Apple’s latest operating systems for its most popular devices — iPhones, iPads and Macs — include patches for multiple vulnerabilities, but the company didn’t issue any warnings about active exploitation. 

Apple patched 27 defects with the release of iOS 26 and iPadOS 26 and 77 vulnerabilities with the release of macOS 26, including some bugs that affected software across all three devices. Apple’s new operating systems, which are now numbered for the year of their release, were published Monday as the company prepares to ship new iPhones later this week.

Users that don’t want to upgrade to the latest versions, which adopt a translucent design style Apple dubs “liquid glass,” can patch the most serious vulnerabilities by updating to iOS 18.7 and iPad 18.7 or macOS 15.7. Most Apple devices released in 2019 or earlier are not supported by the latest operating systems.

None of the vulnerabilities Apple disclosed this week appear to be under active attack, Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, told CyberScoop.

Apple previously issued an emergency software update to customers last month to patch a zero-day vulnerability — CVE-2025-43300 — that was “exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in a series of updates for iOS, iPadOS and macOS.

The company has addressed five actively exploited zero-days this year, including defects previously disclosed in January, February, March and April. Seven Apple vulnerabilities have been added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog this year. 

Unlike many vendors, Apple doesn’t provide details about the severity of vulnerabilities it addresses in software updates. Childs noted it would be helpful if Apple issued some sort of initial severity indicator alongside the vulnerabilities it patches — even if it doesn’t follow the Common Vulnerability Scoring System.

A pair of vulnerabilities patched in macOS — CVE-2025-43298, which affects PackageKit, and CVE-2025-43304, which affects StorageKit — are concerning because exploitation could allow an attacker to gain root privileges, Childs said. 

“On the iOS side, I don’t see anything that makes me sweat immediately but there are a lot of bugs addressed,” he added.

Apple also patched seven defects in Safari 26, 19 vulnerabilities in watchOS 26, 18 bugs in visionOS 26 and five defects in Xcode 26. 

More information about the vulnerabilities and latest software versions are available on Apple’s security releases site.

The post Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs appeared first on CyberScoop.

Microsoft addressed 81 vulnerabilities affecting its enterprise products and underlying Windows systems, but none have been actively exploited, the company said in its latest security update. 

The company’s monthly bundle of patches includes one high-severity vulnerability and eight critical defects, including three designated as more likely to be exploited. 

The most severe defect disclosed this month — CVE-2025-55232 — is a deserialization of untrusted data vulnerability affecting Microsoft High Performance Compute Pack with a CVSS rating of 9.8. Microsoft said exploitation is less likely, but researchers warned organizations to prioritize patching.

“A remote, unauthenticated attacker could achieve code execution on affected systems without user interaction, which makes this potentially wormable between systems with the HPC pack installed,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, said in a blog post. 

Childs noted that Microsoft has disclosed about 100 more vulnerabilities at this point in the year than it did in 2024. “We’ll see if this level of patches remains high throughout the rest of the year,” he added. 

Of the critical defects addressed this month, researchers are particularly concerned about CVE-2025-54918 and CVE-2025-55234 — elevation of privilege vulnerabilities with 8.8 CVSS ratings. While not actively exploited, Microsoft said exploitation is more likely for both of the improper authentication defects.

CVE-2025-55234 affects the Windows Server Message Block protocol, allowing hackers to perform relay attacks and subject users to elevation of privilege attacks. Proof-of-concept exploit code exists for this defect, according to Action1, but exploitation requires user interaction and network access.

“At its core, the vulnerability exists because SMB sessions can be established without properly validating the authentication context when key hardening measures, such as SMB signing and extended protection for authentication, are not in place,” Mike Walters, president and co-founder of Action1, said in an email.

“The potential impact is massive,” he added. “Virtually all medium to large enterprises that rely on Active Directory and Windows Server infrastructure could be affected, which amounts to hundreds of thousands of organizations worldwide.”

CVE-2025-54918 affects Windows New Technology LAN Manager (NTLM), which are security protocols for user identity authentication. “This privilege escalation allows an authenticated threat actor to escalate to SYSTEM on affected systems over the network,” Childs said.

“While not a scope change, going from a standard Windows user to SYSTEM is handy. Microsoft also notes that exploit complexity is low, so expect to see threat actors target this one,” he added.

Alex Vovk, CEO and co-founder of Action1, said the defect allows attackers to bypass and potentially undermine security controls, presenting substantial risk in sophisticated attack scenarios. “After compromising one system, attackers could use it to move laterally through networks with elevated access,” Vovk said.

“Threat actors could exploit it to deploy ransomware across multiple systems. Its high confidentiality impact means it could be used in sophisticated data theft operations,” he added. “The elevated privileges gained could also allow attackers to install backdoors or establish persistent access.”

Microsoft flagged eight defects as more likely to be exploited this month, including three that affected the Windows Kernel. The full list of vulnerabilities addressed this month is available in Microsoft’s Security Response Center.

The post Microsoft Patch Tuesday addresses 81 vulnerabilities, none actively exploited appeared first on CyberScoop.

A pair of maximum-severity vulnerabilities affecting Cisco’s network access security platform are under active exploitation, the enterprise networking and IT vendor warned in a security advisory Monday.

The software defects in Cisco Identity Services Engine and Cisco ISE Passive Identity Connector — CVE-2025-20281 and CVE-2025-20337 — were disclosed and addressed by Cisco on June 25, followed by the disclosure of a third critical vulnerability in the same software, CVE-2025-20282, on July 16. Cisco said it became aware of reported attempted exploitation of CVE-2025-20281 and CVE-2025-20337 on July 21.

“Based on these reports, we have updated our security advisory to reflect the attempted exploitation,” a Cisco spokesperson said in a statement. “At this time, we are not aware of any attempted exploitation or malicious use of CVE-2025-20282, and we continue to strongly recommend that customers upgrade to fixed software releases that remediate these vulnerabilities.”

All three of the vulnerabilities have a CVSS rating of 10 and there are no workarounds for the software defects. Cisco warned that all three vulnerabilities can be exploited by an unauthenticated, remote attacker, allowing arbitrary code execution on the underlying system as root.

Cisco did not say how many customers are currently impacted.

Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, said researchers detected active exploitation of CVE-2025-20281 on July 17. “Since CVE-2025-20281 and CVE-2025-20337 are very similar, we believe both are under active attack. Proof of concept exploit code was first made public on June 27,” Childs said.

“Right now, those attacks appear to be limited and targeted. Cisco ISE is used by thousands of enterprises, so the potential impact is large,” he added.

The origins and motivations of the threat group or attacker behind the exploits remains unknown, but the potential interest is broad.

“Threat actors would be interested in these vulnerabilities because a Cisco ISE has a high degree of network visibility through logging, which gives threat actors insight for further attacks in the network,” Childs said. “An ISE also is a repository for potentially all of the users in an organization.”

The post Cisco network access security platform vulnerabilities under active exploitation appeared first on CyberScoop.