The Hacker NewsFortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution.
The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 andRead More
Author: chouaibcher@gmail.com
-
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
-
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
The Hacker NewsThreat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.
“EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, andRead More -
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
The Hacker NewsFour distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model.
The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future’s Insikt Group, which was previously tracking it as TAG-150.Read More -
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
The Hacker NewsThe threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks.
“These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns forRead More -
How to Streamline Zero Trust Using the Shared Signals Framework
The Hacker NewsZero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down.
TheRead More -
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
The Hacker NewsReact2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress.
This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-basedRead More -
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
The Hacker NewsNew research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution.
WatchTowr Labs, which has codenamed the “invalid cast vulnerability” SOAPwn, said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the number of affected vendors is likely to beRead More -
Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
The Hacker NewsThree security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker to serious risks.
The flaws impact PCIe Base Specification Revision 5.0 and onwards in the protocol mechanism introduced by the IDE Engineering Change Notice (ECN), according to the PCI SpecialRead More -
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
The Hacker NewsCloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code.
Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacks happen in the real world.
Next week, the Cortex Cloud team at Palo Alto NetworksRead More -
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitationRead More