The Breach News

Serious Mitel Vulnerability Allows Hackers to Bypass Login and Access MiVoice MX-ONE Systems

July 24, 2025
Vulnerability / Network Security

Mitel has issued security updates to fix a critical vulnerability in MiVoice MX-ONE that could enable attackers to bypass authentication measures. According to a recent advisory, “An authentication bypass vulnerability has been detected in the Provisioning Manager component of Mitel MiVoice MX-ONE. If exploited, this flaw could allow an unauthorized attacker to execute an authentication bypass due to faulty access control.” A successful exploitation could grant attackers unauthorized access to both user and admin accounts within the system.

This vulnerability, which has not yet been assigned a CVE identifier, has a CVSS score of 9.4 out of 10. It impacts MiVoice MX-ONE versions ranging from 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14). Patches have been released under MXO-15711_78SP0 and MXO-15711_78SP1 for versions 7.8 and 7.8 SP1, respectively. Customers using MiVoice MX-ONE are encouraged to apply the updates promptly to mitigate the risk.

Mitel Urges Immediate Action Following Critical Vulnerability in MiVoice MX-ONE Systems On July 24, 2025, Mitel disclosed a significant security vulnerability within its MiVoice MX-ONE communications platform, which could potentially enable attackers to bypass authentication mechanisms and gain unauthorized access to the system. The company emphasized that this flaw resides…

Read More

Serious Mitel Vulnerability Allows Hackers to Bypass Login and Access MiVoice MX-ONE Systems

July 24, 2025
Vulnerability / Network Security

Mitel has issued security updates to fix a critical vulnerability in MiVoice MX-ONE that could enable attackers to bypass authentication measures. According to a recent advisory, “An authentication bypass vulnerability has been detected in the Provisioning Manager component of Mitel MiVoice MX-ONE. If exploited, this flaw could allow an unauthorized attacker to execute an authentication bypass due to faulty access control.” A successful exploitation could grant attackers unauthorized access to both user and admin accounts within the system.

This vulnerability, which has not yet been assigned a CVE identifier, has a CVSS score of 9.4 out of 10. It impacts MiVoice MX-ONE versions ranging from 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14). Patches have been released under MXO-15711_78SP0 and MXO-15711_78SP1 for versions 7.8 and 7.8 SP1, respectively. Customers using MiVoice MX-ONE are encouraged to apply the updates promptly to mitigate the risk.

Title: Trump Administration Axes DHS Advisory Committee Memberships, Impacting Cybersecurity Oversight

January 23, 2025
Cybersecurity / National Security

The new Trump administration has dissolved all memberships of advisory committees under the Department of Homeland Security (DHS). In a memo dated January 20, 2025, Acting Secretary Benjamine C. Huffman stated, “In line with DHS’s commitment to resource efficiency and prioritizing national security, I am directing the immediate termination of all existing advisory committee memberships. Future committee initiatives will be solely focused on enhancing our mission to safeguard the homeland and align with DHS’s strategic objectives.” This decision affects members of the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Safety Review Board (CSRB), which recently criticized Microsoft for a series of preventable mistakes that allowed its infrastructure to be exploited by a China-based threat actor.

Trump Terminates DHS Advisory Committee Memberships, Impacting Cybersecurity Review January 23, 2025 Cybersecurity / National Security In a significant move, the Trump administration has dissolved all advisory committee memberships associated with the Department of Homeland Security (DHS). Acting Secretary Benjamine C. Huffman announced in a memo dated January 20, 2025,…

Read More

Title: Trump Administration Axes DHS Advisory Committee Memberships, Impacting Cybersecurity Oversight

January 23, 2025
Cybersecurity / National Security

The new Trump administration has dissolved all memberships of advisory committees under the Department of Homeland Security (DHS). In a memo dated January 20, 2025, Acting Secretary Benjamine C. Huffman stated, “In line with DHS’s commitment to resource efficiency and prioritizing national security, I am directing the immediate termination of all existing advisory committee memberships. Future committee initiatives will be solely focused on enhancing our mission to safeguard the homeland and align with DHS’s strategic objectives.” This decision affects members of the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Safety Review Board (CSRB), which recently criticized Microsoft for a series of preventable mistakes that allowed its infrastructure to be exploited by a China-based threat actor.

Oklahoma Significantly Updates Its Data Breach Notification Law – Inside Privacy

Oklahoma Substantially Amends Its Data Breach Notification Statute Recent legislative changes in Oklahoma reflect a significant overhaul of the state’s data breach notification statute. These amendments aim to enhance consumer protection by establishing clearer protocols for notifying individuals affected by data breaches. Under the revised law, entities that experience a…

Read MoreOklahoma Significantly Updates Its Data Breach Notification Law – Inside Privacy

Major Vulnerabilities in Niagara Framework Endanger Global Smart Buildings and Industrial Systems

Cybersecurity researchers have identified more than a dozen security flaws within Tridium’s Niagara Framework that could allow network attackers to compromise the system under specific conditions. “These vulnerabilities are fully exploitable if a Niagara system is misconfigured, disabling encryption on certain network devices,” stated Nozomi Networks Labs in a recent report. “When linked together, they could permit an attacker with network access—possibly through a Man-in-the-Middle (MiTM) position—to take control of the Niagara system.” Developed by Tridium, a subsidiary of Honeywell, the Niagara Framework serves as a vendor-neutral platform for managing various devices from multiple manufacturers, including HVAC, lighting, energy management, and security, making it a critical component in building management, industrial automation, and smart infrastructure.

Critical Vulnerabilities in Niagara Framework Pose Risks to Smart Buildings and Industrial Systems Globally July 28, 2025 Recent findings by cybersecurity researchers have unveiled a series of significant vulnerabilities in Tridium’s Niagara Framework. These weaknesses could potentially enable an intruder on the same network to take control of the system…

Read More

Major Vulnerabilities in Niagara Framework Endanger Global Smart Buildings and Industrial Systems

Cybersecurity researchers have identified more than a dozen security flaws within Tridium’s Niagara Framework that could allow network attackers to compromise the system under specific conditions. “These vulnerabilities are fully exploitable if a Niagara system is misconfigured, disabling encryption on certain network devices,” stated Nozomi Networks Labs in a recent report. “When linked together, they could permit an attacker with network access—possibly through a Man-in-the-Middle (MiTM) position—to take control of the Niagara system.” Developed by Tridium, a subsidiary of Honeywell, the Niagara Framework serves as a vendor-neutral platform for managing various devices from multiple manufacturers, including HVAC, lighting, energy management, and security, making it a critical component in building management, industrial automation, and smart infrastructure.

Protecting Your Python Supply Chain: A Practical Webinar on Defending Against Malicious PyPI Packages

Join us on July 24, 2025, as supply chain attacks targeting Python escalate. Discover effective tools and strategies to safeguard your code, dependencies, and runtime.

Surge in Malicious PyPI Packages Poses Threat to Python Supply Chain Security As of July 24, 2025, the Python ecosystem is facing an escalating wave of supply chain attacks that exploit vulnerabilities in packages available on the Python Package Index (PyPI). This alarming trend highlights the urgent need for businesses…

Read More

Protecting Your Python Supply Chain: A Practical Webinar on Defending Against Malicious PyPI Packages

Join us on July 24, 2025, as supply chain attacks targeting Python escalate. Discover effective tools and strategies to safeguard your code, dependencies, and runtime.

CISA Includes PaperCut NG/MF CSRF Vulnerability in KEV Catalog Due to Ongoing Exploits

 
Date: July 29, 2025
Category: Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting PaperCut NG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its active exploitation. The vulnerability, identified as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) flaw that could lead to remote code execution. CISA warned that this vulnerability may allow attackers to modify security settings or execute arbitrary code in certain scenarios. Widely used in schools, businesses, and government offices, PaperCut NG/MF helps manage print jobs and control network printers. Given that the admin console typically operates on internal web servers, an exploited vulnerability could provide attackers with easy access to larger systems if left unattended.

CISA Adds High-Severity PaperCut NG/MF Vulnerability to KEV Catalog Amid Rising Exploits On July 29, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially included a critical vulnerability affecting the PaperCut NG/MF print management software in its Known Exploited Vulnerabilities (KEV) catalog. This addition comes in response to confirmed…

Read More

CISA Includes PaperCut NG/MF CSRF Vulnerability in KEV Catalog Due to Ongoing Exploits

 
Date: July 29, 2025
Category: Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting PaperCut NG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its active exploitation. The vulnerability, identified as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) flaw that could lead to remote code execution. CISA warned that this vulnerability may allow attackers to modify security settings or execute arbitrary code in certain scenarios. Widely used in schools, businesses, and government offices, PaperCut NG/MF helps manage print jobs and control network printers. Given that the admin console typically operates on internal web servers, an exploited vulnerability could provide attackers with easy access to larger systems if left unattended.