Episode Details

Another day, another phishing campaign abusing google.com open redirects
Google s links from it s maps page to hotel listings do suffer from an open redirect vulnerability that is actively exploited to direct users to phishing pages.
https://isc.sans.edu/diary/Another%20day%2C%20another%20phishing%20campaign%20abusing%20google.com%20open%20redirects/31950
Adobe Patches
Adobe patched 12 different applications. Of particular interest is the update to ColdFusion, which fixes several arbitrary code execution and arbitrary file read problems.
https://helpx.adobe.com/security/security-bulletin.html
Samsung Patches magicInfo 9 Again
Samsung released a new patch for the already exploited magicInfo 9 CMS vulnerability. While the description is identical to the patch released last August, a new CVE number is used.
https://security.samsungtv.com/securityUpdates#SVP-MAY-2025
Ivanti Patches Critical Ivanti Neurons Flaw
Ivanti released a patch for Ivanti Neurons for ITSM (on-prem only) fixing a critical authentication bypass vulnerability. Ivanti also points to its guidance to secure the underlying IIS server to make exploitation of flaws like this more difficult