A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday.
Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs, which act as digital gatekeepers to protect company networks from unauthorized access.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Google Releases Security Updates for Chrome
March 28, 2025
Google has released Chrome version 134.0.6998.177/.178 to address a high severity vulnerability, reported as exploited in the wild. A remote attacker could exploit this vulnerability to escape a sandbox via a malicious file. Google is aware that an exploit for CVE-2025-2783 exists in the wild. Affected organisations are encouraged to review the Chrome Release 134.0.6998.177/.178 Stable ...
- Security Update Released for CrushFTP
March 28, 2025
A vulnerability has been disclosed in CrushFTP, a file server supporting standard secure file transfer protocols, after being discovered by a security researcher. The vulnerability designated as CVE-2025-2825 is a critical ‘improper authentication’ vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow an unauthenticated attacker to craft remote and unauthenticated HTTP requests to CrushFTP, ...
- Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection
March 27, 2025
SonicWall Capture Labs threat research team became aware of the threat CVE-2023-22621, assessed its impact and developed mitigation measures for this vulnerability. CVE-2023-22621 is a high-severity vulnerability affecting Strapi versions 3.0.0 through 4.5.5. The flaw permits authenticated Server-Side Template Injection (SSTI), allowing a remote attacker with access to the Strapi admin panel to bypass validation checks ...
- Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
March 25, 2025
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious ...
- Security Updates Released for Ingress NGINX Controller for Kubernetes
March 25, 2025
Five vulnerabilities have been discovered within the Ingress NGINX Controller for Kubernetes. NGINX Ingress Controller is a tool used in Kubernetes environments to manage and route external traffic to services within the cluster. Ingress Controller acts as a reverse proxy and load balancer, supporting various protocols like WebSocket, gRPC, TCP, and UDP, and also provides features ...
- Broadcom Releases Security Advisory for VMware Tools for Windows
March 25, 2025
Broadcom has released a security advisory addressing a high severity vulnerability in VMware Tools for Windows. VMware Tools is a suite of utilities that enhances the performance of VMware virtual machines and provides extra functionality. CVE-2025-22230 is an authentication bypass due to improper access control vulnerability with a CVSSv3 score of 7.8. If exploited, an attacker ...