Tag: cve
-
Hackers exploit critical Aviatrix Controller RCE flaw in attacks
Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-aviatrix-controller-rce-flaw-in-attacks/
-
Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection
Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass Apple’s System Integrity Protection (SIP). Known as CVE-2024-44243, this vulnerability could be exploited to load third-party kernel extensions, resulting in severe security implications for macOS users. Apple released a patch for this vulnerability as part of its December 11, 2024, security…
-
Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw
The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cloud-attackers-exploit-max-critical-aviatrix-rce-flaw
-
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could First…
-
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners.Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in First seen…
-
PoC Exploit Released for Critical macOS Sandbox Vulnerability (CVE-2024-54498)
A proof-of-concept (PoC) exploit has been publicly disclosed for a critical vulnerability impacting macOS systems, identified as CVE-2024-54498. This vulnerability poses a significant security risk by allowing malicious applications to bypass the macOS Sandbox, a key security feature designed to isolate app activity and protect sensitive system resources. Details of CVE-2024-54498 The vulnerability, classified ashigh severitywith…
-
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/
-
Alert of Buffer Overflow Vulnerabilities in Multiple Ivanti Products (CVE-2025-0282)
Overview Recently, NSFOCUS detected that Ivanti issued a security announcement and fixed buffer overflow vulnerabilities (CVE-2025-0282) in several products of Ivanti. Due to the stack-based buffer overflow in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways, an unauthenticated attacker can trigger a buffer overflow by sending specially crafted packets allowing arbitrary…The…
-
Weaponized LDAP Exploit Deploys Information-Stealing Malware
Cybercriminals are exploiting the recent critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept exploits for CVE-2024-49113 (dubbed >>LDAPNightmare
-
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey’s Audio (APE) decoder on Samsung smartphones that could lead to code execution.The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14.”Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote First seen on thehackernews.com…
-
Mandiant links Ivanti zero-day exploitation to Chinese hackers
Mandiant warned users to be prepared for widespread exploitation of CVE-2025-0282 as Ivanti products have become a popular target for attackers in recent years. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617826/Mandiant-links-Ivanti-zero-day-exploitation-to-Chinese-hackers
-
Juniper Networks Vulnerability Let Remote Attacker Execute Network Attacks
Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved platforms. Identified as CVE-2025-21598, this flaw allows unauthenticated remote attackers to exploit a critical out-of-bounds read vulnerability in the routing protocol daemon (rpd). The vulnerability is triggered when devices are configured with Border Gateway Protocol (BGP) options enabled, leading to…
-
Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances
Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December by a Chinese cyberespionage group. This is the same group that has exploited zero-day vulnerabilities in Ivanti Connect Secure appliances back in January 2024 and throughout the year.The latest attacks, exploiting…
-
New Mirai botnet targets industrial routers
Tags: access, attack, botnet, cctv, china, credentials, cve, cybercrime, data, ddos, exploit, germany, network, password, remote-code-execution, router, russia, update, vulnerability, zero-dayAccording to security analysis, the Gayfemboy botnet, based on the notorious Mirai malware, is currently spreading around the world. Researchers from Chainxin X Lab found that cybercriminals have been using the botnet since November 2024 to attack previously unknown vulnerabilities. The botnet’s preferred targets include Four-Faith and Neterbit routers or smart home devices.Experts from VulnCheck reported at the end of…
-
SonicWall firewall hit with critical authentication bypass vulnerability
SonicWall is warning customers of a severe vulnerability in its SonicOS SSLVPN with high exploitability that remote attackers could use to bypass authentication.The bug is an improper authentication vulnerability in the SSL VPN authentication mechanism, according to emails sent to customers and published on SonicWall’s official subreddit.”We have identified a high (severity) firewall vulnerability that…
-
Critical Ivanti Connect Secure zero-day flaw under attack
Although Ivanti has seen exploitation of CVE-2025-0282 in only Ivanti Connect Secure instances, Ivanti Policy Secure and ZTA gateways are also vulnerable to the flaw. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617819/Critical-Ivanti-Connect-Secure-zero-day-flaw-under-attack
-
U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure Vulnerability, tracked as CVE-2025-0282 (CVSS score: 9.0) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability Ivanti impacted Ivanti Connect…
-
Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies
Google Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies. The post Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-new-ivanti-vpn-zero-day-linked-to-chinese-cyberspies/
-
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE).The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then…
-
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024.The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2…
-
Ivanti 0-Day Vulnerability Exploited in Wild-Patch Now
Ivanti released a critical security advisory addressing vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateways products. This advisory reveals the existence of two significant vulnerabilities, CVE-2025-0282 and CVE-2025-0283, which have been exploited in the wild, necessitating immediate action from users. Critical Vulnerability: CVE-2025-0282 CVE-2025-0282 is a stack-based buffer overflow vulnerability that affects Ivanti…
-
Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day
Tags: advisory, apt, attack, authentication, cve, cvss, cybersecurity, data-breach, exploit, flaw, google, government, group, intelligence, Internet, ivanti, law, mandiant, microsoft, network, rce, remote-code-execution, risk, software, threat, tool, vpn, vulnerability, zero-dayIT software provider Ivanti released patches Wednesday for its Connect Secure SSL VPN appliances to address two memory corruption vulnerabilities, one of which has already been exploited in the wild as a zero-day to compromise devices.The exploited vulnerability, tracked as CVE-2025-0282, is a stack-based buffer overflow rated as critical with a CVSS score of 9.0.…
-
Zero-Day Alert: UNC5337 Exploits Ivanti VPN Vulnerability CVE-2025-0282 for Espionage Operations
Ivanti Connect Secure (ICS) VPN appliances have become the focus of advanced threat actors, exploiting a newly disclosed First seen on securityonline.info Jump to article: securityonline.info/zero-day-alert-unc5337-exploits-ivanti-vpn-vulnerability-cve-2025-0282-for-espionage-operations/
-
SonicWall warns of an exploitable SonicOS vulnerability
SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is >>susceptible to actual exploitation.
-
CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
Tags: access, advisory, attack, authentication, cve, exploit, flaw, group, injection, ivanti, malware, ransomware, remote-code-execution, threat, tool, update, vulnerability, zero-day, zero-trustIvanti disclosed two vulnerabilities in its Connect Secure, Policy Secure and Neurons for ZTA gateway devices, including one flaw that was exploited in the wild as a zero-day. Background On January 8, Ivanti published a security advisory for two vulnerabilities affecting multiple products including Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for Zero…
-
Ivanti warns hackers are exploiting new vulnerability
The company released an advisory and a corresponding blog about two bugs, CVE-2025-0282 and CVE-2025-0283, and warned that some customers have already seen CVE-2025-0282 exploited in their environments.]]> First seen on therecord.media Jump to article: therecord.media/ivanti-warns-of-hackers-exploiting-new-vulnerability
-
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
3 CVEs added to CISA’s catalog First seen on theregister.com Jump to article: www.theregister.com/2025/01/08/mitel_0_day_oracle_rce_under_exploit/
-
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/