Server MS-TNAP Authentication Bypass [RCE 0day]
A critical 0-click remote authentication bypass vulnerability in Microsoft Telnet Server that allows attackers to gain access as any user, including Administrator, without requiring valid credentials. The vulnerability exploits a misconfiguration in the NTLM Authentication processes of the Telnet MS-TNAP extension allowing remote unauthenticated attackers to bypass authentication completely.

Security researchers Jos Wetzels, Carlo Meijer, and Wouter Bokslag shared their research on TETRA technology by reverse engineering Motorola MBTS and MTM5400 radios and extracting the secrets from them.

TETRA is a radio technology patented in 1995 and based on proprietary cryptography. Equipment using this protocol was developed for law enforcement and military clients, as well as for 0T and SCADA systems used in machine-to-machine communication. So, the impact is huge.

The authors also identified traces of the first attacks on TETRA dating back to 2009. It looks like an NDA is not enough to protect against hackers.

CVE-2025-4664 proves that even trusted browsers are not immune to catastrophic zero-day vulnerabilities.

Cross-origin data is up for grabs if you haven't updated Chrome or Chromium.

Patch immediately: Reset the phone and make sure not to install any app by Meta.

Secure Boot bypass for laptops, embedded and medical devices, and car ECUs: technical details and exploit. Security researcher Nikolaj Schlej shared yesterday a new and quite effective (even trivial) way to bypass Secure Boot in Insyde H20 UEFI BIOS. The vulnerability, CVE-2025-4275, was named Hydroph0bia by the author. Most ARM-based laptops from Acer, HP, Lenovo, Huawei, Samsung, and Dell use this BIOS and are therefore affected. This product is also ported to multiple systems for IoT, SCADA, and critical infrastructure. Insyde H20 continuously presents its solutions for communication devices, robotics, and manufacturing equipment. Car components, as well as other areas in digital mobility (aviation, maritime, and railroad), also use Insyde H20 Secure Boot as part of ARM-based and other UEFI-compatible systems. So, check your SBOMs and make sure your product is not affected.