#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

CISA | Breaking Cybersecurity News | The Hacker News

Category — CISA
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Feb 14, 2025 Zero-Day / Vulnerability
Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool's ability to run meta-commands," security researcher Stephen Fewer said . The cybersecurity company further noted that it made the discovery as part of its investigation into CVE-2024-12356 , a recently patched security flaw in BeyondTrust software that allows for unauthenticated remote code execution. Specifically, it found that "a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achie...
Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

Microsoft's Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

Feb 12, 2025 Patch Tuesday / Vulnerability
Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge browser since the release of last month's Patch Tuesday update . The update is notable for fixing two actively exploited flaws - CVE-2025-21391 (CVSS score: 7.1) - Windows Storage Elevation of Privilege Vulnerability  CVE-2025-21418 (CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability "An attacker would only be able to delete targeted files on a system," Microsoft said in an alert for CVE-2025-21391. "This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete d...
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Feb 11, 2025Software Security / Threat Intelligence
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn't buy a car without knowing its safety features, you shouldn't deploy software without understanding the risks it introduces. The Rising Threat of Supply Chain Attacks Cybercriminals have recognized that instead of attacking an organization head-on, they can infiltrate through the software supply chain—like slipping counterfeit parts into an assembly line. According to the 2024 Sonatype State of the Software Supply Chain report , attackers are infiltrating open-source ecosystems at an alarming rate, with over 512,847 malicious packages detected last year alone—a 156% increase from the previous year. Traditional sec...
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

Feb 07, 2025 Vulnerability / Malware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server," CISA said in an advisory dated February 6, 2025. The flaw affects the following versions - Cityworks (All versions prior to 15.8.9) Cityworks with office companion (All versions prior to 23.10) While Trimble has released patches to address the security defect as of January 29, 2025, CISA has warned that it is being weaponized in real-world attacks. The Colorado-headquartered company also noted that it has received reports o...
cyber security

Level Up Your Cyber Skills at SANS 2025

websiteSANS InstituteCyber Security / Training
Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

Feb 05, 2025 Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized access and execute arbitrary code on the server (Fixed in September 2024 ) CVE-2024-29059 (CVSS score: 7.5) - An information disclosure vulnerability in Microsoft .NET Framework that could expose the ObjRef URI and lead to remote code execution (Fixed in March 2024 ) CVE-2018-9276 (CVSS score: 7.2) - An operating system command injection vulnerability in Paessler PRTG Network Monitor that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console (Fixed in April 2018 ) CVE-2018-19410 (CVSS score: 9.8) - A local file inclusion vulne...
BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

Feb 01, 2025 Vulnerability / Zero-Day
BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged on December 5, 2024. "The investigation determined that a zero-day vulnerability of a third-party application was used to gain access to an online asset in a BeyondTrust AWS account," the company said this week. "Access to that asset then allowed the threat actor to obtain an infrastructure API key that could then be leveraged against a separate AWS account which operated Remote Support infrastructure." The American access management company did not name the application that was exploited to obtain the API key, but said the probe uncovered two separate flaws in it...
CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

Jan 31, 2025 Vulnerability / Healthcare
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability , tracked as CVE-2025-0626 , carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA by an anonymous external researcher. "The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so," CISA said in an advisory. "This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device." "The reverse backdoor provides automated connectivity to a hard-coded IP address from the Contec CMS8000 devices, allowing the device to download and execute unverified remote files. Publicly available records show that the IP address is not associa...
CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

Jan 24, 2025 Vulnerability / JavaScript
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be exploited to achieve arbitrary code execution. "Passing HTML containing <option> elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code," according to a GitHub advisory released for the flaw. The problem was addressed in jQuery version 3.5.0 released in April 2020. A workaround for CVE-2020-11023 involves using DOMPurify with the SAFE_FOR_JQUERY flag set to sanitize the HTML string before passing it to a jQuery method. As is typically the case, t...
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Jan 23, 2025 Network Security / Vulnerability
Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This vulnerability exists because proper authorization is not enforced upon REST API users," the company said in a Wednesday advisory. "An attacker could exploit this vulnerability by sending API requests to a specific endpoint." "A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management." The networking equipment major credited Ben Leonard-Lagarde of Modux for reporting the security shortcoming. It affects the following versions of the product irrespective of device configuratio...
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

Jan 23, 2025 Cybersecurity / National Security
The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory committees within DHS, effective immediately," Acting Secretary Benjamine C. Huffman said in a January 20, 2025, memo. "Future committee activities will be focused solely on advancing our critical mission to protect the homeland and support DHS's strategic priorities." This includes members of the Cybersecurity and Infrastructure Security Agency's (CISA) Cyber Safety Review Board (CSRB), which last year issued a scathing report excoriating Microsoft for a "cascade" of avoidable errors that led to its infrastructure being abused by a China-based nation-st...
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

Jan 15, 2025 Patch Tuesday / Zero-Day
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass ( CVE-2024-7344 , CVSS score: 6.7), has not been assigned any severity. According to the Zero Day Initiative , the update marks the largest number of CVEs addressed in a single month since at least 2017. The fixes are in addition to seven vulnerabilities the Windows maker addressed in its Chromium-based Edge browser since the release of December 2024 Patch Tuesday updates. Prominent among the patches released by Microsoft is a trio of flaws in Windows Hyper-V NT Kernel Integration VSP ( CVE-2025-21333 , CVE-2025-21334 , and CVE-2025-21335 , CVSS scores: 7.8) that the company said has come under active exploitation in the wild. ...
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing

CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing

Jan 07, 2025 Critical Infrastructure / Cyber Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The agency said it's working closely with the Treasury Department and BeyondTrust to get a better understanding of the breach and mitigate its impacts. "The security of federal systems and the data they protect is of critical importance to our national security," CISA said . "We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate." The latest statement comes a week after the Treasury Department said it was the victim of a "major cybersecurity incident" that allowed Chinese state-sponsored threat actors to remotely access some computers and unclassified documents. The cyber attack, which came to light in early December 2024, involved a breach of BeyondTrust's systems that allowed the adversary to in...
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

Dec 20, 2024 CISA / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that could be exploited by a malicious actor to run arbitrary commands as the site user. "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user," CISA said. While the issue has already been plugged into customers' cloud instances, those using self-hosted versions of the software are recommended to update to the below versions - Privileged Remote Access (versions 24.3.1 and earlier) - PRA patch BT24-10-ONPREM1 or BT24-10-ONPREM2 Rem...
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

Dec 19, 2024 Cloud Security / Encryption
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services," the agency said , adding the directive "will further reduce the attack surface of the federal government networks." As part of 25-01, agencies are also recommended to deploy CISA-developed automated configuration assessment tools to measure against the baselines, integrate with the agency's continuous monitoring infrastructure, and address any deviations from the secure configuration baselines. While the baselines are currently limited to Microsoft 365 (Azure Active Directory / ...
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Dec 11, 2024 Vulnerability / Patch Tuesday
Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the elevation of privileges. This is in addition to 13 vulnerabilities the company has addressed in its Chromium-based Edge browser since the release of last month's security update . In total, Microsoft has resolved as many as 1,088 vulnerabilities in 2024 alone, per Fortra. The vulnerability that Microsoft has acknowledged as having been actively exploited is CVE-2024-49138 (CVSS score: 7.8), a privilege escalation flaw in the Windows Common Log File System (CLFS) Driver. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," the company said in an...
Expert Insights / Articles Videos
Cybersecurity Resources