Federal Security | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down technical debt and minimize the risk of compromise, as state-sponsored threat actors turn such devices as a preferred access pathway for breaking into target networks. Edge devices is an umbrella term that encompasses load balancers, firewalls, routers, switches, wireless access points, network security appliances, Internet of Things (IoT) edge devices, software-defined networks, and other physical or virtual networking components that route network traffic and hold privileged access. "Persistent cyber threat actors are increasingly exploiting unsupported edge devices -- hardware and software that no longer receiv...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to external parties in Gladinet CentreStack and Triofox that could result in unintended disclosure of system files. CVE-2025-48703 (CVSS score: 9.0) - An operating system command injection vulnerability in Control Web Panel (formerly CentOS Web Panel) that results in unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. The development comes weeks after cybersecurity company Huntress said it detected active exploitation attempts targeting CVE-2025-11371, with unknown threat actors leveraging the flaw to run reconnaissan...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting Adobe ColdFusion in the Apache BlazeDS library that allows for arbitrary code execution. (Fixed in April 2017 ) CVE-2024-20953 (CVSS score: 8.8) - A deserialization vulnerability impacting Oracle Agile PLM that allows a low-privileged attacker with network access via HTTP to compromise the system. (Fixed in January 2024 ) There are currently no public reports referencing the exploitation of the vulnerabilities, although another flaw impacting Oracle Agile PLM ( CVE-2024-21287 , CVSS score: 7.5) came under active abuse late last year. To mitigate the risks posed by potential attacks w...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS management web interface that allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts CVE-2024-53704 (CVSS score: 8.2) - An improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication Palo Alto Networks has since confirmed to The Hacker News that it has observed active exploitation attempts against CVE-2025-0108, with the company noting that it could be chained with other vulnerabilities like CVE-2024-9474...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be exploited to achieve arbitrary code execution. "Passing HTML containing <option> elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code," according to a GitHub advisory released for the flaw. The problem was addressed in jQuery version 3.5.0 released in April 2020. A workaround for CVE-2020-11023 involves using DOMPurify with the SAFE_FOR_JQUERY flag set to sanitize the HTML string before passing it to a jQuery method. As is typically the case, t...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could allow an attacker with existing administrative privileges to inject commands and run as a site user. "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file," CISA said. "Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user." The addition of CVE-2024-12686 to the KEV catalog comes nearly a month after it a...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that could allow an attacker to ultimately execute arbitrary code on susceptible servers. Specifically, it concerns the use of static ValidationKey and DecryptionKey values in version 7.4.0.1 and prior that could be weaponized to achieve remote code execution on the server that runs the application. That said, an attacker would have to leverage some other means to obtain the keys in the first place. "These keys are used to provide security for the application ViewState," Google-owned Mandiant said in advisory for the flaw back in December 2021. "A threat actor with knowledge ...