Juniper Networks has released critical security updates addressing close to 220 vulnerabilities across Junos OS, Junos Space, and Security Director, with nine critical-severity flaws specifically impacting Junos Space. The updates were disclosed as part of Juniper's scheduled October 2025 security advisory release. Over 200 security issues were fixed in Junos Space and its Security Director module, significantly improving the overall security posture of these platforms. Junos Space version 24.1R4 includes patches for 24 cross-site scripting (XSS) vulnerabilities, including a critical flaw (CVE-2025-59978, CVSS 9.0) that could let attackers embed malicious scripts within text pages, potentially executing commands with admin-level privileges on a user's system. Patch V1 of Junos Space 24.1R4 addresses 162 unique CVEs, including nine marked as critical, such as CVE-2023-38408 and CVE-2024-47615. Additional updates fix a high-severity denial-of-service (DoS) issue and several medium-severity bugs, including those allowing arbitrary file downloads and HTTP parameter manipulation. Security updates for Junos Space Security Director address three high-severity and 15 medium-severity vulnerabilities, including a high-risk flaw in Policy Enforcer. Junos OS and Junos OS Evolved received fixes for two high-severity DoS vulnerabilities and various medium-severity issues that could allow unauthorized access, privilege escalation, or system disruption. Juniper has stated there is no evidence of active exploitation but recommends applying patches immediately, as most issues have no available workarounds. Full details are available via Juniper’s support portal.
A malicious Chromium extension named "Search for perplexity ai" impersonated the Perplexity AI brand to intercept browser searches and capture user keystrokes before redire...
Security researchers have disclosed six vulnerabilities affecting Apple AirDrop, Samsung Quick Share, and Google Quick Share for Windows. The flaws expose weaknesses in proximity-b...
A newly identified cyber fraud campaign known as the Boss Scam combines social engineering with DLL sideloading to compromise employee systems and hijack active WhatsApp Web sessio...