Week 17
Apr 19 - 27
Trends
breachpatterns
The Verizon 2025 Data Breach Investigations Report along with FBI's findings indicate a significant rise in cybercrime, with ransomware and third-party breaches becoming more prevalent. The education sector is notably vulnerable to social engineering, while critical infrastructure remains a high-value target for ransomware. The increase in exploitation of vulnerabilities and third-party involvement suggests a need for heightened vigilance and improved security postures across industries.
Follow-up source
https://therecord.media/over-16-billion-in-losses-fbi-cybercrime
https://it.semo.edu/TDClient/93/IT/Home/?ID=1f1bb8b7-faff-4f1f-a1d3-7868f2576493
msprogress
Microsoft continues to bolster its security infrastructure and culture, focusing on making security a core performance metric and deploying advanced technologies like Azure Confidential VMs and multi-factor authentication. While significant progress is noted, emphasis on feature development over code quality and patching rates remains a concern. These efforts reflect a broader industry trend towards embedding security into organizational culture and technology ecosystems.
Follow-up source
https://redmondmag.com/articles/2025/04/21/microsoft-details-secure-future-initiative-progress.aspx
https://www.onsitecomputing.net/2025/04/23/microsoft-steady-progress-revamp-security-culture/
zambialaws
Zambia's new cyber laws have sparked controversy due to their potential for increasing governmental surveillance and suppressing dissent. These laws, which require telecommunications to enable lawful interception, have led to international concern and advisories, highlighting the ongoing global tension between cybersecurity measures and privacy rights.
Follow-up source
espionage
State-sponsored groups from North Korea, Iran, and Russia are increasingly using social engineering tactics, such as fake job interviews and deepfake technology, to distribute malware and infiltrate organizations. These campaigns are evolving, leveraging vulnerabilities like BlueKeep and tactics like ClickFix, impacting IT hiring processes and crypto sectors. Over time, this trend could increase the difficulty in distinguishing between legitimate and malicious job applicants, necessitating enhanced verification processes.
Follow-up source
https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html
https://www.darkreading.com/remote-workforce/north-korean-operatives-deepfakes-it-job-interviews
https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html
vulnerabilities
Recent research has uncovered vulnerabilities in the Rack Ruby web server interface, which could allow attackers to gain unauthorized access and inject malicious data. This underscores the importance of regularly updating and securing web server infrastructure to protect sensitive data and prevent breaches.
Follow-up source
incidents
Marks and Spencer Group plc faced a cyber incident, causing disruptions in operations like contactless payments and 'Click & Collect' orders. The incident, reported to the London Stock Exchange and national authorities, highlights the increasing frequency of cyberattacks on retail businesses. Organizations in the retail sector must enhance their cybersecurity measures to protect against such threats, which can impact customer service and financial performance.
Follow-up source
https://www.londonstockexchange.com/news-article/MKS/cyber-incident-update/16999905
https://onsitecomputing.net/2025/04/23/marks-spencer-cyber-incident/
disruptions
Abilene, Texas, experienced IT disruptions following a cyber incident, leading to offline systems and ongoing investigations. The incident primarily affected internal servers, although emergency services remained operational. This event illustrates the vulnerability of municipal infrastructure to cyberattacks and the importance of robust incident response plans to mitigate potential damage and ensure continuity of critical services.
Follow-up source
healthcare
Recent data breaches in the healthcare sector, including significant incidents at Yale New Haven Health System and Frederick Health Medical Group, highlight a troubling trend. These breaches exposed sensitive patient information, including Social Security numbers and medical records, affecting millions. The healthcare industry must prioritize cybersecurity to safeguard patient data and comply with regulations, as breaches can lead to severe privacy violations and erode public trust.
Follow-up source
darcula
The Darcula phishing-as-a-service platform has integrated AI capabilities, significantly lowering the technical barrier for executing sophisticated phishing attacks. This highlights a growing threat as cybercriminals can now deploy AI-enhanced phishing campaigns, increasing the risk to businesses and individuals who may fall victim to these more convincing attacks.
Follow-up source
microsoft
In response to a Chinese APT breach, Microsoft has launched the Secure Future Initiative, enhancing security measures for Entra ID, MSA, and Azure. This includes purging dormant cloud tenants and rotating keys to prevent future nation-state hacks. Over time, this initiative aims to bolster enterprise cloud security and mitigate risks associated with sophisticated cyber threats.
Follow-up source
https://www.onsitecomputing.net/2025/04/22/microsoft-millions-cloud-tenants-storm-0558/
https://www.darkreading.com/cloud-security/microsoft-millions-cloud-tenants-storm-0558
resilience
Amid economic uncertainty, cybersecurity firms remain optimistic due to increased threats during downturns. Sectors like accounting are advised not to reduce cybersecurity spending, as threats can intensify. This suggests a continued demand for cybersecurity services, potentially affecting IT budgets and strategies across industries.
Follow-up source
https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2025.pdf
https://app.daily.dev/posts/accounting-firms-can-t-skimp-on-cybersecurity-s8lzarivz
ransomware
Since January, 'Fog' hackers have been using DOGE-themed ransom notes, accumulating over 100 victims. This pattern indicates a growing threat landscape where novel and social-engineering tactics are employed, affecting businesses across various sectors and requiring enhanced detection and response capabilities.
Follow-up source
scam
Reports indicate that Southeast Asian organized crime groups are expanding globally, operating cyber-enabled scam centers or 'boiler rooms.' These operations involve complex networks that generate significant revenue, estimated at USD$30 billion annually. The increasing sophistication and global reach of these criminal networks pose a long-term threat to global financial systems and call for coordinated international efforts to counteract their influence.
Follow-up source
https://www.onsitecomputing.net/2025/04/23/industrial-scale-asian-scam-centers/
https://www.occrp.org/en/news/un-transnational-cybercrime-in-southeast-asia-hits-record-high
phishing
Japan's Financial Services Agency reports a surge in unauthorized stock trading due to phishing attacks. From February to April, over $700 million in assets were stolen from Japanese brokerage firms, with attackers exploiting stolen credentials to manipulate stock transactions. This highlights the growing threat of credential theft and its severe financial implications for individuals and brokerage firms alike.
Follow-up source
panda
Chinese APT groups like Mustang Panda and Lotus Panda are intensifying their activities, deploying new tools such as keyloggers, malware, and EDR evasion techniques. Their targets include Southeast Asian governments, highlighting a focused campaign of cyber espionage. These trends suggest an increasing threat to governmental and organizational data security in the region.
Follow-up source
api
Security vulnerabilities in APIs are becoming a significant concern, with instances of unauthorized access and data exposure. Recent reports highlight weaknesses in API authorization and authentication processes, leading to potential exploitation. As API usage grows, companies must prioritize securing their endpoints to prevent data breaches and unauthorized access.
Follow-up source
espionage
Recent cybersecurity incidents highlight a trend of state-backed cyber espionage campaigns. Russian hackers have targeted Dutch critical infrastructure and disguised spyware as an Android app to spy on Russian military personnel. Simultaneously, China's UNC5174 group has used advanced malware to target global organizations. These incidents emphasize the persistent threat from nation-state actors leveraging technology to conduct espionage, affecting military, critical infrastructure, and global corporate sectors. Organizations must enhance threat detection and response capabilities to mitigate these evolving threats.
Follow-up source
initiative
CISA's 'Secure by Design' initiative faces uncertainty after the departure of two key leaders. Despite these challenges, the initiative aims to push for more secure software development practices. The program's success depends on continued leadership and international collaboration. As organizations increasingly prioritize security in the development lifecycle, the industry's approach to building secure software may evolve significantly, affecting software vendors and developers globally.
Follow-up source
disclosure
The recent controversy involving US Defense Secretary Pete Hegseth sharing sensitive information via Signal underscores the risks associated with inappropriate use of messaging platforms for confidential communications. This incident highlights the need for stringent policies on data sharing and the use of secure communication channels within government and military operations to prevent data leaks and enhance national security.
Follow-up source
exploits
A series of vulnerabilities (CVE-2025-31200, CVE-2025-31201) targeting Apple operating systems such as tvOS, visionOS, iOS, iPadOS, and macOS Sequoia have been identified. These vulnerabilities involve memory corruption and pointer authentication bypass, suggesting sophisticated attacks on specific individuals. This highlights the increasing targeting of high-value Apple users and underscores the necessity for prompt security updates and vigilance against potential zero-day exploits.
Follow-up source
vulnerabilities
A surge in vulnerabilities affecting various PHP-based systems and plugins has been observed, including Sourcecodester's Online ID Generator System and Saoshyant Slider. These vulnerabilities, with CVEs such as CVE-2024-40071 and CVE-2025-27286, highlight recurring security issues like SQL injection and object injection. This suggests a growing threat to PHP applications, potentially impacting developers and businesses relying on these technologies. Regular security audits and updates are crucial to mitigate these evolving threats.
Follow-up source
cms
Recent vulnerabilities in SourceCodester Company Website CMS 1.0, including CVE-2025-29708 and CVE-2025-29709, reveal a pattern of file upload security flaws. This underscores the need for heightened security measures in CMS platforms, which are frequently targeted due to their widespread use. Organizations utilizing such systems should prioritize implementing robust security protocols and keeping their systems updated.
Follow-up source
remoteexecution
Throughout early 2025, a recurring pattern of vulnerabilities enabling remote code execution has emerged, notably affecting Nautel VX Series transmitters with a CVSS score of 9.8. These vulnerabilities often stem from improper handling of update packages, allowing remote attackers to execute arbitrary code. The industry is witnessing increased sophistication in attack vectors targeting firmware and embedded systems, highlighting the need for robust update verification processes and enhanced security measures for IoT devices.
Follow-up source
sqlinjection
An increasing trend of SQL injection vulnerabilities has been observed across multiple WordPress plugins, including Quentn WP, DingfanzuCMS, Stealth Links, and Local Magic. These vulnerabilities, with CVSS scores ranging from 9.3 to 9.8, highlight a critical security threat that could lead to unauthorized data access and manipulation. The recurring nature of these vulnerabilities suggests a need for improved security practices in plugin development and heightened awareness among users about maintaining updated and secure installations.
Follow-up source
wpvulnerabilities
Numerous WordPress plugins, including Pantherius Modal Survey, UrbanGo Membership, and others, have been found vulnerable to high-severity attacks such as SQL injection, privilege escalation, and arbitrary file uploads. This highlights a broader trend of security weaknesses in WordPress plugins, suggesting a need for enhanced security practices in plugin development and maintenance.
Follow-up source
zeroday
A zero-day vulnerability (CVE-2024-53104) exploited by Cellebrite to unlock Android devices was disclosed, with Google having patched it in February. The use by law enforcement highlights ongoing concerns about the ethical implications and potential misuse of such vulnerabilities, affecting privacy and security of individuals, especially activists and journalists.
Follow-up source
malware
The emergence of DslogdRAT malware, following the exploitation of a zero-day vulnerability in Ivanti Connect Secure (ICS), highlights a persistent threat trend involving zero-day attacks. This malware has been specifically observed in Japan and indicates a growing focus on exploiting vulnerabilities in widely-used security technologies. Over time, organizations using ICS and similar technologies need to be vigilant for zero-day threats and ensure timely patch management to mitigate potential security breaches.
Follow-up source
alfabuffer
The ALFA WiFi CampPro router is under scrutiny due to multiple buffer overflow vulnerabilities (CVE-2025-29045, CVE-2025-29046, CVE-2025-29047), allowing remote code execution. These incidents highlight a recurring pattern of security flaws in network hardware impacting consumer and business IoT devices. Over time, this trend could affect network administrators and users, emphasizing the need for proactive vulnerability management and patching strategies.
Follow-up source
sessionattacks
Recent vulnerabilities in Elber REBLE310 and DAEnetIP4 METO systems highlight a troubling trend of session management flaws leading to session hijacking attacks. As attackers increasingly exploit these weaknesses, businesses must prioritize securing session management mechanisms and implementing robust access controls. These recurring vulnerabilities indicate a need for enhanced security practices and awareness around session handling in firmware and web applications.
Follow-up source
yiiot
Recent analyses reveal recurring vulnerabilities in Yi IOT devices, specifically version 6.0.24.10 of the XY-3820 model. These vulnerabilities, including remote command execution via 'cmd_listen' and lack of input validation on TCP port 6789, expose significant security risks. Over time, the industry may face increased threats targeting IoT devices, necessitating enhanced security protocols and frequent patch updates.
Follow-up source
motw
Recent developments have shown a pattern of vulnerabilities related to the Mark-of-the-Web (MotW) bypass in WinZIP, with CVE-2025-33028 addressing a previous incomplete fix (CVE-2024-8811). This highlights ongoing challenges in fully securing file compression tools against bypass attacks. IT departments should monitor updates and ensure patches are promptly applied to prevent security breaches.
Follow-up source
Directives
gigwork
Fraudsters are increasingly targeting gig-work platforms due to their high-turnover workforces and frequent account payouts, leading to heightened risks of data breaches, fraud, and account takeovers. These platforms must enhance their security measures to protect sensitive user information and prevent financial losses.
Follow-up source
https://yasna.io/?tags=fraud
access
The report details the activities of an initial access broker named ToyMaker, who has been facilitating access for double extortion ransomware groups like CACTUS by exploiting vulnerabilities in unpatched internet-facing servers. This poses a significant risk to organizations, particularly those in critical infrastructure sectors, highlighting the necessity for patch management and continuous monitoring of network vulnerabilities.
Follow-up source
exploitation
Threat actors are exploiting a critical vulnerability in SAP NetWeaver to deploy JSP web shells, potentially allowing unauthorized file uploads and code execution. This highlights the urgent need for organizations using SAP to apply security patches promptly and monitor for signs of compromise to mitigate risks associated with this vulnerability.
Follow-up source
breach
Blue Shield of California experienced a data breach affecting 4.7 million individuals due to a misconfigured Google Analytics setup, potentially breaching HIPAA compliance. The sensitive data exposed includes insurance details, medical information, and online identifiers. In response, the company disconnected Google Analytics from Google Ads and is reviewing its analytics tracking software. The breach underscores the critical need for healthcare organizations to ensure compliance with data protection regulations to avoid legal repercussions and loss of trust.
Follow-up source
sim
Following a malware attack, SK Telecom in South Korea confirmed a data breach compromising customer SIM card information, exposing users to potential SIM swap attacks. In response, the company offers free SIM replacements to 23 million subscribers starting April 28th. This initiative is crucial for preventing unauthorized access and protecting customer data integrity.
Follow-up source
commvault
Researchers highlight a critical vulnerability in the Commvault Command Center, allowing remote code execution with highly privileged access. Although patched, businesses using Commvault systems should ensure updates are applied promptly to safeguard sensitive data and business-critical systems from exploitation.
Follow-up source
https://www.darkreading.com/cyber-risk/max-severity-commvault-bug-researchers
https://thehackernews.com/2025/04/critical-commvault-command-center-flaw.html
kubernetes
Recent research by SANS highlights that Kubernetes pods are inheriting excessive permissions, posing a cyber-risk. The report emphasizes securing Kubernetes workload identity to mitigate this risk without additional infrastructure. Companies using Kubernetes should review and restrict permissions to improve security posture.
Follow-up source
https://onsitecomputing.net/2025/04/23/kubernetes-pods-inheriting-permissions/
https://www.darkreading.com/cloud-security/kubernetes-pods-inheriting-permissions
cookie-bite
A proof-of-concept attack named 'Cookie Bite' exploits Azure authentication tokens, enabling persistent access to Microsoft 365 services. The attack uses a browser extension for session hijacking. Organizations using Azure and Microsoft 365 should review their token security and consider browser security enhancements to prevent exploitation.
Follow-up source
zero-day
Apple has disclosed two zero-day vulnerabilities being exploited in sophisticated attacks against specific targeted individuals using iOS devices. These attacks suggest involvement of spyware or nation-state actors, highlighting the need for immediate security updates to protect affected technologies and users.
Follow-up source
comet
The Security Alliance (SEAL) warns of a social engineering campaign by 'Elusive Comet,' targeting cryptocurrency users via Zoom. The attackers use Zoom's remote control feature to install malware, including infostealers and RATs. SEAL advises disabling Zoom's remote control request functionality and provides indicators of compromise to mitigate this threat.
Follow-up source
patch
ASUS has reported a critical vulnerability in their AiCloud routers, urging users to immediately update their firmware. The vulnerability, which can be exploited through a crafted request, poses a significant risk of unauthorized function execution. Affected users should upgrade to the latest firmware versions 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102. Those unable to update should disable internet-accessible services to mitigate risks.
Follow-up source
https://www.securityhome.eu/news/news.php?nid=1093304580680687e4bf1583.97701889
https://thehackernews.com/2025/04/asus-confirms-critical-flaw-in-aicloud.html
cisa
Following an alleged Oracle Cloud breach, CISA has issued recommendations to prevent data misuse. They advise organizations to implement enhanced security measures, although Oracle has not yet publicly provided guidance to its customers. This underscores the importance of proactive security measures and incident response strategies to protect cloud infrastructures.
Follow-up source
backdoor
A significant supply chain attack was discovered where the Ripple Foundation's npm account was compromised, leading to malicious code being inserted into their popular JavaScript library, Ripple Ledger. This software, downloaded over 140,000 times weekly, was altered to steal private keys and access customer wallets, impacting developers and businesses using npm and Ripple's technology. Organizations using these packages should immediately audit their dependencies, replace compromised packages, and monitor for unusual activity to prevent data breaches.
Follow-up source
supercard
The emergence of a new Android malware named 'SuperCard X' is facilitating NFC relay attacks, enabling fraudulent Point-of-Sale payments and ATM withdrawals. Delivered through social engineering attacks, this malware captures card details for unauthorized transactions, affecting Android devices and users globally. Businesses relying on NFC technology must enhance their security protocols to prevent financial fraud.
Follow-up source
libsoup
A critical vulnerability (CVE-2025-32911) in the 'libsoup' library allows for use-after-free memory issues, potentially causing server memory corruption. This vulnerability affects systems utilizing the 'libsoup' HTTP library, urging developers and system administrators to apply necessary patches to mitigate exploitation risks.
Follow-up source
tenda
A buffer overflow vulnerability (CVE-2025-25456) in the Tenda AC10 router firmware poses a severe risk (CVSS 9.8) by allowing attackers to execute arbitrary code. This affects users of the Tenda AC10 V4.0si_V16.03.10.20, necessitating immediate firmware updates to protect against potential exploitation.
Follow-up source
atg
CISA has issued a warning regarding a critical vulnerability (CVE-2025-2567) in Veeder-Root Automatic Tank Gauge (ATG) systems, which can be exploited by attackers to modify or disable fuel monitoring, impacting supply chain operations and posing safety hazards. Organizations using these systems should urgently apply recommended security patches and update configurations to mitigate potential risks to fuel storage and transportation.
Follow-up source
argo
A severe vulnerability (CVE-2025-32445) in Argo Events allows unauthorized users to gain privileged access through EventSource and Sensor CRs. Organizations using Argo Events should immediately upgrade to version 1.9.6 to prevent potential exploitation and maintain system integrity.
Follow-up source
oracle
Oracle has identified a critical vulnerability (CVE-2025-30727) in the Oracle E-Business Suite's iSurvey Module, which allows unauthenticated attackers to take over the scripting component. Businesses utilizing these versions should apply the latest security updates from Oracle's April 2025 patch to defend against potential unauthorized access.
Follow-up source
growatt
Multiple vulnerabilities (CVE-2025-30510 and CVE-2025-24297) have been discovered in the Growatt Cloud Portal, allowing for arbitrary file uploads and JavaScript injection. Affected organizations should update to the latest version and implement server-side input validation to prevent potential security breaches.
Follow-up source
commgr
Delta Electronics COMMGR v1 and v2 are vulnerable to session ID brute force attacks, leading to potential arbitrary code execution. This vulnerability, identified as CVE-2025-3495, has a high CVSS score of 9.8, indicating critical risk. Organizations using these products should apply security patches promptly to mitigate exploitation risks.
Follow-up source
siemens
Multiple SQL injection vulnerabilities have been identified in Siemens TeleControl Server Basic, with CVEs including CVE-2025-27495, CVE-2025-27539, and CVE-2025-27540. These vulnerabilities pose significant security risks with a CVSS score of 9.8. Affected users and businesses are advised to review and implement the recommended security updates from Siemens to protect their systems.
Follow-up source
tp-link
Recently disclosed SQL injection vulnerabilities (CVE-2025-29651, CVE-2025-29652, CVE-2025-29653) in TP-Link M7650, M7000, and M7450 4G LTE Mobile Wi-Fi Routers have been identified with a critical CVSS score of 9.8. These vulnerabilities could allow attackers to execute arbitrary SQL commands, potentially compromising the affected routers and exposing sensitive data. Businesses using these models should immediately apply patches or follow recommended security measures to mitigate risks.
Follow-up source
hitachi
A critical vulnerability (CVE-2025-0756) in Hitachi Vantara Pentaho Data Integration & Analytics, with a CVSS score of 9.1, may allow unauthorized access to sensitive data. Users are advised to upgrade to version 10.2.0.2 or later to prevent exploitation. Organizations using this software should prioritize updating to protect against potential data breaches.
Follow-up source
d-link
Multiple critical remote code execution vulnerabilities (CVE-2025-29040 through CVE-2025-29043) have been discovered in D-Link DIR 832x 240802 routers. With a CVSS score of 9.8, these vulnerabilities could allow attackers to execute arbitrary commands remotely. Businesses using these routers should implement security updates and follow D-Link's guidance to mitigate threats.
Follow-up source
netgear
A buffer overflow vulnerability (CVE-2025-29044) in Netgear R61 router V1.0.1.28 could enable remote code execution due to improper handling of the QUERY_STRING key value. With a CVSS score of 9.8, this issue requires immediate attention. Users should apply the latest security patches and review security configurations to protect against potential exploitation.
Follow-up source
landchat
A critical Remote Code Execution (RCE) vulnerability has been identified in the LandChat core application (CVE-2025-29662), allowing unauthenticated attackers to execute system code remotely. Businesses using LandChat should prioritize applying patches to mitigate risks associated with this exploit, which is rated with a CVSS score of 9.8.
Follow-up source
dietiqa
An SQL Injection vulnerability in the Dietiqa App v1.0.20 (CVE-2025-28009) poses a high security risk, enabling unauthorized data manipulation via the 'u' parameter in the progress-body-weight.php endpoint. Organizations using this app should implement immediate security updates to protect sensitive information.
Follow-up source
yokogawa
Insecure default settings in Yokogawa Electric Corporation's recorder products (CVE-2025-1863) allow unauthorized data access and manipulation. Affected products include GX10, GX20, GP10, and GP20 Paperless Recorders. Companies should update device configurations to secure data integrity.
Follow-up source
orban
Orban OPTIMOD 5950 firmware and system have been found with incorrect access controls (CVE-2025-28229), allowing attackers to bypass authentication and gain Administrator privileges. Organizations should update to secure versions immediately to prevent unauthorized access.
Follow-up source
accesscontrol
In early 2025, incorrect access control vulnerabilities were identified in JMTek LLC's JMBroadcast JMB0150 Firmware and Itel Electronics' IP Stream v1.7.0.6, both scoring a CVSS of 9.1. These vulnerabilities allow attackers to exploit hardcoded administrator credentials and execute arbitrary commands with administrative privileges, respectively. Businesses using these technologies are at high risk of unauthorized access and potential data breaches. It is crucial for affected organizations to immediately apply patches or implement compensating controls to mitigate these risks.
Follow-up source
tokenextraction
AdeptLanguage faced a severe vulnerability (CVE-2025-32958) in early 2025, where attackers can exploit a token extraction flaw due to improper artifact uploads using GITHUB_TOKEN. This can lead to malicious code being pushed or release commits being rewritten, posing a significant threat to code integrity and security. Organizations using AdeptLanguage must urgently review their CI/CD pipeline configurations and remove sensitive tokens from the build processes to prevent potential exploitation.
Follow-up source
hmc
A critical vulnerability (CVE-2025-1950) has been identified in IBM Hardware Management Console for Power Systems (versions V10.2.1030.0 and V10.3.1050.0), which allows local users to execute commands due to improper library validation. Organizations using these systems should prioritize patching to mitigate potential exploits that could lead to unauthorized command execution.
Follow-up source
commvault
Commvault Command Center Innovation Release 11.38 is vulnerable to an unauthenticated actor uploading malicious ZIP files, which can lead to Remote Code Execution (CVE-2025-34028). With a CVSS score of 10.0, this vulnerability poses a critical risk. Organizations using this software should immediately apply available patches and monitor for any unauthorized file uploads.
Follow-up source
aihub
The EPC AI Hub has a critical vulnerability (CVE-2025-26927) allowing arbitrary web shell uploads, possibly leading to server compromise. Users of this WordPress plugin should urgently update to secure versions to prevent exploitation by attackers.
Follow-up source
kadence
Kadence WooCommerce Email Designer has an arbitrary file upload vulnerability (CVE-2025-39557) that could allow server takeover. With over 100,000 active installations, users should update to the latest versions to mitigate this high-risk issue.
Follow-up source
kataplus
A critical object injection vulnerability (CVE-2025-32572) has been identified in Climax Themes Kata Plus, affecting versions up to 1.5.2. This vulnerability results from deserialization of untrusted data, threatening over 600 active installations. Organizations using this WordPress plugin should prioritize patching or upgrading to mitigate potential exploitation.
Follow-up source
jsjobs
The JS Job Manager plugin for WordPress, used by over 800 sites, is vulnerable to SQL Injection (CVE-2025-32626) due to improper neutralization of special elements. Users should immediately update to a secure version to prevent data breaches and unauthorized access.
Follow-up source
projectopia
Projectopia has a privilege escalation vulnerability (CVE-2025-32648), affecting versions up to 5.1.16. This flaw allows attackers to gain elevated privileges, posing a high risk to business operations. Administrators should apply the latest patches to secure their installations.
Follow-up source
fluentcommunity
A serious deserialization vulnerability (CVE-2025-39550) in FluentCommunity allows object injection, impacting over 4,000 active installations. Users are urged to upgrade to safe versions to prevent potential exploits that could compromise site integrity.
Follow-up source
fluentboards
A critical vulnerability (CVE-2025-39551) has been identified in FluentBoards, a WordPress plugin, due to object injection through deserialization of untrusted data affecting versions up to 1.47. With a CVSS score of 9.8, this flaw poses a significant risk to over 4,000 installations. Organizations using FluentBoards should prioritize applying patches or updates to mitigate potential exploitation.
Follow-up source
costcalculator
The Cost Calculator Builder plugin for WordPress is vulnerable to SQL injection (CVE-2025-39587), affecting versions up to 3.2.65. This vulnerability scores 9.3 on the CVSS scale and affects over 30,000 active installations. Immediate action is required to update the plugin to a secure version to prevent potential data breaches and unauthorized database access.
Follow-up source
storekit
Ultimate Store Kit Elementor Addons is affected by a severe object injection vulnerability (CVE-2025-39588) through deserialization of untrusted data up to version 2.4.0. With a CVSS score of 9.8, this issue impacts over 1,000 installations. It's crucial for users to update to the latest version to secure their sites against potential exploits.
Follow-up source
weakauth
A critical vulnerability (CVE-2025-39596) in Quentn WP plugin allows for privilege escalation due to weak authentication mechanisms. This affects WordPress sites using versions up to 1.2.8. Businesses using this plugin must update immediately to mitigate potential unauthorized access and control over their WordPress sites.
Follow-up source
webexupdate
Cisco issued a security advisory for a vulnerability in Webex affecting versions 44.6 and 44.7, which could allow remote code execution through crafted meeting links. Users must upgrade to fixed versions 44.6.2.30589 or 44.8 to prevent exploitation, as no workarounds exist.
Follow-up source
exploitation
A security flaw in Windows NTLM, CVE-2025-24054, first exploited on March 19, 2025, has been actively used by malicious actors to leak NTLM hashes or user passwords. This vulnerability, a variant of a previously patched flaw, has been patched by Microsoft. Affected technologies include Windows NTLM used by organizations in Ukraine and Colombia. The implications for businesses are significant, as failure to apply the patch could result in unauthorized access and data breaches.
Follow-up source
fixes
Apple has issued emergency patches to address two security vulnerabilities in iOS, CVE-2025-31200 and CVE-2025-31201, which were part of sophisticated targeted attacks. These vulnerabilities affect the Core Audio framework and RPAC on iOS, iPadOS, macOS, tvOS, and visionOS. Organizations and individuals using these platforms need to update to the latest versions immediately to mitigate the risk of exploitation.
Follow-up source
vulnerability
ASUS has identified a critical security flaw, CVE-2025-24054, in routers with the AiCloud feature, currently under active exploitation. This vulnerability could allow remote attackers to execute unauthorized functions on affected devices. Businesses using ASUS routers with AiCloud should implement the recommended security patches and consider additional security measures to prevent unauthorized access.
Follow-up source
centrestack
Gladinet CentreStack has a critical vulnerability (CVE-2025-30406) due to the use of a hard-coded cryptographic key, allowing attackers to forge ViewState payloads and execute remote code. IT teams should apply vendor-recommended mitigations, adhere to BOD 22-01 for cloud services, or discontinue use if necessary.
Follow-up source
meshtastic
A critical vulnerability (CVE-2025-24797) in Meshtastic allows for remote code execution via a buffer overflow with malformed protobuf data. IT professionals should upgrade to version 2.6.2 to mitigate this risk.
Follow-up source
totolink
TOTOLINK A810R routers have a remote command execution vulnerability (CVE-2025-28137), posing significant security risks. Organizations using these routers should review the vulnerability details and consider implementing recommended security measures or updates.
Follow-up source
stackoverflow
The TOTOLINK N600R router is affected by a stack overflow vulnerability (CVE-2025-22900) in the setWanConfig function, leading to potential exploits. It is critical for users to assess the vulnerability and apply necessary patches or configurations to secure their network.
Follow-up source
totolink
Recent vulnerabilities CVE-2025-29209 and CVE-2025-28038/39 highlight severe security issues in TOTOLINK X18 and EX1200T routers. These vulnerabilities allow unauthorized arbitrary command execution and pre-auth remote command execution, posing serious risks to users of these devices. Businesses using these products should immediate prioritize patching to prevent potential exploitation and ensure network security.
Follow-up source
zigbee
CVE-2021-27289 reveals a critical flaw in the Ksix Zigbee smart home kit, where improper anti-replay mechanisms allow spoofed commands without authentication. This vulnerability could potentially enable attackers to take control of smart home devices, compromising user privacy and security. Users should seek firmware updates or additional security measures to mitigate these risks.
Follow-up source
erick
CVE-2025-28399 exposes a critical remote privilege escalation vulnerability in Erick xmall v.1.1, allowing attackers to gain unauthorized access through the updateAddress method. Businesses using this e-commerce platform should implement immediate patches and review security configurations to protect against potential exploitation.
Follow-up source
dpanel
A critical vulnerability (CVE-2025-30206) in the Dpanel Docker visualization panel system with a hardcoded JWT secret allows attackers to generate valid tokens and compromise host machines. This affects Docker environments where Dpanel is deployed, posing significant risks of unauthorized access and data breaches. Immediate patching and secret rotation are advised to mitigate this risk.
Follow-up source
nats-server
NATS-Server versions prior to 2.10.27 and 2.11.1 contain a severe vulnerability (CVE-2025-30215) allowing unauthorized users with JS management permissions to perform administrative actions, leading to potential data destruction. This affects organizations using these server versions, necessitating immediate updates to prevent exploitation.
Follow-up source
rancher
A privilege escalation vulnerability (CVE-2024-22036) in Rancher allows escape from Docker containers, granting root access within the container. This affects Rancher deployments, posing significant security risks. Users must apply patches and review container configurations to secure their environments.
Follow-up source
wallos
Wallos version 2.38.2 and below are vulnerable to file upload attacks (CVE-2024-55371 & CVE-2024-55372), which can lead to remote code execution. Organizations using Wallos should urgently upgrade to mitigate this high-risk threat and secure their systems from potential breaches.
Follow-up source
erlangrce
A critical vulnerability (CVE-2025-32433) in Erlang/OTP versions prior to 27.3.3, 26.2.5.11, and 25.3.2.20 allows unauthenticated remote code execution via the SSH server. This flaw impacts systems using these Erlang/OTP versions, posing significant security risks for businesses relying on these technologies. Immediate updates to the latest, patched versions are essential to prevent potential exploitation.
Follow-up source
hazelcastrce
A critical remote code execution vulnerability (CVE-2024-56518) in Hazelcast Management Center up to version 6.0 allows attackers to exploit a maliciously crafted hazelcast-client XML document. Organizations using Hazelcast Management Center should upgrade to the latest version to mitigate potential threats and avoid unauthorized access.
Follow-up source
pycel
A critical vulnerability (CVE-2024-53924) in Pycel version 1.0b30 has been uncovered, allowing for code execution via crafted spreadsheet formulas. Given the CVSS score of 9.8, this flaw poses a severe risk to any systems or users processing untrusted spreadsheets with this library. Immediate patching or upgrading is advised to mitigate potential exploitation.
Follow-up source
croogo
Croogo v3.0.2 is vulnerable to a Host header injection attack (CVE-2024-29643) through its feed.rss component, with a CVSS score of 9.1. This vulnerability can lead to significant security risks for web applications using this platform. Users are advised to implement host validation checks and apply any available patches to prevent unauthorized access and data manipulation.
Follow-up source
jmbroadcast
A severe vulnerability (CVE-2025-28232) in JMBroadcast JMB0150 Firmware v1.0 permits unauthorized access to the admin panel. With a CVSS score of 9.1, this issue can lead to control over broadcast operations. It is crucial for users to secure their systems by updating firmware and implementing strong access controls.
Follow-up source
bwbroadcast
Multiple BW Broadcast devices, including TX600 and others, suffer from incorrect access control (CVE-2025-28233), exposing log files and session identifiers. This vulnerability, with a CVSS score of 9.1, could lead to session hijacking. Users should enhance access controls and update to secure versions immediately to protect against unauthorized data access.
Follow-up source
hijacking
Two separate vulnerabilities, CVE-2025-28238 and CVE-2025-28242, both involving improper session management, have been identified in Elber REBLE310 Firmware v5.5.1.R and DAEnetIP4 METO v1.25. These vulnerabilities allow attackers to execute session hijacking attacks, posing a significant threat to organizations using these technologies. Immediate action should be taken to patch these systems to prevent unauthorized access and potential data breaches.
Follow-up source
ssrf
CVE-2025-28197 reveals a Server-Side Request Forgery (SSRF) vulnerability in Crawl4AI version <=0.4.247, specifically in the async_dispatcher.py module. This flaw could allow attackers to manipulate requests to access unauthorized internal resources or cause Denial of Service (DoS). Businesses using Crawl4AI should update to the latest version and review network access policies to mitigate risks.
Follow-up source
bruteforce
A critical vulnerability, CVE-2024-53591, has been identified in Seclore v3.27.5.0, where attackers can bypass authentication using brute force attacks on the login page. This issue poses a high risk of unauthorized access, with a CVSS score of 9.8. It is crucial for organizations using this version of Seclore to implement stronger authentication controls and monitor login attempts to prevent exploitation.
Follow-up source
qimoucms
An urgent security directive highlights a critical vulnerability in Qimou CMS v.3.34.0, where a remote attacker can execute arbitrary code via the upgrade.php component. Given a CVSS score of 9.8, organizations using this CMS should immediately apply necessary patches or mitigate exposure to prevent unauthorized access and potential data breaches.
Follow-up source
mcms
Security advisory for MCMS v5.4.3 warns of an arbitrary file upload vulnerability in the ueditor component, allowing remote attackers to execute arbitrary code. With a CVSS score of 9.8, it is crucial for users to update to a secure version or apply recommended fixes to avoid exploitation, which could lead to unauthorized data access and system compromise.
Follow-up source
ppp
A critical vulnerability (CVE-2024-58250) has been identified in the passprompt plugin of pppd before version 2.5.2, with a CVSS score of 9.3. Organizations using ppp and pppd should immediately update to the latest version to mitigate the risk of privilege mishandling. The vulnerability could lead to severe security breaches if not addressed promptly.
Follow-up source
wordpress
The Wordpress Plugin Smart Product Review plugin up to version 1.0.4 is vulnerable to arbitrary file uploads, potentially leading to remote code execution (CVE-2021-4455). Users should immediately update to version 1.0.5 or a newer patched version to protect against unauthenticated attacks. This is crucial for maintaining site integrity and security.
Follow-up source
gnucommerce
A critical vulnerability (CVE-2025-30985) involving deserialization of untrusted data in GNUCommerce allows object injection, affecting versions up to 1.5.4. This plugin has been closed due to the security issue, and users should discontinue its use to prevent exploitation. The vulnerability has a CVSS score of 9.8, indicating high risk.
Follow-up source