Search results for mitre attack cve | Breaking Cybersecurity News | The Hacker News

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely on can hide risky surprises. We've sifted through a storm of cyber threats—from phishing scams to malware attacks—and broken down what it means for you in clear, everyday language. Get ready to dive into the details, understand the risks, and learn how to protect yourself in an increasingly unpredictable online world. ⚡ Threat of the Week Serbian Youth Activist Targeted by Android 0-Day Exploit Chain — A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit chain developed by Cellebrite to unlock the device and likely deploy an Android spyware called NoviSpy. The flaws combined ...

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide," the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom's National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI)  noted . "However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system." The top 30 vulnerabilities span a wide range of software, including remote work, virtual pri...

Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don't depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now blends in, thanks to modular techniques and automation that copy normal behavior. The real concern? Control isn't just being challenged—it's being quietly taken. This week's updates highlight how default settings, blurred trust boundaries, and exposed infrastructure are turning everyday systems into entry points. ⚡ Threat of the Week Critical SharePoint Zero-Day Actively Exploited (Patch Released Today) — Microsoft has released fixes to address two security flaws in SharePoint Server that have come under active exploitation in the wild to breach dozens of organizations across the world. Details of exploitation emer...

The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps. These events aren't random—they show just how clever and flexible cyber threats can be. In this edition, we'll look at the most important cyber events from the past week and share key takeaways to help you stay safe and prepared. Let's get started. ⚡ Threat of the Week LockBit Developer Rostislav Panev Charged in the U.S. — Rostislav Panev, a 51-year-old dual Russian and Israeli national, has been charged in the U.S. for allegedly acting as the developer of the now-disrupted LockBit ransomware-as-a-service (RaaS) operation, netting about $230,000 between June 2022 and February 2024. Panev was ...

What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they're not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security unnoticed. This week's threats are a reminder: waiting to react is no longer an option. Every delay gives attackers more ground. ⚡ Threat of the Week Critical SAP NetWeaver Flaw Exploited as 0-Day — A critical security flaw in SAP NetWeaver (CVE-2025-31324, CVSS score: 10.0) has been exploited by unknown threat actors to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The attacks have also been observed using the Brute Ratel C4 post-exploitation framework, as well as a well-known technique called Heaven's Gate to bypass endpoint protections. ...

Cybersecurity leaders aren't just dealing with attacks—they're also protecting trust, keeping systems running, and maintaining their organization's reputation. This week's developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow.  Just fixing problems isn't enough anymore—resilience needs to be built into everything from the ground up. That means better systems, stronger teams, and clearer visibility across the entire organization. What's showing up now isn't just risk—it's a clear signal that acting fast and making smart decisions matters more than being perfect. Here's what surfaced—and what security teams can't afford to overlook. ⚡ Threat of the Week Microsoft Fixes 5 Actively Exploited 0-Days — Microsoft addressed a total of 78 security flaws in its Patch Tuesday update for May 2025 last week, out of which five of them have come under active exploitation in the wild. The vulnerabilities include CVE-2025-30397, CVE-2025-...

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the threat actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access," MITRE researchers Lex Crumpton and Charles Clancy  said . "They wrote and deployed a JSP web shell (BEEFLUSH) under the vCenter Server's Tomcat server to execute a Python-based tunneling tool, facilitating SSH connections between adversary-created VMs and the ESXi hypervisor infrastructure." The motive behind such a move is to sidestep detection by obscuring their malicious activities from centralized management interfaces like vCenter and maintain persistent access while reducing the risk of being discovered. Details of the attack  emerged  last month when MITRE rev...

We hear terms like "state-sponsored attacks" and "critical vulnerabilities" all the time, but what's really going on behind those words? This week's cybersecurity news isn't just about hackers and headlines—it's about how digital risks shape our lives in ways we might not even realize. For instance, telecom networks being breached isn't just about stolen data—it's about power. Hackers are positioning themselves to control the networks we rely on for everything, from making calls to running businesses. And those techy-sounding CVEs? They're not just random numbers; they're like ticking time bombs in the software you use every day, from your phone to your work tools. These stories aren't just for the experts—they're for all of us. They show how easily the digital world we trust can be turned against us. But they also show us the power of staying informed and prepared. Dive into this week's recap, and let's uncover the risks, the solutions, and the small steps we can all take to stay a...

The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct CVEs, with 10,014 having a CVSS score of 8 or higher. Among these, external assets have 11,605 distinct CVEs, while internal assets have 31,966. With this volume of CVEs, it's no surprise that some go unpatched and lead to compromises. Why are we stuck in this situation, what can be done, and is there a better approach out there? We'll explore the state of vulnerability reporting, how to prioritize vulnerabilities by threat and exploitation, examine statistical probabilities, and briefly discuss risk. Lastly, we'll consider solutions to minimize vulnerability impact while giving management ...

Microsoft Windows Picture and Fax Viewer Library  Vulnerability ! I. BACKGROUND The Windows Picture and Fax Viewer "shimgvw.dll" library is used by Windows Explorer to generate thumbnail previews for media files. II. DESCRIPTION Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows could allow attackers to execute arbitrary code on the targeted host. An integer overflow vulnerability exists in the "shimgvw" library. During the processing of an image within a certain function, a bitmap containing a large "biWidth" value can be used to cause an integer calculation overflow. This condition can lead to the overflow of a heap buffer and may result in the execute arbitrary code on the targeted host. III. ANALYSIS Exploitation could allow attackers to execute arbitrary code on the targeted host under the privileges of the current logged-on user. Successful exploitation would require the attacker to e...

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary "performed reconnaissance of our networks, exploited one of our Virtual Private Networks (VPNs) through two Ivanti Connect Secure zero-day vulnerabilities, and skirted past our multi-factor authentication using session hijacking," Lex Crumpton, a defensive cyber operations researcher at the non-profit,  said  last week. The attack entailed the  exploitation  of CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), which could be weaponized by threat actors to bypass authentication and run arbitrary commands on the infected system. Upon gaining initial access, the threat actors m...

The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which  came to light last month , singled out MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE) through the exploitation of two Ivanti Connect Secure zero-day vulnerabilities tracked as CVE-2023–46805 and CVE-2024–21887, respectively. "The adversary maneuvered within the research network via VMware infrastructure using a compromised administrator account, then employed a combination of backdoors and web shells to maintain persistence and harvest credentials," MITRE  said . While the organization had previously disclosed that the attackers performed reconnaissance of its networks starting in January 2024, the latest technical deep dive puts the earliest signs of compromise in late December 2023, with the adversary dropping a Perl-based web shell ...

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim's system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1. Phishing in MS Office: Still Hackers' Favorite Phishing attacks using Microsoft Office files have been around for years, and they're still going strong. Why? Because they work, especially in business environments where teams constantly exchange Word and Excel documents. Attackers know that people are used to opening Office files, especially if they come from what looks like a colleague, a client, or a partner. A fake invoice, a shared report, or a job offer: it doesn't take much to convince someone to click. And once the file is open, the attacker has their chance. Phishing with Offic...