Overview

Cyble’s vulnerability intelligence unit analyzed 17 vulnerabilities in a report to clients last week – and highlighted two that are at exceptionally high risk of exploitation.

Cyble Research and Intelligence Labs (CRIL) researchers also investigated 6 vulnerability exploits claimed by threat actors on the dark web, including a purported zero-day exploit for a Local Privilege escalation vulnerability in the Windows operating system. The threat actor was asking $70,000 USD for the exploit.

Here are some highlights from the weekly IT vulnerability intelligence report, and other Cyble reports last week.

The Top IT Vulnerabilities

Here are the two vulnerabilities highlighted by Cyble researchers for priority patching and mitigation by security teams.

CVE-2025-24201: This vulnerability in Apple’s WebKit web browser engine has been exploited in “extremely sophisticated” attacks. The vulnerability is an out-of-bounds write issue that allows an attacker to craft malicious web content to break out of the Web Content sandbox, potentially leading to unauthorized actions on the system. Patches are available.

CVE-2024-4577: Cyble has been detecting consistent attacks on this vulnerability since it was first reported in May 2024, and there are still more than 4 million vulnerable web-facing instances. The flaw is a critical remote code execution (RCE) vulnerability in PHP, specifically affecting Windows-based installations running in CGI mode. The vulnerability allows attackers to execute arbitrary code on a remote server by exploiting how Windows handles certain characters in URLs, particularly when the system locale is set to Chinese or Japanese. The vulnerability can be exploited even if PHP is not explicitly configured in CGI mode, as the PHP-CGI module is embedded in some web servers like IIS and XAMPP.

Researchers recently observed that attackers are mass-exploiting the vulnerability, with a significantly increased number of targets observed in the United States, Singapore, Japan, and other countries since January 2025.

Last week also included Patch Tuesday for Microsoft and other vendors. Notable vulnerabilities include 16 high-risk and zero-day Microsoft vulnerabilities and 9.8-severity vulnerabilities in Ivanti Endpoint Manager and Advantive VeraCore.

Cyble Recommendations

To protect against these vulnerabilities and exploits, Cyble recommends that organizations implement the following best practices:

• Regularly update all software and hardware systems with the latest patches from official vendors.
• Develop a comprehensive patch management strategy that includes inventory management, patch assessment, testing, deployment, and verification. Automate the process where possible to ensure consistency and efficiency.
• Divide your network into distinct segments to isolate critical assets from less secure areas. Use firewalls, VLANs, and access controls to limit access and reduce the attack surface exposed to potential threats.
• Create and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents, including ransomware-resistant backups. Regularly test and update the plan to ensure its effectiveness and alignment with current threats.
• Implement comprehensive monitoring and logging solutions to detect and analyze suspicious activities. Use SIEM (Security Information and Event Management) systems to aggregate and correlate logs for real-time threat detection and response.
• Subscribe to security advisories and alerts from official vendors, CERTs, and other authoritative sources. Regularly review and assess the impact of these alerts on your systems and take appropriate actions.
• Conduct regular vulnerability assessment and penetration testing (VAPT) exercises to identify and remediate vulnerabilities in your systems. Complement these exercises with periodic security audits to ensure compliance with security policies and standards.

Conclusion

Security teams should prioritize actively exploited vulnerabilities—and those at high risk of exploitation—while also considering other indicators of risk, such as internet exposure and data and application sensitivity.

Implementing strong security practices is essential for protecting sensitive data and maintaining system integrity. A comprehensive threat intelligence solution like Cyble can monitor for threats, exposures, and leaks specific to your environment, giving you the ability to respond quickly to events before they become more significant incidents.

To access complete IT vulnerability and other reports from Cyble, click here.

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.