dos | Breaking Cybersecurity News | The Hacker News

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543 , carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the appliance to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The shortcoming impacts the below versions - NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46  NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19 NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life) NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP "Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities," Citrix ...

Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service (DoS) attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems' good reputation on search engines," Checkmarx's Jossef Harush Kadouri  said  in a report published last week. "The attacks caused a denial-of-service (DoS) that made NPM unstable with sporadic 'Service Unavailable' errors." While  similar campaigns  were recently observed propagating phishing links, the latest wave pushed the number of package versions to 1.42 million, a dramatic uptick from the approximate 800,000 packages released on npm. The attack technique leverages the fact that open source repositories are ranked higher on search engine results to create rogue websites and upload empty npm modules with links to those sites in the ...

Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as  CVE-2022-20968  (CVSS score: 8.1) and stems from a case of insufficient input validation of received Cisco Discovery Protocol (CDP) packets. CDP is a  proprietary   network-independent protocol  that is used for collecting information related to nearby, directly connected devices such as hardware, software, and device name, among others. It's enabled by default. "An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device," the company  said  in an alert published on December 8, 2022. "A successful exploit could allow the ...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

A vulnerability in the latest firmware of the network-enabled Samsung TV models allows potential attackers to crash the vulnerable devices using Denial of Service ( DoS ) Attack, according to security researcher Malik Mesellem . According to Malik, The web server (DMCRUIS/0.1) installed on Smart TVs on port TCP/5600 can be crashed to reboot the device, if attacker will send a long HTTP GET request on TV's ip address. Malik successfully tested the exploit on his Samsung PS50C7700 plasma TV, as shown in the video demonstration below: In the Demo, The TV is connected by ethernet cable to a home network, and after running the exploit against TV's ip address - A few seconds later, the TV would restart and repeat the process. This means that a potential attacker only needs to obtain access to the LAN that the TV has joined, in order to attack it. This can be done either by breaking into a wireless access point or by infecting a computer on the same network with...

Security researcher Andres Blanco from CoreSecurity discovered a serious vulnerability in two Wireless Broadcom chipsets used in Smartphones. Broadcom Corporation, a global innovation leader in semiconductor solutions for wired and wireless communications. Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Other Broadcom chips are not affected. The CVE ID given to issue is  CVE-2012-2619 . In advisory they reported that this error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, which causes the Wi-Fi NIC to stop responding. Products containing BCM4325 chipsets: Apple iPhone 3GS Apple iPod 2G HTC Touch Pro 2 HTC Droid Incredible Samsung Spica Acer Liquid Motorola Devour Ford Edge (yes, it's a car) Product...