Summary
Windows ran unusually light this June 2025 cycle, so the Automox security team spent most of the episode on macOS and SSH. Seth Hoyt and Mat Lee from the Automox security team walk through a chained SSH flaw (CVE-2025-26465 and CVE-2025-26466) that pairs memory exhaustion with a host key verification skip to enable session hijacking. They also cover a WebDAV remote code execution bug (CVE-2025-33053) already exploited in the wild. They close on a set of macOS issues that get far more dangerous when chained: a macOS quarantine sandbox escape (CVE-2025-31244), a service elevation of privilege flaw, and an iCloud Keychain disclosure bug. They also cover concrete mitigation and password hygiene advice.
)
)
)
)
)