CyberSecurity news

FlagThis - #patchnow

Bill Mann@CyberInsider - 10d

OpenSSH Vulnerabilities Expose to MitM and DoS Attacks - Qualys Threat Research Unit disclosed two OpenSSH vulnerabilities: CVE-2025-26465 (MitM attack) and CVE-2025-26466 (DoS attack), impacting client and server components.
The Qualys Threat Research Unit (TRU) has revealed two significant vulnerabilities in OpenSSH, impacting both client and server components. The first, CVE-2025-26465, is a machine-in-the-middle (MitM) attack that targets OpenSSH clients when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, involves a pre-authentication denial-of-service (DoS) attack affecting both client and server systems by exhausting resources. These vulnerabilities expose systems to potential interception of communications and resource exhaustion, potentially crippling SSH servers.

The MitM vulnerability, CVE-2025-26465, allows attackers to impersonate a server, bypassing client identity checks even if VerifyHostKeyDNS is set to "yes" or "ask". This flaw was introduced in December 2014 and affects OpenSSH versions 6.8p1 through 9.9p1. The DoS vulnerability, CVE-2025-26466, enables attackers to consume excessive memory and CPU resources, impacting versions 9.5p1 through 9.9p1. While mitigations exist, such as LoginGraceTime and MaxStartups, immediate patching is strongly advised. OpenSSH version 9.9p2 addresses these vulnerabilities, urging administrators to upgrade affected systems promptly.

Recommended read:
References :
  • CyberInsider: OpenSSH Vulnerabilities Exposed Millions to Multi-Year Risks
  • buherator's timeline: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab...
  • Open Source Security: Qualys Security Advisory discussing MitM and DoS attacks against OpenSSH clients and servers.
  • securityonline.info: Securityonline.info article on OpenSSH flaws CVE-2025-26465 and CVE-2025-26466 exposing clients and servers to attacks.
  • www.openwall.com: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab...
  • cyberinsider.com: The Qualys Threat Research Unit (TRU) has disclosed two critical vulnerabilities in OpenSSH affecting both client and server components.
  • securityonline.info: OpenSSH Flaws CVE-2025-26465 & CVE-2025-26466 Expose Clients and Servers to Attacks
  • blog.qualys.com: Qualys TRU Discovers Two Vulnerabilities in OpenSSH (CVE-2025-26465, CVE-2025-26466)
  • hackread.com: Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks
  • Ubuntu security notices: USN-7270-2: OpenSSH vulnerability
  • The Hacker News: Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
  • www.csoonline.com: OpenSSH fixes flaws that enable man-in-the-middle, DoS attacks
  • securityaffairs.com: OpenSSH bugs allows Man-in-the-Middle and DoS Attacks
  • www.scworld.com: OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Research Unit (TRU) revealed Tuesday.
  • KubikPixel: OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Research Unit (TRU) revealed Tuesday. â˜�ï¸
  • AAKL: Infosec Exchange Post: Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 More: The Register: FreSSH bugs undiscovered for years threaten OpenSSH security
  • socradar.io: Security Flaws in OpenSSH and Juniper Networks Demand Action (CVE-2025-26465, CVE-2025-26466, and CVE-2025-21589)
  • Information Security Buzz: Qualys Identifies Critical Vulnerabilities that Enable DDoS, MITM Attacks
  • www.theregister.com: FreSSH bugs undiscovered for years threaten OpenSSH security
  • socprime.com: Socprime discusses CVE-2025-26465 & CVE-2025-26466 Vulnerabilities.
  • Full Disclosure: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client CVE-2025-26466: DoS attack against OpenSSH's client and server
  • www.scworld.com: The security flaws, tracked as CVE-2025-26465 and CVE-2025-26466, can be used by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled.
  • SOC Prime Blog: CVE-2025-26465 & CVE-2025-26466 Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks
  • Security Risk Advisors: OpenSSH Vulnerabilities Enable MITM Attacks and Denial-of-Service (CVE-2025-26465 & CVE-2025-26466)
info@thehackernews.com (The Hacker News)@The Hacker News - 65d

Apache Fixes Critical Vulnerabilities - Apache has addressed a critical SQL injection vulnerability in Traffic Control.
The Apache Software Foundation has issued critical security updates to address severe vulnerabilities affecting several of its products, including MINA, HugeGraph-Server, and Traffic Control. These updates are crucial as the identified flaws could potentially allow attackers to compromise systems. Specifically, a SQL Injection vulnerability was discovered in Apache Traffic Control.

Security teams are being urged to immediately patch the 9.9 severity vulnerability within the web content distribution platform. The identified issues highlight a serious risk of exploitation, and it is essential that organizations using these Apache products prioritize applying the latest security updates to protect their systems from potential cyber attacks. The release of these security fixes underscores the continuous need for vigilance in maintaining secure software infrastructures.

Recommended read:
References :
  • The Hacker News: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
  • ciso2ciso.com: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com
  • Osint10x: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
  • securityonline.info: CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control
  • ciso2ciso.com: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com
  • osint10x.com: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
  • securityonline.info: CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control
  • Pyrzout :vm:: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com
  • ciso2ciso.com: Apache fixed a critical SQL Injection in Apache Traffic Control – Source: securityaffairs.com
  • securityaffairs.com: Apache fixed a critical SQL Injection in Apache Traffic Control
  • Pyrzout :vm:: Apache fixed a critical SQL Injection in Apache Traffic Control – Source: securityaffairs.com
  • malware.news: Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control.
  • www.scworld.com: Apache fixes Traffic Control bug that attackers could exploit
  • BleepingComputer: The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products.
  • Hacker News: Apache fixes Traffic Control bug that attackers could exploit
  • securityonline.info: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
  • securityonline.info: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
info@thehackernews.com (The Hacker News)@The Hacker News - 16d

Ivanti Patches Critical RCE Flaws in Connect Secure - Ivanti has released security updates for Connect Secure, Policy Secure, and Secure Access Client to address multiple vulnerabilities, including critical remote code execution flaws.
Ivanti has released critical security updates for Connect Secure (ICS), Policy Secure (IPS), and Secure Access Client (ISAC) to address multiple vulnerabilities. These include three critical severity problems that could allow remote code execution (RCE), posing a significant risk. The updates aim to patch flaws such as external control of a file name (CVE-2024-38657) and a stack-based buffer overflow (CVE-2025-22467), which can be exploited by authenticated attackers to execute arbitrary code and compromise system integrity.

The specific vulnerabilities addressed include CVE-2024-38657, which allows remote authenticated attackers with admin privileges to write arbitrary files, and CVE-2025-22467, a stack-based buffer overflow that enables remote code execution. Also patched is CVE-2024-10644 which is a code injection vulnerability, and CVE-2024-47908, an operating system command injection flaw in the admin web console of Ivanti CSA. Users are urged to update to the latest versions, Ivanti Connect Secure 22.7R2.6, Ivanti Policy Secure 22.7R1.3, and Ivanti CSA 5.0.5, as soon as possible to mitigate potential exploitation. While Ivanti is not aware of active exploitation, it's imperative to apply the patches due to the history of Ivanti appliances being weaponized.

Recommended read:
References :
  • Vulnerability-Lookup: Security advisory for Ivanti Connect Secure, Policy Secure, and Secure Access Client (multiple CVEs).
  • securityonline.info: Ivanti has disclosed multiple vulnerabilities affecting its Connect Secure, Policy Secure, and Secure Access Client products, with some The post appeared first on .
  • The Hacker News: Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
  • BleepingComputer: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • securityonline.info: CVE-2025-22467 (CVSS 9.9): Ivanti Connect Secure Vulnerability Allows Remote Code Execution
  • www.bleepingcomputer.com: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • vulnerability.circl.lu: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs), has been published on Vulnerability-Lookup
  • research.kudelskisecurity.com: Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched
  • bsky.app: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • socradar.io: Ivanti Security Update Addresses Severe Vulnerabilities in ICS, IPS, and ISAC (CVE-2025-22467, CVE-2024-38657, CVE-2024-10644)
  • research.kudelskisecurity.com: Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched
  • BleepingComputer: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems
@securityonline.info - 17d

Progress Software Patches High-Severity LoadMaster Flaws - Multiple high-severity vulnerabilities in Progress Software's LoadMaster software could allow attackers to execute arbitrary system commands through improper input validation; patches are available and should be applied immediately.
Progress Software has released patches to address multiple high-severity vulnerabilities in its LoadMaster software. These flaws could allow remote, authenticated attackers to execute arbitrary system commands on affected systems. The vulnerabilities stem from improper input validation, where attackers who gain access to the management interface can inject malicious commands via crafted HTTP requests.

The affected software includes LoadMaster versions from 7.2.48.12 and prior, 7.2.49.0 to 7.2.54.12 (inclusive), and 7.2.55.0 to 7.2.60.1 (inclusive), as well as Multi-Tenant LoadMaster version 7.1.35.12 and prior. Progress Software has implemented input sanitization to mitigate these vulnerabilities, preventing arbitrary system commands from being executed. Users are advised to update to the latest patched versions to ensure the security of their systems.

Recommended read:
References :
  • community.progress.com: Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.   We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.
  • securityaffairs.com: Progress Software fixed multiple high-severity LoadMaster flaws - SecurityAffairs
  • securityonline.info: Progress LoadMaster Security Update: Multiple Vulnerabilities Addressed - SecurityOnline
  • The Hacker News: Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions - The Hacker News
  • securityonline.info: Security Online Article about Progress LoadMaster Security Update
  • : Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
@securityonline.info - 16d

Progress Software Fixed High Severity LoadMaster Flaws - Progress Software has patched high-severity vulnerabilities in LoadMaster software that could allow remote actors to execute arbitrary system commands due to improper input validation.
Progress Software has released patches for multiple high-severity vulnerabilities affecting its LoadMaster software. The vulnerabilities, identified as CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, and CVE-2024-56135, could be exploited by remote malicious actors to execute arbitrary system commands or download any file from the system. The flaws stem from improper input validation and affect various LoadMaster versions, including the Multi-Tenant edition.

These vulnerabilities could allow authenticated attackers with access to the LoadMaster management interface to inject malicious commands via crafted HTTP requests. Specifically, successful exploitation could enable remote actors to execute arbitrary system commands after gaining access and authenticating to the management interface. Progress Software has addressed these issues by implementing input sanitization to prevent the execution of arbitrary system commands. While there are no reported cases of these vulnerabilities being exploited, users are strongly urged to apply the latest patches for optimal protection.

Recommended read:
References :
  • community.progress.com: Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed.
  • securityaffairs.com: Progress Software fixed multiple vulnerabilities in its LoadMaster software, which could be exploited to execute arbitrary system commands.
  • securityonline.info: Progress has issued a security advisory addressing multiple vulnerabilities affecting all current LoadMaster releases and the LoadMaster Multi-Tenant The post appeared first on .
  • The Hacker News: Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system.
Ashish Khaitan@The Cyber Express - 64d

Critical Apache Vulnerabilities Expose Systems to Attacks - Multiple critical vulnerabilities have been discovered in Apache software products, including Apache HugeGraph-Server, Apache Traffic Control, and Apache MINA, posing significant risks to users.
Multiple critical vulnerabilities have been identified in several Apache software products, posing significant risks to users. The Cyber Security Agency of Singapore has issued alerts regarding these flaws, urging immediate updates. CVE-2024-43441 affects Apache HugeGraph-Server, allowing for authentication bypass, potentially granting unauthorized access to systems. Another critical issue, CVE-2024-45387, has been discovered in Apache Traffic Control and is a SQL injection vulnerability that can be exploited by privileged users to execute arbitrary SQL commands, risking data manipulation or exfiltration.

Apache MINA is also affected by CVE-2024-52046 which allows remote code execution through deserialization flaws. It is crucial that users apply security patches promptly. For Apache MINA, additional configuration is required to restrict class deserialization further mitigating the risk. Furthermore, a high-risk vulnerability, CVE-2024-56512, has been found in Apache NiFi, a data processing and distribution system, which can expose sensitive information to unauthorized users, especially if using component-based authorization policies. A patch for NiFi has been issued in version 2.1.0, users should upgrade immediately.

Recommended read:
References :
  • BleepingComputer: The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products.
  • malware.news: Apache fixes Traffic Control bug that attackers could exploit
  • www.bleepingcomputer.com: Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
  • www.scworld.com: Apache fixes Traffic Control bug that attackers could exploit
  • thecyberexpress.com: Critical Apache Vulnerabilities: Update Now to Avoid Major Risks
  • www.csa.gov.sg: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
  • securityonline.info: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control

Blogs

Research Tools