Wednesday , June 10 2026

(CVE-2025-23419)
F5 Warns of TLS Session Resumption Vulnerability in NGINX

infosecbulletin Thursday , February 6 2025 Uncategorized

F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources.

When name-based virtual hosts are configured to share the same IP address and port combination, with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS session tickets are used and/or the SSL session cache is used in the default virtual server and the default virtual server is performing client certificate authentication. This issue affects both the NGINX http and NGINX stream modules.

New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges

By infosecbulletin / Wednesday , June 10 2026
A security expert shared a new Microsoft Defender vulnerability called "RoguePlanet" only hours after Microsoft fixed two earlier problems in...
Read More
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges

Microsoft June Patches 200 Vulnerabilities including 3 zero days

By infosecbulletin / Wednesday , June 10 2026
Microsoft's June 2026 Patch Tuesday updates fix about 200 security flaws found in the company's products. None of the flaws fixed...
Read More
Microsoft June Patches 200 Vulnerabilities including 3 zero days

World’s first wind power underwater data center is now live

By infosecbulletin / Tuesday , June 9 2026
The first business underwater data center run by offshore wind has started working near Shanghai. Submerged 10 metres under the...
Read More
World’s first wind power underwater data center is now live

VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts

By infosecbulletin / Tuesday , June 9 2026
Broadcom has revealed three stored cross-site scripting (XSS) flaws that affect VMware Cloud Foundation Operations and some other products. They...
Read More
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts

CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the Wild 

By infosecbulletin / Tuesday , June 9 2026
Check Point Research found that CVE-2026-50751, a serious flaw in Check Point Remote Access VPN and Mobile Access, is being...
Read More
CVE-2026-50751 Check Point VPN 0-day Flaw Exploited in the Wild 

AI-designed First ‘universal vaccine’ tested in humans

By infosecbulletin / Monday , June 8 2026
AI helped to make a new kind of vaccine that can protect people from many types of viruses and stop...
Read More
AI-designed First ‘universal vaccine’ tested in humans

China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%

By infosecbulletin / Sunday , June 7 2026
The world's first prefabricated computing power center base officially began operation on Saturday in Qingdao City, east China's Shandong Province,...
Read More
China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%

Hacker now exploits recently patched SolarWinds Serv-U flaw

By infosecbulletin / Saturday , June 6 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that hackers are using a newly fixed serious SolarWinds Serv-U...
Read More
Hacker now exploits recently patched SolarWinds Serv-U flaw

Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass

By infosecbulletin / Friday , June 5 2026
Trend Micro’s Deep Security Agent for Linux has a design flaw. This issue lets a local attacker, who does not...
Read More
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass

Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026

By infosecbulletin / Friday , June 5 2026
According to the latest ransomware numbers from 2026, cybercrime is still a big worry worldwide. In 2026, 4,089 groups have...
Read More
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026

“This vulnerability can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with limited access to sensitive information,” F5 warns in its advisory.

The CVE-2025-23419 vulnerability impacts NGINX Open Source and NGINX Plus that use OpenSSL. Systems with LibreSSL or BoringSSL are safe.

Source: my.f5.com

F5 recommends several mitigation measures, including:

Ensuring each server block has a unique IP address and port combination.
Configuring a default stub server that does not perform client authentication.
Performing authorization checks for the correct client certificate values.
Disabling TLS 1.3 as a last resort.

Ransomware payments statistics for 2024, a drop of 35%

Check Also

Hive0163

Hive0163 uses AI generated malware for persistent access

IBM X-Force reports that a money-driven threat group named Hive0163 used a probable AI-made malware …

Mail: [email protected]
© Copyright 2026, All Rights Reserved InfoSecBulletin