Exploits | Breaking Cybersecurity News | The Hacker News

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with The Hacker News. CVE-2023-1389 is a high-severity security flaw impacting TP-Link Archer AX-21 routers that could lead to command injection, which could then pave the way for remote code execution. The earliest evidence of active exploitation of the flaw dates back to April 2023, with unidentified threat actors using it to drop Mirai botnet malware. Since then, it has also been abused to propagate other malware families like Condi and AndroxGh0st . Cato CTRL said it detected the Ballista campaign on January 10, 2025. The most recent exploitation attempt was recorded on Februa...

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a new report. AndroxGh0st is the name given to a Python-based cloud attack tool that's known for its targeting of Laravel applications with the goal of sensitive data pertaining to services like Amazon Web Services (AWS), SendGrid, and Twilio. Active since at least 2022, it has previously leveraged flaws in the Apache web server ( CVE-2021-41773 ), Laravel Framework ( CVE-2018-15133 ), and PHPUnit ( CVE-2017-9841 ) to gain initial access, escalate privileges, and establish persistent control over compromised systems. Earlier this January, U.S. cybersecurity and intelligence a...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities ( KEV ) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component that could lead to remote code execution. The issue has since been addressed in versions 12.1.3, 12.2.3, and 12.3 and later. Fixes have also been made available for version 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. The development comes weeks after cloud hosting provider Rackspace acknowledged that it "became aware of an issue with the ScienceLogic EM7 Portal," prompting it to take its dashboard offline towards the end of last month. "We have confirmed that the exploit of this third-party application resulted in access to three internal Rackspace monitoring web servers," an a...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Two new vulnerabilities affecting Linux were uncovered this week. These vulnerabilities could potentially allow malicious hackers to gain root privileges. CVE-2010-3904: Reliable Datagram Sockets (RDS) Protocol Vulnerability The first vulnerability, reported on Tuesday by security firm VSR, arises from a flaw in the implementation of the Reliable Datagram Sockets (RDS) protocol in versions 2.6.30 through 2.6.36-rc8 of the Linux kernel. Known as CVE-2010-3904 , this bug could allow a local attacker to issue specially crafted socket function calls. This would enable the attacker to write arbitrary values into kernel memory, thereby escalating their privileges to root and gaining "superuser" status. The problem exists only in Linux installations where the CONFIG_RDS kernel configuration option is set and there are no restrictions preventing unprivileged users from loading packet family modules. This is the case for most stock distributions, as VSR notes. A proof-of-concept e...