The Security Intelligence and Response Team (SIRT) at Akamai has found that multiple Mirai-based botnets are exploiting CVE-2025-24016, a critical RCE vulnerability in Wazuh servers. This flaw, which has a CVSS score of 9.9, allows remote attackers to execute arbitrary Python code through unsanitized JSON inputs in the Wazuh Distributed …
Read More »CVE-2025-24016
CISA Issues Seven Advisories for Industrial Control Systems (ICS)
On June 5, 2025, CISA released seven advisories regarding Industrial Control Systems (ICS) that highlight current security issues, vulnerabilities, and exploits. ICSA-25-155-01 CyberData 011209 SIP Emergency Intercom ICSA-25-155-02 Hitachi Energy Relion 670, 650 series and SAM600-IO Product ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update H) ICSA-25-133-02 Hitachi Energy Relion …
Read More »Critical Cisco ISE flaw impacts cloud deployments on AWS, Microsoft Azure, and OCI
Cisco fixed a critical vulnerability in the Identity Services Engine (ISE) that could let unauthorized attackers carry out harmful actions. The vulnerability, CVE-2025-20286 (CVSS score 9.9), affects Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud. It allows unauthenticated remote attackers to access sensitive data, perform basic admin tasks, modify …
Read More »Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being actively exploited in targeted attacks. The company reported two major flaws (CVE-2025-21479 and CVE-2025-21480) identified by the Google Android Security team in late January, and a third serious vulnerability (CVE-2025-27038) …
Read More »Critical RCE Flaw Patched in Roundcube Webmail
Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher firs0v, the issue has been addressed in the latest updates for the 1.6 and 1.5 LTS versions. The security update addresses a post-authentication RCE vulnerability caused by PHP object deserialization. …
Read More »Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities. CVE-2025-5054 affects Ubuntu’s core-dump handler, Apport, while CVE-2025-4598 targets systemd-coredump, the default core-dump handler on Red Hat Enterprise Linux 9 and 10, as well as Fedora. These vulnerabilities allow a …
Read More »
CVE-2023-39780
Botnet hacks thousands of ASUS routers
GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to be part of a covert effort to create a network of backdoor devices, possibly aiming to establish a botnet in the future. The tactics in this campaign—sneaky initial access, using …
Read More »251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
Cybersecurity researchers recently revealed a coordinated cloud-based scanning attack that targeted 75 different exposure points earlier this month. On May 8, 2025, GreyNoise observed activity from 251 malicious IP addresses located in Japan and hosted by Amazon. “These IPs triggered 75 distinct behaviors, including CVE exploits, misconfiguration probes, and recon …
Read More »Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges
A passback vulnerability has been found in some Canon printers, including production and multifunction models. If an attacker gains administrative access, they could obtain sensitive authentication information, including SMTP and LDAP connections. Affected Products: imageRUNNER ADVANCE Series imageRUNNER Series imagePRESS V Series imagePRESS Series imageCLASS Series i-sensys Series Satera Series …
Read More »Palo Alto Networks Warns of XSS Flaw: PoC Released
Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its PAN-OS software. The flaw allows malicious JavaScript to run in the browsers of authenticated Captive Portal users when they click specific links. Organizations using the Clientless VPN feature face a …
Read More »
InfoSecBulletin Cybersecurity for mankind