FlagThis

Several security flaws have been discovered and patched in various products, including a critical authentication bypass in Juniper Networks Session Smart Routers. Also, Atlassian patched several critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira.

Google Chrome has updated the existing Enhanced protection feature with AI technology to provide real-time protection against malicious websites, downloads, and browser extensions. This updated protection is part of Safe Browsing and enables real-time analysis of patterns to identify suspicious or dangerous webpages.

This cluster details a report by Citizen Lab and the EFF Threat Lab highlighting critical privacy vulnerabilities in the “RedNote” app. The analysis of version 8.59.5 found that the app transmits user content over unencrypted HTTP, potentially exposing sensitive data to network attackers. Static analysis also revealed the use of static keys for encrypting certain files, exposing those files to decryption. Furthermore, the app transmits device metadata without encryption, potentially vulnerable to man-in-the-middle attacks.

A new “quishing” attack vector involves the use of counterfeit QR codes to deceive users into visiting fraudulent websites, downloading malware, or surrendering sensitive information. Scammers use fake QR codes to redirect people to fraudulent websites when the code is scanned, enabling them to download information and profiles from the target’s device.

A 15-year-old hacker discovered a 0-click deanonymization attack that can pinpoint a user’s location by using Cloudflare’s caching feature. This impacts Signal, Discord, and other platforms, raising serious privacy concerns. Additionally, authorities are seizing domains of popular hacking forums in a major cybercrime crackdown. There are also reports that TikTok is recovering traffic after its shutdown earlier this month.

A malicious package has been discovered in the Go ecosystem, imitating the BoltDB package. This package contains a backdoor, allowing remote code execution. The vulnerability exploits the Go Module Mirror’s caching mechanism, enabling the malware to persist undetected for an extended period. Developers who manually audited the package on GitHub did not find malicious code. The package’s strategic alteration of the git tag on GitHub further concealed the malware from manual review.

End-of-life (EOL) Zyxel routers are under attack via CVE-2024-40891, with no patches available, prompting users to swap EOL Zyxel routers and upgrade Netgear ones with patches. Veeam released a security advisory warning of a vulnerability impacting the Veeam Updater component that allows man-in-the-middle (MitM) attackers to execute arbitrary code on the affected server. Affected products include Veeam Backup for Salesforce, Nutanix AHV, AWS, Microsoft Azure, Google Cloud, and Oracle Linux Virtualization Manager/Red Hat Virtualization. The Veeam flaw allows attackers to perform Man-in-the-Middle (MitM) attacks, potentially leading to arbitrary code execution with root-level permissions on the affected appliance servers.

Cloudflare experienced an outage due to a botched attempt to block a phishing URL in its R2 object storage platform. The incident triggered a widespread outage, impacting multiple services for nearly an hour. The outage stemmed from human error during a routine abuse remediation process. Specifically, an advanced product disablement action, intended for a phishing site hosted on R2, inadvertently disabled the production R2 Gateway service responsible for the R2 API.

Researchers have uncovered a critical security vulnerability in abandoned Amazon Web Services (AWS) S3 buckets that could enable attackers to hijack the global software supply chain. Attackers can re-register these abandoned buckets and serve malicious files to applications and tools that look for them, potentially leading to remote code execution and other security compromises. Researchers from security firm watchTowr identified approximately 150 AWS S3 storage buckets once used by various software projects to host sensitive scripts, configuration files, software updates, and other binary artifacts that were automatically downloaded and executed on user machines. Over a two-month period, the buckets received around 8 million HTTPS requests for all sorts of files, with requests coming from IP addresses registered to government agencies from several countries, including the US and the UK, military networks, Fortune 500 companies, payment card networks, industrial product manufacturers, banks and other financial organizations, universities, software vendors, and even cybersecurity companies.

Multiple vulnerabilities have been discovered in Apache Cassandra: CVE-2024-27137 (unrestricted deserialization of JMX authentication credentials), CVE-2025-24860 (network region authorization bypass), and CVE-2025-23015 (privilege escalation with ALL KEYSPACES permission). These vulnerabilities expose sensitive data and allow attackers to gain unauthorized access and escalate privileges. These flaws affect multiple versions of Apache Cassandra impacting multiple versions of Apache Cassandra.

Multiple vulnerabilities have been discovered in VMware Aria Operations and Aria Operations for Logs. These include information disclosure flaws allowing credential exposure, stored cross-site scripting, and privilege escalation issues. An attacker could use these vulnerabilities to gain unauthorized access to sensitive data and escalate privileges, potentially compromising the entire system. Patches are available and should be applied immediately.

Bitwarden is implementing mandatory email verification for accounts without 2FA enabled. This new security feature requires users logging in from unrecognized devices to verify their identity via an emailed code before accessing their vaults. This change aims to protect against unauthorized access and mitigate the risks of credential theft for users who do not use Multi factor authentication. This measure is going to be effective from Feb 2025.