Monday , June 16 2025
cisa

CISA adds windows and whatsUp Gold vuls to its KEV

CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws, adding them to its Known Exploited Vulnerabilities catalog, and is urging swift action from federal agencies and global organizations.

CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVSS 8.8)

Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems

WestJet, Canada's second-largest airline, is looking into a cyberattack that has affected some internal systems during its response to the...
Read More
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems

Paraguay 7.4 Million Citizen Records Leaked on Dark Web

Resecurity found 7.4 million records of Paraguayan citizens' personal information leaked on the dark web today. Last week, cybercriminals attempted...
Read More
Paraguay 7.4 Million Citizen Records Leaked on Dark Web

High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation

HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the...
Read More
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation

SoftBank: Over 137,000 personal info leaked

SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked...
Read More
SoftBank: Over 137,000 personal info leaked

Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code

Serious security vulnerabilities in Trend Micro Apex One could allow attackers to inject malicious code and elevate their privileges within...
Read More
Alert  Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action

Aim Labs discovered a zero-click AI vulnerability named “EchoLeak” in Microsoft 365 Copilot and reported several ways to exploit it...
Read More
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action

Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps

On Tuesday, Adobe released security updates for 254 vulnerabilities in its software, mainly affecting Experience Manager (AEM). There are 254...
Read More
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps

Alert
40,000 + live internet cameras exposed globally !

A new report from Bitsight reveals that over 40,000 internet-connected security cameras around the world are exposed, broadcasting live footage...
Read More
Alert  40,000 + live internet cameras exposed globally !

Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

Microsoft's June Patch Tuesday update has arrived, addressing 66 vulnerabilities across its product line. One of these flaws was actively...
Read More
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

84,000+ Roundcube instances vulnerable to actively exploited flaw

More than 84,000 Roundcube webmail installations are at risk due to CVE-2025-49113, a severe remote code execution (RCE) vulnerability that...
Read More
84,000+ Roundcube instances vulnerable to actively exploited flaw

Microsoft‘s MSHTML platform has a critical vulnerability, CVE-2024-43461, that allows attackers to fake web pages and deceive users into downloading harmful files. This flaw requires user action, like visiting a malicious website or opening a specially crafted file, and it disguises file extensions to mislead users into thinking the files are safe.

A security advisory from the Zero Day Initiative (ZDI) reveals a vulnerability in Internet Explorer related to file download prompts. This flaw allows attackers to run malicious code using the current user’s privileges. The risk increases as this vulnerability was exploited alongside CVE-2024-38112, a zero-day vulnerability rated 7.5 on the CVSS scale.

In July 2024, Trend Micro researchers identified CVE-2024-38112 as a vulnerability exploited by the advanced persistent threat group “Void Banshee.” This group used the Windows zero-day to deploy Atlantida info-stealer malware, extracting sensitive data like passwords and browser cookies from affected systems. The flaw was first seen in May 2024, with Void Banshee targeting systems that had Internet Explorer disabled, making detection and defense more difficult.

CVE-2024-6670: Progress WhatsUp Gold SQL Injection Vulnerability (CVSS 9.8)

Progress WhatsUp Gold, a network monitoring tool, has a serious SQL injection vulnerability (CVE-2024-6670) with a critical CVSS score of 9.8. This flaw enables unauthenticated attackers to access encrypted user passwords if the app has a single user setup. Additionally, it has been exploited in remote code execution (RCE) attacks.

Trend Micro researchers found that attackers are using an SQL injection vulnerability in the Active Monitor PowerShell Script function via NmPoller.exe, a legitimate WhatsUp Gold process, to run harmful PowerShell scripts. This allows them to download and install remote access tools (RATs) like Atera Agent, Radmin, SimpleHelp Remote Access, and Splashtop Remote, maintaining control over the victim’s system.

Attackers exploited msiexec.exe, a legitimate Windows installer, to secretly install RATs from malicious URLs, evading detection. Once in the network, they operated unnoticed, controlling compromised systems and exfiltrating data or deploying more threats.

Check Also

40000 internet

Alert
40,000 + live internet cameras exposed globally !

A new report from Bitsight reveals that over 40,000 internet-connected security cameras around the world …

Leave a Reply

Your email address will not be published. Required fields are marked *