Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems https://hackread.com/critical-cvss-10-flaw-goanywhere-file-transfer/ #Cybersecurity #Vulnerability #FileTransfer #GoAnywhere #Ransomware #Security #Fortra #Cl0p

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems https://hackread.com/critical-cvss-10-flaw-goanywhere-file-transfer/ #Cybersecurity #Vulnerability #FileTransfer #GoAnywhere #Ransomware #Security #Fortra #Cl0p
ForcedLeak Flaw in Salesforce Agentforce AI Agent Exposed CRM Data https://hackread.com/forcedleak-salesforce-agentforce-ai-agent-crm-data/ #Cybersecurity #Vulnerability #AgentForce #ForcedLeak #Salesforce #Security #AIAgents #CRM #AI
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware https://hackread.com/china-hackers-hit-us-tech-firms-brickstorm-malware/ #Cybersecurity #Vulnerability #CyberAttack #BRICKSTORM #Security #Mandiant #Malware #UNC5221 #Google #China #Linux #0day #SaaS
Critical stored XSS vulnerability reported in DotNetNuke Platform
DNN Software patched a critical stored cross-site scripting vulnerability (CVE-2025-59545) in the DotNetNuke Platform CMS that allows authenticated attackers to execute arbitrary scripts through the Prompt module, potentially compromising administrative sessions and stealing sensitive data.
**If you're running DNN Platform (DotNetNuke), plan a VERY QUICK upgrade to version 10.1.0 or later to patch the stored XSS attack. This is very serios, so don't ignore it! Until you can upgrade, restrict access to the Prompt module and monitor admin activity logs for suspicious behavior.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-stored-xss-vulnerability-reported-in-dnn-platform-d-q-6-8-o/gD2P6Ple2L
Released 2.16.1 of Vulnerability-Lookup — addressing GCVE-1-2025-0004 / CVE-2025-60249 :
Improper Neutralization of Input During Web Page Generation (XSS - Cross-Site Scripting)
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.16.1
Salesforce AI Agent Vulnerability Allows Let Attackers Exfiltration Sensitive Data https://cybersecuritynews.com/salesforce-ai-agent-vulnerability/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #Vulnerability #cybersecurity #vulnerability
Critical #ForcedLeak flaw in Salesforce’s Agentforce AI agent exposed CRM data to remote attackers.
Read: https://hackread.com/forcedleak-salesforce-agentforce-ai-agent-crm-data/
Cisco IOS/XE Vulnerability Allows Unauthorized Access to Confidential Data https://gbhackers.com/cisco-ios-xe-vulnerability-2/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
ZendTo Flaw Lets Attackers Bypass Security Controls to Access Sensitive Data https://gbhackers.com/zendto-flaw-lets-attackers-bypass-security-controls/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
ZendTo Vulnerability Let Attackers Bypass Security Controls and Access Sensitive Data https://cybersecuritynews.com/zendto-vulnerability/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #Vulnerabilities #Vulnerability #cybersecurity #vulnerability
Installer hijacking vulnerability reported in Salesforce CLI, allows SYSTEM-Level Access
Salesforce patched a high-severity vulnerability (CVE-2025-9844) in its CLI installer that allows attackers to achieve SYSTEM-level privilege escalation by tricking users into downloading fake installers from untrusted sources that include malicious executables mimicking legitimate helper binaries.
**Only download Salesforce CLI from official Salesforce distribution channels, never from third-party or untrusted sources that could contain malicious fake installers. If you already have Salesforce CLI installed, update to version 2.106.6 or later to ensure you have the patched version. If you are using Salesforce CLI, make sure to check your computers for possible infection.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/installer-hijacking-vulnerability-reported-in-salesforce-cli-allows-system-level-access-v-8-j-1-e/gD2P6Ple2L
Cisco IOS and XE Vulnerability Let Remote Attacker Bypass Authentication and Access Sensitive Data https://cybersecuritynews.com/cisco-ios-and-xe-vulnerability/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #CyberSecurity #cybersecurity #vulnerability
Critical CVSS 10 flaw in Fortra’s GoAnywhere MFT (CVE-2025-10035) lets attackers inject commands and take over sensitive systems. Patch to v7.8.4 now.
Read: https://hackread.com/critical-cvss-10-flaw-goanywhere-file-transfer/
NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges https://cybersecuritynews.com/nvidia-merlin-vulnerability/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #cybersecurity #vulnerability
SetupHijack Tool Abuses Race Conditions in Windows Installer to Hijack Setups https://gbhackers.com/setuphijack-tool-abuses-race-conditions-in-windows/ #CyberSecurityNews #ExploitationTools #cybersecurity #Vulnerability #Windows #Tools
Steam Confirms Malware Found in BlockBlasters Game https://gbhackers.com/steam-confirms-malware-found-in-blockblasters-game/ #CyberSecurityNews #cybersecurity #Vulnerability #Malware #game
Hackers Exploit Hikvision Camera Flaw to Steal Sensitive Data https://gbhackers.com/hackers-exploit-hikvision-camera-flaw/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
CISA provides details of Federal Agency Network attack through GeoServer vulnerability
CISA analyzed a cyberattack against a U.S. federal agency where threat actors exploited a critical GeoServer vulnerability (CVE-2024-36401) just 11 days after public disclosure, deploying China Chopper web shells and Stowaway proxy tools while remaining undetected for three weeks due to security deficiencies. The incident exposed gaps including lack of endpoint protection on web servers, untested incident response procedures, and unmonitored EDR alerts that allowed attackers to establish persistence and move laterally through the network.
**This is one of those very scary stories, where there were multiple chances to prevent or detect the attack earlier, but the attack still continued. Any organization security is far from perfect. All we can share is the lessons learned and advise a bit more discipline, first with fast patching.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-provides-details-of-federal-agency-network-attack-through-geoserver-vulnerability-d-h-e-b-d/gD2P6Ple2L
Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information https://cybersecuritynews.com/hikvision-camera-vulnerability/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #CyberSecurity #cybersecurity #vulnerability
Linux Kernel ksmbd Flaw Lets Remote Attackers Execute Arbitrary Code https://gbhackers.com/linux-kernel-ksmbd-flaw-2/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity