The iPhone 17 series brings some of the biggest changes that Apple’s mobile devices have ever seen. Use this guide to help decide which model is best for you.
Latest news – Read More
I’ve been slowly moving away from my Apple Watch, and with the AirPods Pro 3’s promising health features, I might never put it back on.
Latest news – Read More
While the iPhone 16 Pro has treated me well, some new specs have caught my attention.
Latest news – Read More
After 25 years at the Electronic Frontier Foundation, Cindy Cohn is stepping down as executive director. In a WIRED interview, she reflects on encryption, AI, and why she’s not ready to quit the battle.
Security Latest – Read More
It seemed like a feature exclusive to Watch 11, but Apple’s fine print says otherwise.
Latest news – Read More
The iPhone 17 is a big leap over the iPhone 16, but how good is the Pro this year? Let’s find out.
Latest news – Read More
Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products.
In this month’s release, Microsoft observed none of the included vulnerabilities being exploited in the wild. However, there are eight vulnerabilities where exploitation may be likely. Five consist of elevation of privileges, two may result in information disclosure and only one, CVE-2025-54916, is a remote code execution (RCE) vulnerability.
CVE-2025-54916 is an RCE vulnerability caused by a stack-buffer overflow in Windows NTFS that allows an authorized attacker to execute code over the network. Microsoft has noted that this vulnerability affects different versions of Windows 10, 11, Server 2008, 2012, 2016, 2019, 2022 and 2025.
CVE-2025-54910 is an RCE vulnerability caused by a heap-based buffer overflow in Microsoft Office that allows an unauthorized attacker to execute code locally. This type of vulnerability is also known as Arbitrary Code Execution (ACE). Microsoft clarifies that the attack itself is carried out locally, and that the location of the attacker can be remote, but the vulnerability must be exploited locally. This vulnerability affects Microsoft 365 Apps, Office 2016, 2019 and LTSC 2021 and 2024.
CVE-2025-54918 is an elevation of privilege (EoP) vulnerability caused by improper authentication in Windows NTLM that allows an authorized attacker to elevate privileges over a network to gain SYSTEM privileges. This vulnerability affects various versions of Windows including Windows 10, 11, Server 2008, 2012, 2016, 2019, 2022 and 2025.
CVE-2025-54101 is an RCE vulnerability caused by a use-after-free in Windows SMB v3 Client/Server that allows an authorized attacker to execute code over a network. Successful exploitation requires the attacker to win a race condition. This vulnerability affects various versions of Windows including Windows 10, 11, Server 2008, 2012, 2016, 2019 and 2022.
Two RCE vulnerabilities in DirectX Graphics kernel may result in remote code execution: CVE-2025-55226 and CVE-2025-55236. CVE-2025-55226 is caused by concurrent execution using a shared resource and improper synchronization in the Graphics Kernel allowing an authorized attacker to execute code locally. Microsoft also notes that this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. This vulnerability affects various versions of Windows including Windows 10, 11, Server 2008, 2012, 2016, 2019, 2022 and 2025.
CVE-2025-55236 is a time-of-check time-of-use (toctou) race condition in the Graphics Kernel allowing an authorized attacker to execute locally. This vulnerability affects various versions of Windows including Windows 10, 11, Server 2019, 2022 and 2025.
Talos would also like to highlight the following important vulnerabilities as Microsoft has assessed that their exploitation is more likely:
CVE-2025-53803: Windows Kernel Memory Information Disclosure Vulnerability.
CVE-2025-53804: Windows Kernel-Mode Driver Information Disclosure Vulnerability.
CVE-2025-54093: Windows TCP/IP Driver Elevation of Privilege Vulnerability.
CVE-2025-54098: Windows Hyper-V Elevation of Privilege Vulnerability.
CVE-2025-54110: Windows Kernel Elevation of Privilege Vulnerability.
A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort ruleset that detects attempts to exploit some of them. Please note that additional rules may be released at a future date, and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Ruleset customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
Snort2 rules included in this release that protect against the exploitation of many of these vulnerabilities are: 65327 – 65334.
The following Snort3 rules are also available: 301310 – 301313.
Cisco Talos Blog – Read More
Which $1,000+ flagship phone is right for you?
Latest news – Read More
From hypertension monitoring to a daily sleep score, here’s how the new Apple Watch Series 11 compares to previous models (and which ones will get new features).
Latest news – Read More
The glitch temporarily renders devices completely unusable.
Latest news – Read More