Wednesday , April 30 2025

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches

The FBI has issued a warning stating that even after being patched against a critical flaw, Barracuda Networks Email Security Gateway (ESG) appliances are still vulnerable to potential compromise by suspected Chinese hacking groups.

It said that the fixes were not effective and that it still sees intrusions and considers all affected Barracuda ESG devices to be compromised and vulnerable to this attack.

Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a...
Read More
Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

CISA Adds Actively Exploited Broadcom Flaws to KEV Database

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault...
Read More
CISA Adds Actively Exploited Broadcom Flaws to KEV Database

Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

Google's Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related...
Read More
Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

Palo Alto Networks to Acquire AI Security Firm “Protect AI”

On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...
Read More
Palo Alto Networks to Acquire AI Security Firm “Protect AI”

CISA Releases Seven ICS Advisories

On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....
Read More
CISA Releases Seven ICS Advisories

India Launches First Quantum Computing Village in Amaravati

India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
India Launches First Quantum Computing Village in Amaravati

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library

A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
CVE-2025-43859  Request Smuggling Vulnerability in Python’s h11 HTTP Library

NVIDIA Releases Security Update For GPU Driver Vulnerabilities

NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...
Read More
NVIDIA Releases Security Update For GPU Driver Vulnerabilities

ALSO READ:

WinRAR zero-day exploited since April to hack trading accounts

CVE-2023-2868 is a zero-day bug that was tracked with a CVSS score of 9.8. It was discovered to have been weaponized in October 2022, more than seven months before it was fixed. Mandiant, owned by Google, is diligently monitoring the China-nexus activity cluster known as UNC4841.

With the presence of a remote command injection vulnerability in versions 5.1.3.001 through 9.2.0.006, unauthorized individuals can gain administrator privileges and execute system commands on the ESG product.

The observed attacks have shown that a successful breach serves as a gateway to unleash numerous malware strains, including SALTWATER, SEASIDE, SEASPY, SANDBAR, SEASPRAY, SKIPJACK, WHIRLPOOL, and SUBMARINE (also known as DEPTHCHARGE). These strains enable the execution of any commands and effectively evade defense mechanisms.

The FBI stated that cyber actors used a vulnerability to add harmful payloads to the ESG appliance. These payloads had various capabilities like persistent access, email scanning, credential harvesting, and data exfiltration.

The threat intelligence company has identified UNC4841 as an aggressive and highly skilled group, showcasing a remarkable ability to adapt their custom tools and employ advanced tactics to maintain control over high-value targets with remarkable persistence.

The federal agency strongly advises customers to immediately isolate and replace all affected ESG devices. It is also crucial to conduct thorough network scans to identify any suspicious outgoing traffic.

Check Also

symlink

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new …

Leave a Reply

Your email address will not be published. Required fields are marked *