Tag: cve
-
Analyzing evolution of the PipeMagic malware
Hackers exploited Windows flaw CVE-2025-29824 to deploy PipeMagic malware in RansomExx attacks, Kaspersky revealed. A joint report fromKasperskyandBI.ZONEanalyzed the evolution of PipeMagic malware from its first detection in 2022 to new infections observed in 2025. The researchers identified key changes in its operators’ tactics. BI.ZONE experts focused on a technical analysis of the CVE-2025-29824 vulnerability…
-
PipeMagic Malware Imitates ChatGPT App to Exploit Windows Vulnerability and Deploy Ransomware
Tags: attack, backdoor, chatgpt, cve, cyber, exploit, malware, open-source, ransomware, threat, vulnerability, windowsThe PipeMagic malware, which is credited to the financially motivated threat actor Storm-2460, is a remarkable illustration of how cyber dangers are always changing. It poses as the genuine open-source ChatGPT Desktop Application from GitHub. This sophisticated modular backdoor facilitates targeted attacks by exploiting CVE-2025-29824, an elevation-of-privilege vulnerability in the Windows Common Log File System…
-
CISA Alerts on Active Exploitation of Trend Micro Apex One Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation targeting the enterprise security platform. The vulnerability, tracked as CVE-2025-54948, affects the Trend Micro Apex One Management Console’s on-premise deployments and poses significant risks to organizations worldwide. Critical…
-
Threat Actors Exploit Microsoft Help Index File to Deploy PipeMagic Malware
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors leverage a Microsoft Help Index File (.mshi) to deploy the PipeMagic backdoor, marking a notable evolution in malware delivery methods. This development ties into the exploitation of CVE-2025-29824, a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver, which Microsoft…
-
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Tags: attack, cve, cybersecurity, exploit, flaw, malware, microsoft, ransomware, threat, vulnerability, windowsCybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks.The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vulnerability impacting the Windows Common Log File System (CLFS) that was addressed by Microsoft in April 2025, First…
-
Technical Details of SAP 0-Day Exploitation Script for RCE Revealed
Tags: cve, cyber, cybersecurity, endpoint, exploit, flaw, rce, remote-code-execution, sap, vulnerability, zero-dayCybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-202531324. This flaw stems from a missing authorization check on the HTTP endpoint /developmentserver/metadatauploader, enabling unauthenticated file uploads that can lead to remote code execution (RCE) under the SAP…
-
Technical Details of SAP 0-Day Exploitation Script for RCE Revealed
Tags: cve, cyber, cybersecurity, endpoint, exploit, flaw, rce, remote-code-execution, sap, vulnerability, zero-dayCybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-202531324. This flaw stems from a missing authorization check on the HTTP endpoint /developmentserver/metadatauploader, enabling unauthenticated file uploads that can lead to remote code execution (RCE) under the SAP…
-
Linux Kernel Netfilter Flaw Enables Privilege Escalation
A critical vulnerability in the Linux kernel’s netfilter subsystem has been discovered that allows local attackers to escalate privileges through an out-of-bounds write condition. The flaw, identified as CVE-2024-53141, affects the ipset bitmap functionality and could enable unprivileged users to gain root access on vulnerable systems. CVE ID CVE-2024-53141 Affected Versions Up to commit041bd1e4in Torvalds’s Linux…
-
UK’s Colt hit by cyberattack, support systems offline amid ransom threat
Tags: api, attack, china, communications, cve, cyberattack, data, data-breach, exploit, finance, flaw, group, infrastructure, Internet, microsoft, network, programming, ransom, rce, remote-code-execution, russia, service, software, threat, update, vulnerabilitywith samples on a Russian Tor site.”We’ve seen already this year that telecom is particularly vulnerable to attacks, and I think this WarLock attack highlights some recurring issues that telecom and large-scale network service providers are starting to see,” said Gabrielle Hempel, Security Operations Strategist at Exabeam. “There’s this operational ripple effect when you’re a…
-
Xerox fixed path traversal and XXE bugs in FreeFlow Core
Xerox patched two serious flaws in FreeFlow Core, path traversal and XXE injection, that allowed unauthenticated remote code execution. Xerox addressed two serious flaws, respectively tracked as CVE-2025-8355 and CVE-2025-8356, in FreeFlow Core. The vulnerabilities are a path traversal (CVE-2025-8355) and XXE injection (CVE-2025-8356), which allowed an unauthenticated attacker to achieve remote code execution. FreeFlow…
-
Critical PostgreSQL Flaws Allow Code Injection During Restoration
The PostgreSQL Global Development Group released emergency security updates on August 14, 2025, addressing three critical vulnerabilities that enable code injection attacks during database restoration processes. The flaws affect all supported versions from PostgreSQL 13 through 17, requiring immediate patching across enterprise environments. Dangerous Dump and Restore Vulnerabilities Two severe code execution vulnerabilities, CVE-2025-8714 and…
-
Rockwell ControlLogix Ethernet Vulnerability Exposes Systems to Remote Code Execution
A critical vulnerability in Rockwell Automation’s ControlLogix Ethernet modules has been discovered that could allow remote attackers to execute malicious code on industrial control systems. The vulnerability, identified as CVE-2025-7353, affects multiple ControlLogix communication modules and carries a severe CVSS score of 9.8 out of 10, indicating the highest level of risk to affected systems.…
-
Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs
Dutch NCSC warns CVE-2025-6543 Citrix bug, a memory overflow flaw, is being exploited to breach critical organizations in the Netherlands. The Dutch NCSC warns that the critical Citrix NetScaler flaw CVE-2025-6543 has been exploited to breach critical organizations in the Netherlands. Dutch NCSC experts pointed out that CVE-2025-6543 was exploited for remote code execution. Threat…
-
1,500 Jenkins Servers Vulnerable to Command Injection via Git Parameter Plugin
Jenkins disclosed CVE-2025-53652, also known as SECURITY-3419, as part of a batch of 31 plugin vulnerabilities. Initially rated as medium severity, this flaw affects the Git Parameter plugin and was described merely as enabling attackers to inject arbitrary values into Git parameters a description that understated its potential for severe exploitation. However, deeper analysis reveals…
-
7,000 Citrix NetScaler Devices Still Vulnerable to CVE-2025-5777 and CVE-2025-6543
Tags: citrix, cve, cyber, cybersecurity, exploit, infrastructure, kev, network, risk, update, vulnerabilityA significant number of Citrix NetScaler devices continue to pose serious security risks, with approximately 7,000 systems still vulnerable to two critical exploits that have been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog. The ongoing exposure highlights persistent challenges in enterprise patch management and cybersecurity hygiene. Widespread Network…
-
APT-Style Attacks Exploit CVE-2025-6543 in Dutch Critical Organizations
The Dutch National Cyber Security Centre (NCSC) has confirmed that a serious vulnerability in Citrix NetScaler systems, identified as CVE-2025-6543, has been exploited in targeted attacks against multiple critical organizations in the Netherlands. The exploitation began months before the vulnerability was publicly disclosed, and investigations indicate that attackers used advanced methods to evade detection. First…
-
Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors
The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC products to breach organizations in the country.The NCSC-NL said it discovered the exploitation of CVE-2025-6543 targeting several critical organizations within the Netherlands, and that investigations are ongoing to determine the First seen…
-
Microsoft Exchange: CVE-2025-53786-Schwachstelle erweitert Zugriffsrechte in hybriden-Umgebungen
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/microsoft-exchange-cve-2025-53786-schwachstelle-erweiterung-zugriffsrechten-hybrid-umgebungen
-
NCSC: Citrix NetScaler Flaw (CVE-2025-6543) is Being Actively Exploited to Breach Organizations
The National Cyber Security Centre (NCSC) in the Netherlands has issued an urgent update on a series of sophisticated cyberattacks exploiting a zero-day vulnerability in Citrix NetScaler systems, identified as CVE-2025-6543. This flaw, affecting Citrix NetScaler Application Delivery Controller (ADC) and Gateway products, has enabled threat actors to compromise multiple critical organizations since at least…
-
NCSC: Citrix NetScaler Flaw (CVE-2025-6543) is Being Actively Exploited to Breach Organizations
The National Cyber Security Centre (NCSC) in the Netherlands has issued an urgent update on a series of sophisticated cyberattacks exploiting a zero-day vulnerability in Citrix NetScaler systems, identified as CVE-2025-6543. This flaw, affecting Citrix NetScaler Application Delivery Controller (ADC) and Gateway products, has enabled threat actors to compromise multiple critical organizations since at least…
-
Apache bRPC Vulnerability Lets Attackers Crash Services Remotely via Network
A critical security vulnerability has been discovered in Apache bRPC that allows attackers to remotely crash services through network-based denial of service attacks. The vulnerability, designated as CVE-2025-54472, affects all versions of Apache bRPC prior to 1.14.1 and stems from improper memory allocation handling in the Redis protocol parser component. Vulnerability Details and Impact The…
-
Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs
The Netherlands’ National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach “critical organizations” in the country. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/
-
Details emerge on WinRAR zero-day attacks that infected PCs with malware
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian ‘RomCom’ hacking group to drop different malware payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/
-
Chrome sandbox escape nets security researcher $250,000 reward
Researcher earns Google Chrome ‘s top $250K bounty for a sandbox escape vulnerability enabling remote code execution. A researcher who goes online with the moniker ‘Micky’ earned $250,000 from Google for reporting a high-severity Chrome vulnerability. The flaw, tracked as CVE-2025-4609, resides in the Mojo IPC system, an attacker can exploit the flaw to escape…
-
Erlang/OTP SSH RCE Vulnerability Actively Exploited to Target OT Networks
Tags: cve, cvss, cyber, exploit, flaw, network, programming, rce, remote-code-execution, vulnerabilityA severe vulnerability, designated CVE-2025-32433 with a CVSS score of 10.0, has been identified in the Secure Shell (SSH) daemon of the Erlang programming language’s Open Telecom Platform (OTP). This flaw permits unauthenticated remote code execution (RCE) by allowing attackers to send SSH connection protocol messages with codes greater than or equal to 80 to…
-
Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls
Tags: authentication, cve, detection, exploit, firewall, flaw, malicious, rce, remote-code-execution, technology, vulnerabilityMalicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks.The vulnerability in question is CVE-2025-32433 (CVSS score: 10.0), a missing authentication issue that could be abused by an…
-
Cyber experts ponder a non-government future for the CVE program
Organizations supporting the security vulnerability program said it needed changes to improve stability and rebuild trust. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cve-program-future-cisa-def-con/757304/
-
New WinRAR Zero-Day Exploited by RomCom Hackers
A flaw in WinRAR, tracked as CVE-2025-8088, has been exploited by the RomCom group to deploy malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/winrar-zero-day-exploited-romcom/
-
‘Win-DDoS’: Researchers unveil botnet technique exploiting Windows domain controllers
Research revealed more DoS flaws: SafeBreach researchers also discovered CVE-2025-26673 in DC’s Netlogon service, where crafted RPC calls could crash the service remotely without authentication. By exploiting this weakness, attackers could knock out a critical Windows authentication component, potentially locking users out of domain resources until the system is rebooted. Similarly, CVE-2025-49716 targets Windows Local…
-
CVE-2025-8355 CVE-2025-8356: Xerox Issues Urgent Fixes for SSRF and RCE Bugs
Xerox Corporation has issued urgent security updates addressing two high-impact vulnerabilities in its FreeFlow Core software. The flaws, now tracked as CVE-2025-8355 and CVE-2025-8356, have the potential to expose enterprise environments to server-side request forgery (SSRF) and remote code execution (RCE) attacks if left unpatched. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/xerox-fixes-cve-2025-8355-and-8356/