cybersecurity | Breaking Cybersecurity News | The Hacker News

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. CVE-2025-20125 (CVSS score: 9.1) - An authorization bypass vulnerability in an API of Cisco ISE could could permit an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node An attacker could weaponize either of the flaws by sending a crafted serialized Java object or an HTTP request to an unspecified API endpoint, leading to privilege escalation and code execution. Cisco said the two vulnerabilities are not dependent on...

The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of remote work, part-time flexibility, and good pay. "Once the target expresses interest, the 'hiring process' unfolds, with the scammer requesting a CV or even a personal GitHub repository link," the Romanian firm said in a report shared with The Hacker News. "Although seemingly innocent, these requests can serve nefarious purposes, such as harvesting personal data or lending a veneer of legitimacy to the interaction." Once the requested details are obtained, the attack moves to the next stage where the threat actor, under the guise of a recruiter, shares a lin...

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...

Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. "Originally sourced from public repositories like GitHub, these tools are increasingly used in attacks like Adversary-in-the-Middle (AitM) and brute force techniques, leading to numerous account takeover (ATO) incidents," security researcher Anna Akselevich said . The use of HTTP client tools for brute-force attacks has been a long-observed trend since at least February 2018, with successive iterations employing variants of OkHttp clients to target Microsoft 365 environments at least until early 2024. But by March 2024, Proofpoint said it began to observe a wide range of HTTP clients gaining traction, with the atta...

A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report published late last month. Targets of the hacking group's attacks include embassies, lawyers, government-backed banks, and think tanks. The activity has been attributed to a Kazakhstan-origin threat actor with a medium level of confidence. The infections commence with a spear-phishing email containing a RAR archive attachment that ultimately acts as a delivery vehicle for malicious payloads responsible for granting remote access to the compromised hosts. The first of the two campaigns, detected by the cybersecurity company on December 27, 2024, leverages the RAR archive to launc...

Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114 , carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions," Veeam said in an advisory. The shortcoming impacts the following products - Veeam Backup for Salesforce — 3.1 and older Veeam Backup for Nutanix AHV — 5.0 | 5.1 (Versions 6 and higher are unaffected by the flaw) Veeam Backup for AWS — 6a | 7 (Version 8 is unaffected by the flaw) Veeam Backup for Microsoft Azure — 5a | 6 (Version 7 is unaffected by the flaw) Veeam Backup for Google Cloud — 4 | 5 (Version 6 is unaffected by the flaw) Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization...

As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams remain one step ahead of potential cyber-risks. The Kaseya Cybersecurity Survey Report 2024 navigates this new frontier of cyber challenges. The data is clear: Organizations are becoming increasingly reliant on vulnerability assessments and plan to prioritize these investments in 2025. Companies are increasing the frequency of vulnerability assessments  In 2024, 24% of respondents said they conduct vulnerability assessments more than four times per year, up from 15% in 2023. This shift highlights a growing recognition of the need for continuous monitoring and quick response to emerging t...

A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis. "It allows attackers to control infected systems stealthily, exfiltrate data and execute commands while remaining hidden – making it a significant cyberthreat." The starting point of the multi-stage attack chain is a phishing email that contains a Dropbox URL that, upon clicking, downloads a ZIP archive. Present within the file is an internet shortcut (URL) file, which serves as a conduit for a Windows shortcut (LNK) file responsible for taking the infection further, while a seemingly benign decoy PDF document is displayed to the message recipient. Specifically, the LNK file is retrieved by means of a TryCloudflare URL embed...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized access and execute arbitrary code on the server (Fixed in September 2024 ) CVE-2024-29059 (CVSS score: 7.5) - An information disclosure vulnerability in Microsoft .NET Framework that could expose the ObjRef URI and lead to remote code execution (Fixed in March 2024 ) CVE-2018-9276 (CVSS score: 7.2) - An operating system command injection vulnerability in Paessler PRTG Network Monitor that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console (Fixed in April 2018 ) CVE-2018-19410 (CVSS score: 9.8) - A local file inclusion vulne...

Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt , is a typosquat of the legitimate BoltDB database module ( github.com/boltdb/bolt ), per Socket. The malicious version (1.3.1) was published to GitHub in November 2021, following which it was cached indefinitely by the Go Module Mirror service. "Once installed, the backdoored package grants the threat actor remote access to the infected system, allowing them to execute arbitrary commands," security researcher Kirill Boychenko said in an analysis. Socket said the development marks one of the earliest instances of a malicious actor abusing the Go Module Mirror's indefinite caching of modules to trick users into downloading the package. Subsequently, the attacker is said to have modified the Git tags in the source r...

A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web ( MotW ) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09 . "The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files," Trend Micro security researcher Peter Girnus said . It's suspected that CVE-2025-0411 was likely weaponized to target governmental and non-governmental organizations in Ukraine as part of a cyber espionage campaign set against the backdrop of the ongoing Russo-Ukrainian conflict. MotW is a security feature implemented by Microsoft in Windows to prevent the a...

The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or CameraAccess for virtual meetings," SentinelOne researchers Phil Stokes and Tom Hegel said in a new report. Contagious Interview, first uncovered in late 2023, is a persistent effort undertaken by the hacking crew to deliver malware to prospective targets through bogus npm packages and native apps masquerading as videoconferencing software. It's also tracked as DeceptiveDevelopment and DEV#POPPER. These attack chains are designed to drop a JavaScript-based malware known as BeaverTail, which, besides harvesting sensitive data from web browsers and crypto wallets, is capable of d...

As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...

Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence (AI) platform, citing security risks. "Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan's Ministry of Digital Affairs, per Radio Free Asia . "DeepSeek AI service is a Chinese product. Its operation involves cross-border transmission, and information leakage and other information security concerns." DeepSeek's Chinese origins have prompted authorities from various countries to look into the service's use of personal data. Last week, it was blocked in Italy, citing a lack of information regarding its data handling practices. Several companies have also prohibited access to the chatbot over similar risks. The chatbot has captured much of the mainstream attention over the past few weeks for the fact tha...

A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161 , carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP," AMD said in an advisory. The chipmaker credited Google security researchers Josh Eads, Kristoffer Janke, Eduardo Vela, Tavis Ormandy, and Matteo Rizzo for discovering and reporting the flaw on September 25, 2024. SEV is a security feature that uses a unique key per virtual machine to isolate virtual machines (VMs) and the hypervisor from one another. SNP, which stands for Secure Nested Paging, incorporates memory integrity p...

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service Elevation of Privilege Vulnerability "Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network," Microsoft in an advisory for CVE-2025-21415, crediting an anonymous researcher for reporting the flaw. CVE-2025-21396, on the other hand, stems from a case of missing authorization that could permit an unauthorized attacker to elevate privileges over a network. A security researcher who goes by the alias Sugobet has been acknowledged for discovering it. The tech giant also noted that it's aware of the existen...

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class ( UVC ) driver. Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, noting that it's aware that it may be under "limited, targeted exploitation." While no other technical details have been offered, Linux kernel developer Greg Kroah-Hartman revealed in early December 2024 that the vulnerability is rooted in the Linux kernel and that it was introduced in version 2.6.26 , which was released in mid-2008. Specifically, it has to do with an out-of-bounds write condition that could arise as a result of parsing frames of type UVC_VS_UNDEFINED in a function named "uvc_parse_format()" i...

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf of the impersonated user, enabling unauthorized access to sensitive data, Zenity Labs said in a report shared with The Hacker News ahead of publication. "This vulnerability can be exploited across Power Automate, Power Apps, Copilot Studio, and Copilot 365, which significantly broadens the scope of potential damage," senior security researcher Dmitry Lozovoy said . "It increases the likelihood of a successful attack, allowing hackers to target multiple interconnected services within the Power Platform ecosystem." Following responsible disclosure in September 2024, ...

As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before the day their CVEs were publicly disclosed. This marks a slight decrease from 2023's 26.8%, indicating that exploitation attempts can take place at any time in a vulnerability's lifecycle. "During 2024, 1% of the CVEs published were reported publicly as exploited in the wild," VulnCheck's Patrick Garrity said in a report shared with The Hacker News. "This number is expected to grow as exploitation is often discovered long after a CVE is published." The report comes over two months after the company revealed that 15 different Chinese hacking groups o...