#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Patch Management | Breaking Cybersecurity News | The Hacker News

Category — Patch Management
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Feb 06, 2025 United States
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. CVE-2025-20125 (CVSS score: 9.1) - An authorization bypass vulnerability in an API of Cisco ISE could could permit an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node An attacker could weaponize either of the flaws by sending a crafted serialized Java object or an HTTP request to an unspecified API endpoint, leading to privilege escalation and code execution. Cisco said the two vulnerabilities are not dependent on...
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Feb 04, 2025 Vulnerability / Cloud Security
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service Elevation of Privilege Vulnerability "Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network," Microsoft in an advisory for CVE-2025-21415, crediting an anonymous researcher for reporting the flaw. CVE-2025-21396, on the other hand, stems from a case of missing authorization that could permit an unauthorized attacker to elevate privileges over a network. A security researcher who goes by the alias Sugobet has been acknowledged for discovering it. The tech giant also noted that it's aware of the existen...
What Is Attack Surface Management?

What Is Attack Surface Management?

Feb 03, 2025Attack Surface Management
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important. In this guide, we look at why attack surfaces are growing and how to monitor and manage them properly with  tools like Intruder . Let's dive in. What is your attack surface? First, it's important to understand what we mean when we talk about an attack surface. An attack surface is the sum of your digital assets that are 'reachable' by an attacker – whether they are secure or vulnerable, known or unknown, in active use or not. You can also have both internal and external attack surfaces - imagine for example a malicious email attachment landing in a colleague's inbox, vs a new FTP server being...
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

Feb 03, 2025 Vulnerability / Network Security
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before the day their CVEs were publicly disclosed. This marks a slight decrease from 2023's 26.8%, indicating that exploitation attempts can take place at any time in a vulnerability's lifecycle. "During 2024, 1% of the CVEs published were reported publicly as exploited in the wild," VulnCheck's Patrick Garrity said in a report shared with The Hacker News. "This number is expected to grow as exploitation is often discovered long after a CVE is published." The report comes over two months after the company revealed that 15 different Chinese hacking groups o...
cyber security

Practical, Tactical Guide to Securing AI in the Enterprise

websiteTinesEnterprise Security / AI Security
Supercharge your organization's AI adoption strategy, and go from complex challenges to secure success.
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Jan 22, 2025 Vulnerability / Enterprise Security
Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle Agile PLM Framework," according to a description of the security hole in the NIST National Vulnerability Database (NVD). It's worth noting that Oracle warned of active exploitation attempts against another flaw in the same product (CVE-2024-21287, CVSS score: 7.5) in November 2024. Both vulnerabilities affect Oracle Agile PLM Framework version 9.3.6. "Customers are strongly advised to apply the January 2025 Critical Patch Update for Oracle Agile PLM Framework as it includes patche...
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Dec 19, 2024 Vulnerability / Network Security
Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. It was originally fixed by Fortinet back on August 18, 2023, but without a CVE designation. The list of supported FortiOS versions was updated in early September. "A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files," the company said in an alert released Wednesday. However, according to a description of the security flaw in the NIST's National Vulnerability Database (NVD), the path traversal vulnerability could also be exploited by an attacker to "execute unauthorized code or commands via specially crafted web requests." The flaw impacts the following versions of the product - FortiWLM versions 8.6.0 through 8.6.5 (Fixed i...
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

Dec 17, 2024 Network Security / IoT Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel (Patched by Adobe in March 2024 )  CVE-2024-35250 (CVSS score: 7.8) - Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges (Patched by Microsoft in June 2024 ) Taiwanese cybersecurity company DEVCORE, which discovered and reported CVE-2024-35250, shared additional technical details in August 2024, stating it's rooted in the Microsoft Kernel Streaming Service (MSKSSRV). There are currently no details on how the shortcomings are being weaponized ...
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Dec 13, 2024 Linux / Vulnerability
A security flaw has been disclosed in OpenWrt 's Attended Sysupgrade ( ASU ) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143 , carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the flaw on December 4, 2024. The issue has been patched in ASU version 920c8a1 . "Due to the combination of the command injection in the imagebuilder image and the truncated SHA-256 hash included in the build request hash, an attacker can pollute the legitimate image by providing a package list that causes the hash collision," the project maintainers said in an alert. OpenWrt is a popular open-source Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Successful exploitation of the shortcoming could essentiall...
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Dec 11, 2024 Vulnerability / Patch Tuesday
Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the elevation of privileges. This is in addition to 13 vulnerabilities the company has addressed in its Chromium-based Edge browser since the release of last month's security update . In total, Microsoft has resolved as many as 1,088 vulnerabilities in 2024 alone, per Fortra. The vulnerability that Microsoft has acknowledged as having been actively exploited is CVE-2024-49138 (CVSS score: 7.8), a privilege escalation flaw in the Windows Common Log File System (CLFS) Driver. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," the company said in an...
Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Dec 10, 2024 Vulnerability / Threat Analysis
Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom, VLTransfer, and Harmony software, concerns a case of unauthenticated remote code execution. The security hole is tracked as CVE-2024-50623 (CVSS score: 9.8), with Cleo noting that the flaw is the result of an unrestricted file upload that could pave the way for the execution of arbitrary code. The Illinois-based company, which has over 4,200 customers across the world, has since issued another advisory (CVE-2024-55956), warning of a separate "unauthenticated malicious hosts vulnerability that could lead to remote code execution." The development comes after Huntress said the pat...
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

Dec 05, 2024 Vulnerability / Threat Intelligence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend , and CyberPanel to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property CVE-2023-45727 (CVSS score: 7.5) - An improper restriction of XML External Entity (XXE) reference vulnerability that could allow a remote, unauthenticated attacker to conduct an XXE attack CVE-2024-11680 (CVSS score: 9.8) - An improper authentication vulnerability that allows a remote, unauthenticated attacker to create accounts, upload web shells, and embed malicious JavaScript CVE-2024-11667 (CVSS score: 7.5) - A path traversal vulnerabilit...
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

Dec 03, 2024 Endpoint Security / Vulnerability
Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access with minimal effort," AmberWolf said in an analysis. In a hypothetical attack scenario, this plays out in the form of a rogue VPN server that can trick the clients into downloading malicious updates that can cause unintended consequences. The result of the investigation is a proof-of-concept (PoC) attack tool called NachoVPN that can simulate such VPN servers and exploit the vulnerabilities to achieve privileged code execution. The identified flaws are listed below - CVE-2024-5921 (CVSS score: 5.6) - An insufficient certificate validation vulnerability impacting Palo Alto N...
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Nov 26, 2024 Vulnerability / Website Security
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781 , carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions 6.44 and 6.45 released this month. Installed on over 200,000 WordPress sites, CleanTalk's Spam protection,f Anti-Spam, FireWall plugin is advertised as a "universal anti-spam plugin" that blocks spam comments, registrations, surveys, and more. According to Wordfence, both vulnerabilities concern an authorization bypass issue that could allow a malicious actor to install and activate arbitrary plugins. This could then pave the way for remote code execution if the activated plugin is vulnerable of its own. The plugin is "vulnerable to unauthorized Arbitrary Plugin ...
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Nov 20, 2024 Software Security / Vulnerability
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password," it said in an advisory. "If successfully exploited, this vulnerability may result in file disclosure." CrowdStrike security researchers Joel Snape and Lutz Wolf have been credited with discovering and reporting the flaw. There is currently no information available on who is exploiting the vulnerability, the targets of the malicious activity, and how widespread these attacks are. "If successfully exploited, an unauthenticated perpetrator could download, from the targeted system, files accessible under the privileges used ...
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

Oct 16, 2024 Zero-Day / Windows Security
The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT . The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode. It was patched by Microsoft as part of its Patch Tuesday updates for August 2024. However, successful exploitation requires an attacker to convince a user to click on a specially crafted URL in order to initiate the execution of malicious code. The AhnLab Security Intelligence Center (ASEC) and the National Cyber Security Center (NCSC) of the Republic of Korea, which were credited with discovering and reporting the shortcoming, have assigned the activity cluster the name Operation Code on Toast. The organizations are tracking ScarCruft under the moniker TA-RedAnt, which was previously...
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Oct 09, 2024 Vulnerability / Zero-Day
Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based Edge browser over the past month. Five of the vulnerabilities are listed as publicly known at the time of release, with two of them coming under active exploitation as a zero-day - CVE-2024-43572 (CVSS score: 7.8) - Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected) CVE-2024-43573 (CVSS score: 6.5) - Windows MSHTML Platform Spoofing Vulnerability (Exploitation Detected) CVE-2024-43583 (CVSS score: 7.8) - Winlogon Elevation of Privilege Vulnerability CVE-2024-20659 (CVSS score: 7.1) - Windows Hyper-V Security Feature Bypass Vulnerability CVE...
Expert Insights / Articles Videos
Cybersecurity Resources