Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Cybersecurity Alert: Critical Flaws Exposed by CISA, WhatsApp, and Docker


Cybersecurity Alert: Critical Flaws Exposed by CISA, WhatsApp, and Docker

  • The US Cybersecurity and Infrastructure Security Agency (CISA) has added two high-severity security flaws to its Known Exploited Vulnerabilities (KEV) catalog.
  • A vulnerability in TP-Link Wi-Fi Ranger Extender products could allow an attacker to submit a TDDP_RESET POST request for a factory reset and reboot, granting elevated access.
  • A WhatsApp disclosed vulnerability has been exploited as part of a highly-targeted spyware campaign related to an Apple iOS, iPadOS, and macOS vulnerability.
  • CISA advises federal agencies to apply necessary mitigations by September 23, 2025, to counter active threats.
  • Docker fixed a critical container escape vulnerability with a CVSS score of 9.3, allowing an attacker to gain access to sensitive data.
  • Google plans to verify all Android developers in four countries to block malicious apps.
  • Citrix patched three NetScaler flaws confirmed under active exploitation.
  • Malicious actors are continually seeking new ways to exploit vulnerabilities, emphasizing the need for proactive security measures.


    • The world of cybersecurity has been dealt a significant blow as several high-profile companies have recently announced the exposure of critical flaws that could potentially be exploited by malicious actors. In this article, we will delve into the details of these breaches and explore what they mean for individuals, businesses, and organizations.

    Firstly, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-severity security flaws to its Known Exploited Vulnerabilities (KEV) catalog. The first vulnerability, CVE-2020-24363, affects TP-Link TL-WA855RE Wi-Fi Ranger Extender products and could allow an unauthenticated attacker on the same network to submit a TDDP_RESET POST request for a factory reset and reboot. This would grant the attacker elevated access to the device, including setting a new administrative password.

    The second vulnerability, CVE-2025-55177, was disclosed by WhatsApp last week and has been exploited as part of a highly-targeted spyware campaign. The vulnerability is related to an Apple iOS, iPadOS, and macOS vulnerability (CVE-2025-43300) that can be chained together to facilitate the attacks.

    While these breaches are certainly concerning, it's worth noting that they also provide an opportunity for companies to take proactive steps to address the vulnerabilities and protect their users. For example, CISA has advised federal civilian executive branch agencies to apply necessary mitigations by September 23, 2025, in order to counter active threats.

    Furthermore, Docker has recently fixed a critical container escape vulnerability (CVE-2025-9074) with a CVSS score of 9.3. This vulnerability could potentially allow an attacker to escape the confines of a container and gain access to sensitive data.

    In addition to these breaches, several other companies have also been affected by recent security incidents. For instance, Google has announced plans to verify all Android developers in four countries to block malicious apps. Meanwhile, Citrix has patched three NetScaler flaws (CVE-2025-7775) that have been confirmed to be under active exploitation.

    It's also worth noting that the recent attacks on WhatsApp and TP-Link are not isolated incidents. Rather, they are part of a larger pattern of behavior by malicious actors who are continually seeking new ways to exploit vulnerabilities in order to carry out their nefarious activities.

    In light of these breaches, it's essential for individuals and organizations to take proactive steps to protect themselves. This includes keeping software up-to-date, using strong passwords, and being mindful of the apps they download and use. By taking these precautions, individuals can significantly reduce their risk of falling victim to a security breach.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Cybersecurity-Alert-Critical-Flaws-Exposed-by-CISA-WhatsApp-and-Docker-ehn.shtml

  • https://thehackernews.com/2025/09/cisa-adds-tp-link-and-whatsapp-flaws-to.html

  • https://nvd.nist.gov/vuln/detail/CVE-2020-24363

  • https://www.cvedetails.com/cve/CVE-2020-24363/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-55177

  • https://www.cvedetails.com/cve/CVE-2025-55177/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-43300

  • https://www.cvedetails.com/cve/CVE-2025-43300/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-9074

  • https://www.cvedetails.com/cve/CVE-2025-9074/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-7775

  • https://www.cvedetails.com/cve/CVE-2025-7775/


    • Published: Wed Sep 3 01:20:52 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us