admin

admin

  • Joined: September 10, 2024
  • Articles: 4661

Cisco Alerts Users to Critical ISE Vulnerability Allowing Unauthenticated Root Access

On July 17, 2025, Cisco revealed a critical security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could enable attackers to execute arbitrary code on the operating system with elevated privileges. Labeled CVE-2025-20337, this vulnerability has a CVSS score of 10.0 and is akin to CVE-2025-20281, which was resolved by Cisco last month.

According to Cisco’s advisory, “Multiple vulnerabilities in a specific API of Cisco ISE and ISE-PIC could permit an unauthenticated, remote attacker to execute arbitrary code as root without requiring any valid credentials.” The vulnerabilities stem from inadequate validation of user-supplied input, allowing an attacker to exploit them through specially crafted API requests. A successful exploit could result in extensive control over the affected systems.

Cisco Issues Urgent Alert on High-Severity Vulnerability in ISE Software July 17, 2025 Vulnerability / Network Security Cisco has recently unveiled a serious security vulnerability affecting its Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC). Officially…

Kimsuky Hackers Linked to Credential Theft Using Russian Email Addresses

December 3, 2024
Threat Intelligence / Email Security

The North Korea-aligned threat group Kimsuky has been implicated in a series of phishing attacks utilizing email addresses that appear to originate from Russia, aimed at stealing user credentials. According to South Korean cybersecurity firm Genians, these phishing emails were predominantly sent from services in Japan and Korea until early September. However, starting in mid-September, a shift was noted with some emails crafted to look as if they were sent from Russia. This involves the exploitation of VK’s Mail.ru email service, which includes multiple alias domains such as mail.ru, internet.ru, bk.ru, inbox.ru, and list.ru. Genians has reported that Kimsuky has used these domains in phishing campaigns that impersonate financial institutions and popular internet sites like Naver. Additionally, some attacks have involved spoofing Naver’s MYBOX cloud storage service to deceive users into providing sensitive information.

Kimsuky Hackers Leverage Russian Email Domains in Credential Theft Operations December 3, 2024 Threat Intelligence / Email Security Recent investigations have revealed that Kimsuky, a North Korea-affiliated hacking group, has shifted its phishing tactics, now utilizing email addresses registered in…

Cyber Attackers Leverage Apache HTTP Server Vulnerability to Install Linuxsys Cryptocurrency Miner

July 17, 2025
Cryptocurrency / Security Threats

Recent findings by cybersecurity experts reveal a new campaign that targets a known vulnerability in the Apache HTTP Server to deploy a cryptocurrency miner named Linuxsys. This vulnerability, identified as CVE-2021-41773, carries a high severity rating (CVSS score: 7.5) and involves a path traversal issue in Apache HTTP Server version 2.4.49, which allows for remote code execution. According to Jacob Baines from VulnCheck, “Attackers exploit compromised legitimate websites to disseminate malware, facilitating hidden delivery and evasion of detection.” The infection process, traced back to an Indonesian IP address (103.193.177[.]152), aims to transfer a subsequent payload from “repositorylinux[.]org” using tools like curl or wget. This payload, a shell script, is tasked with downloading the Linuxsys cryptocurrency miner from five separate legitimate sites, indicating that the threat actors…

Hackers Target Apache HTTP Server Vulnerability to Deploy Linuxsys Cryptocurrency Miner On July 17, 2025, cybersecurity experts reported a dangerous campaign exploiting a vulnerability in the Apache HTTP Server, enabling attackers to deploy a cryptocurrency miner known as Linuxsys. This…

Severe Flaw in NVIDIA Container Toolkit Enables Privilege Escalation in AI Cloud Services

On July 18, 2025, cybersecurity experts revealed a critical vulnerability in the NVIDIA Container Toolkit that threatens AI cloud services. Identified as CVE-2025-23266, this flaw has a CVSS score of 9.0 out of 10.0 and has been dubbed “NVIDIAScape” by Wiz, a cloud security firm owned by Google. According to NVIDIA’s advisory, the vulnerability arises from issues in the initialization hooks of the container, allowing attackers to execute arbitrary code with elevated permissions. Successful exploitation could lead to privilege escalation, data tampering, information leakage, and denial-of-service attacks. This vulnerability affects all versions of the NVIDIA Container Toolkit up to 1.17.7 and the NVIDIA GPU Operator up to 25.3.0, with patches included in versions 1.17.8 and 25.3.1.

Critical Vulnerability Discovered in NVIDIA Container Toolkit: A Major Threat to AI Cloud Services July 18, 2025 Cloud Security / AI Security Recent analysis by cybersecurity experts has uncovered a serious vulnerability within the NVIDIA Container Toolkit, a critical component…