#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Vulnerability | Breaking Cybersecurity News | The Hacker News

Category — Vulnerability
Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

Feb 11, 2025 Network Security / Vulnerability
Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical applications and websites. The identified vulnerabilities are listed below - CVE-2024-56131 , CVE-2024-56132 , CVE-2024-56133 , and CVE-2024-56135 (CVSS scores: 8.4) - A set of improper input validation vulnerabilities that allows remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate to execute arbitrary system commands via a carefully crafted HTTP request CVE-2024-56134 (CVSS score: 8.4) - An improper input validation vulnerability that allows remote malicious actors who gain access to the management interface of LoadMaster and...
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

Feb 10, 2025 Cybersecurity / Weekly Recap
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we've seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question isn't whether attackers will find a way in—it's whether you'll be prepared when they do. Let's break down what you need to know. ⚡ Threat of the Week Microsoft Warns of Attacks Exploiting ASP.NET Machine Keys — Threat actors are exploiting publicly disclosed ASP.NET machine keys to inject and execute malicious code responsible for launching the Godzilla post-exploitation framework. Microsoft said it has identified over 3,000 publicly disclosed keys that could be used for these types of attacks dubbed ViewState code injection. The company also said it removed key-related artifacts from ...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

Feb 10, 2025 Vulnerability / Data Protection
Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064 , carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting versions prior to 10.0.12 and 10.1.4. Stemming from a lack of adequate sanitization of a user-supplied parameter, the shortcoming could be weaponized by authenticated attackers to inject arbitrary SQL queries that could retrieve email metadata by "manipulating a specific parameter in the request." Zimbra also said it addressed another critical vulnerability related to stored cross-site scripting (XSS) in the Zimbra Classic Web Client. The flaw is yet to be assigned a CVE identifier. "The fix strengthens input sanitization and enhances security," the company said in an a...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

Feb 10, 2025 Vulnerability / Malware
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group , a cybercrime group likely of Vietnamese origin that's known to be active since at least 2010. "XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in their operational priorities," cybersecurity firm Intezer said in a report published in collaboration with Solis Security. "Their attacks now target supply chains in the manufacturing and distribution sectors, leveraging new vulnerabilities and advanced tactics." The vulnerabilities in question are listed below - CVE-2024-57968 (CVSS score: 9.9) - An unrestricted upload of f...
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

Feb 07, 2025 Vulnerability / Malware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server," CISA said in an advisory dated February 6, 2025. The flaw affects the following versions - Cityworks (All versions prior to 15.8.9) Cityworks with office companion (All versions prior to 23.10) While Trimble has released patches to address the security defect as of January 29, 2025, CISA has warned that it is being weaponized in real-world attacks. The Colorado-headquartered company also noted that it has received reports o...
Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware

Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware

Feb 07, 2025 Vulnerability / Threat Intelligence
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a report shared with The Hacker News. "The attack involved the quick and deliberate execution of several post-compromise tactics, techniques and procedures (TTPs) including network and system discovery, administrator account creation, and the establishment of persistence mechanisms, which could have led to the deployment of ransomware," security researchers Ryan Slaney and Daniel Albrecht said . The vulnerabilities in question, CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 , were disclosed by Horizon3.ai last month. Successful exploitation of the security holes could allow f...
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Feb 06, 2025 United States
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. CVE-2025-20125 (CVSS score: 9.1) - An authorization bypass vulnerability in an API of Cisco ISE could could permit an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node An attacker could weaponize either of the flaws by sending a crafted serialized Java object or an HTTP request to an unspecified API endpoint, leading to privilege escalation and code execution. Cisco said the two vulnerabilities are not dependent on...
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

Feb 05, 2025 Vulnerability / Data Protection
Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114 , carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions," Veeam said in an advisory. The shortcoming impacts the following products - Veeam Backup for Salesforce — 3.1 and older Veeam Backup for Nutanix AHV — 5.0 | 5.1 (Versions 6 and higher are unaffected by the flaw) Veeam Backup for AWS — 6a | 7 (Version 8 is unaffected by the flaw) Veeam Backup for Microsoft Azure — 5a | 6 (Version 7 is unaffected by the flaw) Veeam Backup for Google Cloud — 4 | 5 (Version 6 is unaffected by the flaw) Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization...
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

Feb 05, 2025 Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized access and execute arbitrary code on the server (Fixed in September 2024 ) CVE-2024-29059 (CVSS score: 7.5) - An information disclosure vulnerability in Microsoft .NET Framework that could expose the ObjRef URI and lead to remote code execution (Fixed in March 2024 ) CVE-2018-9276 (CVSS score: 7.2) - An operating system command injection vulnerability in Paessler PRTG Network Monitor that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console (Fixed in April 2018 ) CVE-2018-19410 (CVSS score: 9.8) - A local file inclusion vulne...
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

Feb 04, 2025 Vulnerability / Threat Intelligence
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt , is a typosquat of the legitimate BoltDB database module ( github.com/boltdb/bolt ), per Socket. The malicious version (1.3.1) was published to GitHub in November 2021, following which it was cached indefinitely by the Go Module Mirror service. "Once installed, the backdoored package grants the threat actor remote access to the infected system, allowing them to execute arbitrary commands," security researcher Kirill Boychenko said in an analysis. Socket said the development marks one of the earliest instances of a malicious actor abusing the Go Module Mirror's indefinite caching of modules to trick users into downloading the package. Subsequently, the attacker is said to have modified the Git tags in the source r...
Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

Feb 04, 2025 Vulnerability / Cyber Espionage
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web ( MotW ) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09 . "The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files," Trend Micro security researcher Peter Girnus said . It's suspected that CVE-2025-0411 was likely weaponized to target governmental and non-governmental organizations in Ukraine as part of a cyber espionage campaign set against the backdrop of the ongoing Russo-Ukrainian conflict. MotW is a security feature implemented by Microsoft in Windows to prevent the a...
AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

Feb 04, 2025 Vulnerability / Hardware Security
A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161 , carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP," AMD said in an advisory. The chipmaker credited Google security researchers Josh Eads, Kristoffer Janke, Eduardo Vela, Tavis Ormandy, and Matteo Rizzo for discovering and reporting the flaw on September 25, 2024. SEV is a security feature that uses a unique key per virtual machine to isolate virtual machines (VMs) and the hypervisor from one another. SNP, which stands for Secure Nested Paging, incorporates memory integrity p...
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Feb 04, 2025 Vulnerability / Cloud Security
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service Elevation of Privilege Vulnerability "Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network," Microsoft in an advisory for CVE-2025-21415, crediting an anonymous researcher for reporting the flaw. CVE-2025-21396, on the other hand, stems from a case of missing authorization that could permit an unauthorized attacker to elevate privileges over a network. A security researcher who goes by the alias Sugobet has been acknowledged for discovering it. The tech giant also noted that it's aware of the existen...
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Feb 04, 2025 Vulnerability / Mobile Security
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class ( UVC ) driver. Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, noting that it's aware that it may be under "limited, targeted exploitation." While no other technical details have been offered, Linux kernel developer Greg Kroah-Hartman revealed in early December 2024 that the vulnerability is rooted in the Linux kernel and that it was introduced in version 2.6.26 , which was released in mid-2008. Specifically, it has to do with an out-of-bounds write condition that could arise as a result of parsing frames of type UVC_VS_UNDEFINED in a function named "uvc_parse_format()" i...
Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

Feb 04, 2025 Vulnerability / SharePoint
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf of the impersonated user, enabling unauthorized access to sensitive data, Zenity Labs said in a report shared with The Hacker News ahead of publication. "This vulnerability can be exploited across Power Automate, Power Apps, Copilot Studio, and Copilot 365, which significantly broadens the scope of potential damage," senior security researcher Dmitry Lozovoy said . "It increases the likelihood of a successful attack, allowing hackers to target multiple interconnected services within the Power Platform ecosystem." Following responsible disclosure in September 2024, ...
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

Feb 03, 2025 Vulnerability / Network Security
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before the day their CVEs were publicly disclosed. This marks a slight decrease from 2023's 26.8%, indicating that exploitation attempts can take place at any time in a vulnerability's lifecycle. "During 2024, 1% of the CVEs published were reported publicly as exploited in the wild," VulnCheck's Patrick Garrity said in a report shared with The Hacker News. "This number is expected to grow as exploitation is often discovered long after a CVE is published." The report comes over two months after the company revealed that 15 different Chinese hacking groups o...
BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

Feb 01, 2025 Vulnerability / Zero-Day
BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged on December 5, 2024. "The investigation determined that a zero-day vulnerability of a third-party application was used to gain access to an online asset in a BeyondTrust AWS account," the company said this week. "Access to that asset then allowed the threat actor to obtain an infrastructure API key that could then be leveraged against a separate AWS account which operated Remote Support infrastructure." The American access management company did not name the application that was exploited to obtain the API key, but said the probe uncovered two separate flaws in it...
CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

Jan 31, 2025 Vulnerability / Healthcare
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability , tracked as CVE-2025-0626 , carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA by an anonymous external researcher. "The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so," CISA said in an advisory. "This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device." "The reverse backdoor provides automated connectivity to a hard-coded IP address from the Contec CMS8000 devices, allowing the device to download and execute unverified remote files. Publicly available records show that the IP address is not associa...
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Jan 31, 2025 Vulnerability / Data Security
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs CVE-2025-22219 (CVSS score: 6.8) - A malicious actor with non-administrative privileges may be able to inject a malicious script that may lead to arbitrary operations as admin user via a stored cross-site scripting (XSS) attack CVE-2025-22220 (CVSS score: 4.3) - A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user CVE-2025-22221 (CVSS score: 5.2) ...
Expert Insights / Articles Videos
Cybersecurity Resources