admin

admin

  • Joined: September 10, 2024
  • Articles: 5734

CISA Adds Active Citrix NetScaler CVE-2025-5777 to KEV Catalog as Threat to Enterprises

July 11, 2025

Network Security / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a critical vulnerability affecting Citrix NetScaler ADC and Gateway in its Known Exploited Vulnerabilities (KEV) catalog, signaling that this flaw has been actively exploited. The identified vulnerability, CVE-2025-5777 (CVSS score: 9.3), arises from insufficient input validation, allowing attackers to bypass authentication on appliances configured as Gateway or AAA virtual servers. Dubbed Citrix Bleed 2 due to its resemblance to Citrix Bleed (CVE-2023-4966), CISA noted, “Citrix NetScaler ADC and Gateway are susceptible to an out-of-bounds read vulnerability, which can result in memory overread when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.” The agency emphasized the importance of addressing vulnerabilities like CVE-2025-5777 to safeguard enterprise systems.

CISA Includes Citrix NetScaler CVE-2025-5777 in KEV Catalog as Active Threats Targeting Enterprises On July 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added a critical vulnerability affecting Citrix NetScaler ADC and Gateway to its Known Exploited…

AndroxGh0st Malware Leverages Mozi Botnet to Target IoT and Cloud Services

On November 8, 2024, IoT Security / Vulnerability

The creators of the AndroxGh0st malware are now exploiting a wider range of security vulnerabilities affecting various internet-facing applications, while also deploying the Mozi botnet. According to a recent report by CloudSEK, this botnet employs remote code execution and credential theft techniques to maintain ongoing access, using unpatched vulnerabilities to infiltrate critical infrastructures.

AndroxGh0st is a Python-based attack tool specifically designed to target Laravel applications, aiming to extract sensitive data related to services such as Amazon Web Services (AWS), SendGrid, and Twilio. Active since at least 2022, it has previously exploited vulnerabilities in the Apache web server (CVE-2021-41773), Laravel Framework (CVE-2018-15133), and PHPUnit (CVE-2017-9841) to gain initial access, escalate privileges, and maintain persistent control over compromised systems. Earlier this January, U.S. cybersecurity and intelligence agencies…

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services November 8, 2024 In a notable escalation of cyber threats, the creators of AndroxGh0st malware are now exploiting a wider range of security vulnerabilities affecting numerous internet-facing applications. This…

Protecting Yourself Against Portable Point-of-Sale Scams

With the increasing prevalence of contactless payment systems, thefts involving portable point-of-sale (POS) devices are resurging. These thefts, characterized by their rapid execution, are often difficult to detect. Business owners must consider the real risks posed by these scams and…

⚡ Weekly Update: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Vulnerability, ATM Hack & More

Aug 04, 2025

Hacking News / Cybersecurity

Malware is evolving—it’s no longer just hiding in the shadows but actively seeking to blend in. We’re witnessing code that mimics our language, logs activity like us, and even documents itself as if it were a supportive team member. Nowadays, some threats resemble developer tools more than straightforward exploits, while others gain credibility from open-source projects or are constructed using AI-generated snippets. It’s not only about being malicious; it’s about being convincingly so. In this week’s cybersecurity recap, we delve into how modern threats are becoming more sociable, automated, and alarmingly sophisticated—far too clever for yesterday’s defense tactics to address.

⚡ Threat of the Week

Secret Blizzard Conducts ISP-Level AitM Attacks to Deploy ApolloShadow
Russian cyberspies are leveraging local internet service providers’ networks to target foreign embassies in Moscow, potentially gathering intelligence from the devices of diplomats. This activity has been traced to the Russian advanced persistent threat (APT) group known as Secret Blizzard (also referred to as Turla). It likely involves employing adversary-in-the-middle tactics…

Cybersecurity Weekly Recap: Notable Threats and Trends Date: August 4, 2025 Source: Hacking News / Cybersecurity In today’s evolving landscape of cybersecurity, malware is adopting an unexpected approach. Rather than simply evading detection, modern threats are increasingly designed to integrate…

PerfektBlue Bluetooth Flaws Leave Millions of Vehicles Vulnerable to Remote Code Execution

On July 11, 2025, researchers uncovered a series of four security vulnerabilities within OpenSynergy’s BlueSDK Bluetooth stack that could enable remote code execution on millions of vehicles from various manufacturers. Named PerfektBlue, these vulnerabilities can be combined to form an exploit chain that compromises vehicles from at least three major automakers: Mercedes-Benz, Volkswagen, and Skoda, as reported by PCA Cyber Security (formerly PCAutomotive). Additionally, a fourth unnamed original equipment manufacturer (OEM) is also believed to be affected. “The PerfektBlue exploitation comprises critical memory corruption and logical vulnerabilities in the OpenSynergy BlueSDK Bluetooth stack that can be leveraged for Remote Code Execution (RCE),” the cybersecurity firm stated. While infotainment systems are often considered isolated from essential vehicle controls, this separation is not as reliable as it might seem.

PerfektBlue Bluetooth Vulnerabilities Threaten Remote Control of Millions of Vehicles On July 11, 2025, cybersecurity experts announced the discovery of four critical vulnerabilities in OpenSynergy’s BlueSDK Bluetooth stack, collectively termed PerfektBlue. Exploiting these flaws could enable remote code execution across…

Cybercriminals Leverage Excel Vulnerability to Distribute Fileless Remcos RAT Malware

Nov 11, 2024
Vulnerability / Network Security

Cybersecurity experts have uncovered a new phishing campaign that disseminates a fileless variant of the well-known Remcos RAT malware. According to Fortinet FortiGuard Labs researcher Xiaopeng Zhang, “Remcos RAT offers a comprehensive suite of advanced features for remotely controlling computers purchased by buyers.” However, cybercriminals have exploited Remcos to gather sensitive information and execute further malicious actions on victims’ systems.

The attack typically begins with a phishing email that employs purchase order themes to entice recipients into opening a malicious Microsoft Excel attachment. This Excel document exploits a known remote code execution vulnerability in Office (CVE-2017-0199, CVSS score: 7.8), allowing it to download an HTML Application (HTA) file (“cookienetbookinetcahce.hta”) from a remote server (“192.3.220[.]22”) and execute it using mshta.exe.

Cybercriminals Leverage Excel Vulnerability to Deploy Remcos RAT Malware November 11, 2024 Vulnerability / Network Security Recent cybersecurity investigations have unearthed a phishing campaign that propagates a new fileless variant of the notorious Remcos RAT (Remote Control Software). Fortinet FortiGuard…