A 32-bit integer overflow in macOS's XNU kernel renders all new TCP connections impossible after 49.7 days of continuous uptime. Apple has not implemented the workaround defined in RFC 7323 over two decades ago.
Five vulnerabilities confirmed exploited by MuddyWater and DarkSword were added to the KEV catalog. Craft CMS is a CVSS 10.0 zero-day that has seen active exploitation since February, and Laravel Livewire is being used by MuddyWater against Middle East infrastructure.
