Vulnerability | Breaking Cybersecurity News | The Hacker News

Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions. The vulnerability, tracked as CVE-2024-12284 , has been given a CVSS v4 score of 8.8 out of a maximum of 10.0. It has been described as a case of improper privilege management that could result in authenticated privilege escalation if the NetScaler Console Agent is deployed and allows an attacker to execute post-compromise actions. "The issue arises due to inadequate privilege management and could be exploited by an authenticated malicious actor to execute commands without additional authorization," Netscaler noted . "However, only authenticated users with existing access to the NetScaler Console can exploit this vulnerability, thereby limiting the threat surface to only authenticated users." The shortcoming affects the below versions - NetScaler Cons...

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network," the tech giant said in an advisory for CVE-2025-21355. No customer action is required. On the other hand, CVE-2025-24989 concerns a case of improper access control in Power Pages , a low-code platform for creating, hosting, and managing secure business websites, that an unauthorized attacker could exploit to elevate privileges over a network and bypass user registration control. Microsoft, which credited its own employee Raj Kumar for flagging the vul...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS management web interface that allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts CVE-2024-53704 (CVSS score: 8.2) - An improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication Palo Alto Networks has since confirmed to The Hacker News that it has observed active exploitation attempts against CVE-2025-0108, with the company noting that it could be chained with other vulnerabilities like CVE-2024-9474...

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 (CVSS score: 6.8)  - The OpenSSH client contains a logic error between versions 6.8p1 to 9.9p1 (inclusive) that makes it vulnerable to an active MitM attack if the VerifyHostKeyDNS option is enabled, allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it (Introduced in December 2014) CVE-2025-26466 (CVSS score: 5.9) - The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption (Introduced in August 2023) "If an attacker can perform a man-in-the-middle a...

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589 , the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the company said in an advisory. The vulnerability impacts the following products and versions - Session Smart Router: From 5.6.7 before 5.6.17, from 6.0.8, from 6.1 before 6.1.12-lts, from 6.2 before 6.2.8-lts, and from 6.3 before 6.3.3-r2 Session Smart Conductor: From 5.6.7 before 5.6.17, from 6.0.8, from 6.1 before 6.1.12-lts, from 6.2 before 6.2.8-lts, and from 6.3 before 6.3.3-r2 WAN Assurance Managed R...

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol ( LDAP ) and SMB/FTP services. "This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP's configuration and cause the MFP device to send authentication credentials back to the malicious actor," Rapid7 security researcher Deral Heiland said . "If a malicious actor can successfully leverage these issues, it would allow them to capture credentials for Windows Active Directory. This means they could then move laterally within an organization's environment and compromise other critical Windows servers and file systems." The identified vulnerabilities, which affect firmware versions 57.69.91 and earlier, are listed below - CVE-2024-12510 (CVSS score: 6.7) - Pass-back attack via LDAP CVE-202...

Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM's comprehensive approach is the best overall strategy for shoring up a business's cyber defenses in the face of evolving attacks. It also presents a real-world scenario that illustrates how the business would fare against a formjacking attack under three security frameworks - Vulnerability Management (VM), Attack Surface Management (ASM), and CTEM. With VM, the attack might go unnoticed for weeks. With CTEM, simulated attacks detect and neutralize it before it starts. Reassuringly, it also explains that CTEM builds on a business's current VM and ASM solutions rather than requiring them to jettison anything they currently use. But first— What is CTEM? In response to increasingly sophisticated cyberattacks, Gartner introduced ...

Welcome to this week's Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack Microsoft Accounts — Microsoft and Volexity have revealed that threat actors with ties to Russia are leveraging a technique known as device code phishing to gain unauthorized access to victim accounts, and use that access to get hold of sensitive data and enable persistent access to the victim environment. At least three different Russia-linked clusters have been identified abusing the technique to date. The attacks entail sending phishing emails that masquerade as Microsoft Teams meeting invitations, which, when clicked, urge the message recipients to authenticate using a threat actor-generated dev...

Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image ( AMI ) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of accounts," Datadog Security Labs researcher Seth Art said in a report shared with The Hacker News. "The vulnerable pattern can be found in many private and open source code repositories." At its heart, the technique is a subset of a supply chain attack that involves publishing a malicious resource and tricking misconfigured software into using it instead of the legitimate counterpart. The attack exploits the fact that anyone can AMI, which refers to a virtual machine image that's used to boot up Elastic Compute Cloud (EC2) instances in AWS, to the community catalog and the fact that developers could omit to mention the "--owners...

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool's ability to run meta-commands," security researcher Stephen Fewer said . The cybersecurity company further noted that it made the discovery as part of its investigation into CVE-2024-12356 , a recently patched security flaw in BeyondTrust software that allows for unauthenticated remote code execution. Specifically, it found that "a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achie...

An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. "During the attack in late 2024, the attacker deployed a distinct toolset that had previously been used by a China-linked actor in classic espionage attacks," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. "In all the prior intrusions involving the toolset, the attacker appeared to be engaged in classic espionage, seemingly solely interested in maintaining a persistent presence on the targeted organizations by installing backdoors." This included a July 2024 compromise of the Foreign Ministry of a country in southeastern Europe that involved the use of classic DLL side-loading techniques to deploy PlugX ...

Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108 , carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box . "An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts," Palo Alto Networks said in an advisory. "While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS." The vulnerability affects the following versions - PAN-OS 11.2 < 11.2.4-h4 (Fixed in >= 11.2.4-h4) PAN-OS 11.1 < 11.1.6-h1 (Fixed in >= 11.1.6-h1) PAN-OS 11.0 (Upgrade to a sup...

Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container's isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions - NVIDIA Container Toolkit (All versions up to and including 1.17.3) - Fixed in version 1.17.4 NVIDIA GPU Operator (All versions up to and including 24.9.1) - Fixed in version 24.9.2 "NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use ( TOCTOU ) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system," the company said in an advisory on Tuesday. "A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." Cl...

Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge browser since the release of last month's Patch Tuesday update . The update is notable for fixing two actively exploited flaws - CVE-2025-21391 (CVSS score: 7.1) - Windows Storage Elevation of Privilege Vulnerability  CVE-2025-21418 (CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability "An attacker would only be able to delete targeted files on a system," Microsoft said in an alert for CVE-2025-21391. "This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete d...