#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Patching | Breaking Cybersecurity News | The Hacker News

Category — Patching
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Dec 18, 2024 Cyber Attack / Vulnerability
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677 , carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 ( CVE-2023-50164 , CVSS score: 9.8), which also came under active exploitation shortly after public disclosure. "An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution," according to the Apache advisory . In other words, successful exploitation of the flaw could allow a malicious actor to upload arbitrary payloads to susceptible instances, which could then be leveraged to run commands, exfiltrate data, or download additional payloads for follow-on exploitation. T...
HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

Nov 11, 2024 Vulnerability / Risk Mitigation
Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 - AOS-10.4.x.x: 10.4.1.4 and below Instant AOS-8.12.x.x: 8.12.0.2 and below Instant AOS-8.10.x.x: 8.10.0.13 and below The most severe among the six newly patched vulnerabilities are CVE-2024-42509 (CVSS score: 9.8) and CVE-2024-47460 (CVSS score: 9.0), two critical unauthenticated command injection flaws in the CLI Service that could result in the execution of arbitrary code. "Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211)," HPE said in an advisory for both the flaws. "Successful exp...
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Jan 06, 2025SaaS Security / Threat Detection
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024 ). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout players, unexpected underdogs, and relentless scorers leaving their mark on the SaaS security playing field.  As we enter 2025, security teams must prioritize SaaS security risk assessments to uncover vulnerabilities, adopt SSPM tools for continuous monitoring, and proactively defend their systems. Here are the Cyber Threat All-Stars to watch out for—the MVPs, rising stars, and master strategists who shaped the game. 1. ShinyHunters: The Most Valuable Player Playstyle: Precision Shots (Cybercriminal Organization) Biggest Wins: Snowflake, Ticketmaster and Authy Notable Drama: Exploited on...
Expert Insights / Articles Videos
Cybersecurity Resources