InfoSecBulletin Cybersecurity for mankind
Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which allows remote command execution by attackers.
CVE-2024-7591 is a flaw that allows remote, unauthenticated attackers to access Loadmaster’s management interface through a manipulated HTTP request due to improper input validation.
AWS SNS misused for Data Exfiltration and Phishing
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
“It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted HTTP request that will allow arbitrary system commands to be executed,” reads the security bulletin.
“This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands execution.”
Loadmaster is an application delivery controller that helps large organizations to improve app performance, manage network traffic, and maintain high service availability.
The MT Hypervisor is a specialized version of Loadmaster, tailored for multi-tenant environment. It enables the concurrent operation of multiple virtual network functions on a single hardware platform.
CVE-2024-7591 affects Loadmaster version 7.2.60.0 and earlier, as well as MT Hypervisor version 7.1.35.11 and all prior releases.
