of this attack exploits JSONP (JSON with Padding), a technique originally designed to bypass the same-origin policy in browsers.<\/p>\n

      Attackers abuse JSONP endpoints in trusted Google domains to deliver\u00a0malicious JavaScript\u00a0that bypasses Content Security Policy (CSP) protections, as most websites explicitly allow Google\u2019s domains.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Hackers Attacking Employees Mimic as Organisations to Steal Payroll Logins & Reroute Payments<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      A sophisticated search engine optimization (SEO) poisoning attack has emerged, targeting employees through their mobile devices with fake login pages that mimic legitimate corporate portals.<\/p>\n

      The attack, which has already affected organisations in the manufacturing sector, enables hackers to steal employee credentials, access payroll systems, and redirect salary payments to attacker-controlled accounts.<\/p>\n

      This deceptive campaign represents a new evolution in social engineering attacks, specifically designed to bypass traditional security measures by targeting personal devices that typically lack enterprise-grade protections.<\/p>\n

      The attack begins when employees search for their company\u2019s payroll portal using mobile devices. Malicious actors have optimized fraudulent websites to appear at the top of search results when specific keywords like \u201cpayroll\u201d and \u201cportal\u201d are combined with a company\u2019s name.<\/p>\n

      When users click these links, they\u2019re seamlessly directed to what appears to be their organization\u2019s legitimate login page, where their credentials are harvested without their knowledge.<\/p>\n

      ReliaQuest researchers\u00a0identified\u00a0this attack in May 2025 after detecting unauthorized access to a customer\u2019s SAP SuccessFactors human resources platform.<\/p>\n

      According to their investigation, the threat actors specifically targeted mobile devices because they typically connect to guest Wi-Fi networks or cellular connections that lack the robust security measures found on corporate networks, such as web traffic filtering that could block access to malicious sites.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

      <\/span> 7<\/span> mins read<\/span><\/span>Linux kernel 0-day discovered, patches for Ivanti and Samsung, payroll logins being stolen, Google domains compromised… Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get […]<\/p>\n","protected":false},"author":1,"featured_media":4731,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[355],"tags":[287,285,286,289,288,284],"class_list":["post-4725","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","tag-cyber-attacks","tag-cyber-security","tag-news","tag-patches","tag-vulnerabilities","tag-weekly-security-news"],"yoast_head":"\nWeekly Security News - 27th May 2025 - D2NA<\/title>\n<meta name=\"description\" content=\"Linux kernel 0-day discovered, patches for Ivanti and Samsung, payroll logins being stolen, Google domains compromised...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weekly Security News - 27th May 2025\" \/>\n<meta property=\"og:description\" content=\"Linux kernel 0-day discovered, patches for Ivanti and Samsung, payroll logins being stolen, Google domains compromised...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/\" \/>\n<meta property=\"og:site_name\" content=\"D2NA\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-27T08:17:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-27T08:27:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/05\/2025-05-27.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Shaun Conway\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@D2NA\" \/>\n<meta name=\"twitter:site\" content=\"@D2NA\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shaun Conway\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/\"},\"author\":{\"name\":\"Shaun Conway\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\"},\"headline\":\"Weekly Security News – 27th May 2025\",\"datePublished\":\"2025-05-27T08:17:19+00:00\",\"dateModified\":\"2025-05-27T08:27:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/\"},\"wordCount\":1929,\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/2025-05-27.jpeg\",\"keywords\":[\"cyber attacks\",\"cyber security\",\"news\",\"patches\",\"vulnerabilities\",\"weekly security news\"],\"articleSection\":[\"Security News\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/\",\"name\":\"Weekly Security News - 27th May 2025 - D2NA\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/2025-05-27.jpeg\",\"datePublished\":\"2025-05-27T08:17:19+00:00\",\"dateModified\":\"2025-05-27T08:27:37+00:00\",\"description\":\"Linux kernel 0-day discovered, patches for Ivanti and Samsung, payroll logins being stolen, Google domains compromised...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/2025-05-27.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/2025-05-27.jpeg\",\"width\":1200,\"height\":628,\"caption\":\"2025-05-27\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/05\\\/27\\\/weekly-security-news-27th-may-2025\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.d2na.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Weekly Security News – 27th May 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"name\":\"D2NA\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.d2na.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\",\"name\":\"D2 Network Associates Limited\",\"alternateName\":\"D2NA\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"width\":180,\"height\":60,\"caption\":\"D2 Network Associates Limited\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/D2NA\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/d2-network-associates-ltd\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\",\"name\":\"Shaun Conway\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"caption\":\"Shaun Conway\"},\"sameAs\":[\"https:\\\/\\\/www.d2na.com\"],\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/author\\\/shaun-conway\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Weekly Security News - 27th May 2025 - D2NA","description":"Linux kernel 0-day discovered, patches for Ivanti and Samsung, payroll logins being stolen, Google domains compromised...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/","og_locale":"en_GB","og_type":"article","og_title":"Weekly Security News - 27th May 2025","og_description":"Linux kernel 0-day discovered, patches for Ivanti and Samsung, payroll logins being stolen, Google domains compromised...","og_url":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/","og_site_name":"D2NA","article_published_time":"2025-05-27T08:17:19+00:00","article_modified_time":"2025-05-27T08:27:37+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/05\/2025-05-27.jpeg","type":"image\/jpeg"}],"author":"Shaun Conway","twitter_card":"summary_large_image","twitter_creator":"@D2NA","twitter_site":"@D2NA","twitter_misc":{"Written by":"Shaun Conway","Estimated reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/#article","isPartOf":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/"},"author":{"name":"Shaun Conway","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36"},"headline":"Weekly Security News – 27th May 2025","datePublished":"2025-05-27T08:17:19+00:00","dateModified":"2025-05-27T08:27:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/"},"wordCount":1929,"publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/05\/2025-05-27.jpeg","keywords":["cyber attacks","cyber security","news","patches","vulnerabilities","weekly security news"],"articleSection":["Security News"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/","url":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/","name":"Weekly Security News - 27th May 2025 - D2NA","isPartOf":{"@id":"https:\/\/www.d2na.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/#primaryimage"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/05\/2025-05-27.jpeg","datePublished":"2025-05-27T08:17:19+00:00","dateModified":"2025-05-27T08:27:37+00:00","description":"Linux kernel 0-day discovered, patches for Ivanti and Samsung, payroll logins being stolen, Google domains compromised...","breadcrumb":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/#primaryimage","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/05\/2025-05-27.jpeg","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/05\/2025-05-27.jpeg","width":1200,"height":628,"caption":"2025-05-27"},{"@type":"BreadcrumbList","@id":"https:\/\/www.d2na.com\/index.php\/2025\/05\/27\/weekly-security-news-27th-may-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.d2na.com\/"},{"@type":"ListItem","position":2,"name":"Weekly Security News – 27th May 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.d2na.com\/#website","url":"https:\/\/www.d2na.com\/","name":"D2NA","description":"","publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.d2na.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.d2na.com\/#organization","name":"D2 Network Associates Limited","alternateName":"D2NA","url":"https:\/\/www.d2na.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","width":180,"height":60,"caption":"D2 Network Associates Limited"},"image":{"@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/D2NA","https:\/\/www.linkedin.com\/company\/d2-network-associates-ltd\/"]},{"@type":"Person","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36","name":"Shaun Conway","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","caption":"Shaun Conway"},"sameAs":["https:\/\/www.d2na.com"],"url":"https:\/\/www.d2na.com\/index.php\/author\/shaun-conway\/"}]}},"_links":{"self":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/4725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/comments?post=4725"}],"version-history":[{"count":6,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/4725\/revisions"}],"predecessor-version":[{"id":4733,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/4725\/revisions\/4733"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media\/4731"}],"wp:attachment":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media?parent=4725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/categories?post=4725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/tags?post=4725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}