Search results for security AAA | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities ( KEV ) catalog, officially confirming the vulnerability has been weaponized in the wild. The shortcoming in question is CVE-2025-5777 (CVSS score: 9.3), an instance of insufficient input validation that could be exploited by an attacker to bypass authentication when the appliance is configured as a Gateway or AAA virtual server. It's also called Citrix Bleed 2 owing to its similarities with Citrix Bleed (CVE-2023-4966). "Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation," the agency said. "This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server." CISA pointed out that flaws like CVE-2025-5777 are f...

Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us. But security teams are fighting back. They’re building faster defenses, better ways to spot attacks, and stronger systems to keep people safe. It’s a constant race — every move by attackers sparks a new response from defenders. In this week’s ThreatsDay Bulletin, we look at the latest moves in that race — from new malware and data leaks to AI tools, government actions, and major security updates shaping the digital world right now. U.K. moves to tighten cyber rules for key sectors U.K. Debuts Cyber Security and Resilience Bill The U.K. government has proposed a new Cyber Security and Resilience Bill that aims to strengthen national security and secure public services like healthcare, drinking wat...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with a new malware called FIRESTARTER . FIRESTARTER, per CISA and the U.K.'s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and control. It's believed to be deployed as part of a "widespread" campaign orchestrated by an advanced persistent threat (APT) actor to obtain access to Cisco Adaptive Security Appliance (ASA) firmware by exploiting now-patched security flaws such as - CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input vulnerability that could allow an authenticated, remote attacker with valid VPN user credentials to execute arbitrary code as root on an affected device by sending crafted HTTP requests. CVE-2025-20362 (CVSS score: 6.5) - An improper...

The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER . "The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, both in sophistication and its ability to evade detection," the agency said . Cisco on Thursday revealed that it began investigating attacks on multiple government agencies linked to the state-sponsored campaign in May 2025 that targeted Adaptive Security Appliance (ASA) 5500-X Series devices to implant malware, execute commands, and potentially exfiltrate data from the compromised devices. An in-depth analysis of firmware extracted from the infected devices running Cisco Secure Firewall ASA Software with VPN web services enabled ultimately led to the discovery of a memory corruption bug in...

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543 , carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the appliance to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The shortcoming impacts the below versions - NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46  NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19 NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life) NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP "Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities," Citrix ...

A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as  CVE-2023-27470  (CVSS score: 8.8), the  issue  relates to a Time-of-Check to Time-of-Use ( TOCTOU ) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows system. The security shortcoming, which impacts versions 7.0.41.1141 and prior, has been addressed in version 7.0.43 released on March 15, 2023, following responsible disclosure by Mandiant on February 27, 2023. Time-of-Check to Time-of-Use falls under a category of software flaws wherein a program checks the state of a resource for a specific value, but that value changes before it's actually used, effectively invalidating the results of the check. An exploitation of such a flaw can result in a loss of integrity and trick the program into performing actions that it sh...

The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC products to breach organizations in the country. The NCSC-NL said it discovered the exploitation of CVE-2025-6543 targeting several critical organizations within the Netherlands, and that investigations are ongoing to determine the extent of the impact. CVE-2025-6543 (CVSS score: 9.2) is a critical security vulnerability in NetScaler ADC that results in unintended control flow and denial-of-service (DoS) when the devices are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The vulnerability was first disclosed in late June 2025, with patches released in the following versions - NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46 NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19 NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP ...

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances. "The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks," InkBridge Networks CEO Alan DeKok, who is the creator of the FreeRADIUS Project , said in a statement. "As a result, an attacker can modify these packets without detection. The attacker would be able to force any user to authenticate, and to give any authorization (VLAN, etc.) to that user." RADIUS, short for Remote Authentication Dial-In User Service, is a client/server protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. The security of RADIUS is reliant on a hash that's derived usi...

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising due to resource exhaustion, the security flaw could be exploited by unauthenticated, remote attackers to cause a DoS of the RAVPN service. "An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device," Cisco said in an advisory. "A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device." Restoration of the RAVPN service may require a reload of the device depending on the impact of the attack, the networking equipment company added. While there are no dire...

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January 2025 . "The research discovered that SAP GUI input history is stored insecurely, both in the Java and Windows versions," Pathlock researcher Jonathan Stross said in a report shared with The Hacker News. SAP GUI user history allows users to access previously entered values in input fields with the goal of saving time and reducing errors. This historical information is stored locally on devices. This can include usernames, national IDs, social security numbers (SSNs), bank account numbers, and internal SAP table names. The vulnerabilities identified by Pathlock are rooted in th...

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management interface access) CVE-2023-6549 (CVSS score: 8.2) - Denial-of-service (requires that the appliance be configured as a Gateway or authorization and accounting, or AAA, virtual server) The following customer-managed versions of NetScaler ADC and NetScaler Gateway are impacted by the shortcomings - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15 NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21 NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life) NetScaler ADC 13.1-FIPS before 13.1-37.176 NetS...

U.S. cybersecurity and intelligence agencies have  released  a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats. "The threat landscape in 5G is dynamic; due to this, advanced monitoring, auditing, and other analytical capabilities are required to meet certain levels of network slicing service level requirements over time," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA)  said . 5G is the fifth-generation technology standard for broadband cellular networks, offering increased data speeds and lower latency. Network slicing is an architectural model that allows mobile service providers to partition their network up into several independent "slices" in order to create virtual networks that cater to different clients and use cases. The latest advisory builds upon guidance  previously issued  by the agencies in December 2022, warn...

Citrix is  alerting  users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild. Tracked as  CVE-2023-3519  (CVSS score: 9.8), the issue relates to a case of  code injection  that could result in unauthenticated remote code execution. It impacts the following versions - NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life) NetScaler ADC 13.1-FIPS before 13.1-37.159 NetScaler ADC 12.1-FIPS before 12.1-55.297, and NetScaler ADC 12.1-NDcPP before 12.1-55.297 The company did not give further details on the flaw tied to CVE-2023-3519 other than to say that exploits for the flaw have been observed on "unmitigated appliances." However, successful exploitation requires the device to be configured as a Gateway (VPN virtual server, ...

One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own—this is simply not the case. In our latest  whitepaper  OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today’s ever-evolving file upload security landscape, and a big part of that is understanding where the pitfalls are, and how to avoid them. The first step in that process is understanding that three commonly used tools or solutions are not enough on their own. Let’s explore this concept and take a closer look at a better solution. Understanding the Challenge Modern web applications are complex, utilizing internet-connected IT systems that interface with critical OT systems, as well as leveraging a wide range of cloud providers and protocols. All these systems transfer and store highly sensitive and valuable data across government, healthcare, power, financial, and other critical sectors the wor...

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user session mixup Cybersecurity company Rapid7 said that CVE-2026-3055 refers to an out-of-bounds read that could be exploited by unauthenticated remote attackers to leak potentially sensitive information from the appliance's memory. However, for exploitation to be successful, the Citrix ADC or Citrix Gateway appliance must be configured as a SAML Identity Provider (SAML IDP), which means default configurations are unaffected. To determine if the device has been configured as a SAML IDP Profile, Citrix is urging customers to inspect their NetScaler Configuration for the specified st...

Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The vulnerabilities in question are listed below - CVE-2025-7775 (CVSS score: 9.2) - Memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service CVE-2025-7776 (CVSS score: 8.8) - Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial-of-Service CVE-2025-8424 (CVSS score: 8.7) - Improper access control on the NetScaler Management Interface The company acknowledged that "exploits of CVE-2025-7775 on unmitigated appliances have been observed," but stopped short of sharing additional details. However, for the flaws to be exploited, there are a number of prerequisites - CVE-2025-7775 - NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server; NetScaler ADC and NetScaler Gateway 13.1, 14.1...