All news with #exploit detected tag

WinRAR zero-day (CVE-2025-8088) used in RomCom attacks

🔒 ESET researchers uncovered a previously unknown WinRAR vulnerability, tracked as CVE-2025-8088, that is being actively exploited by the Russia-aligned actor RomCom in targeted spearphishing campaigns. The Windows path traversal flaw enables execution of arbitrary code when victims open crafted archives. Users should update to WinRAR 7.13 immediately and consult ESET's video and blogpost for indicators and mitigation.

Erlang/OTP SSH RCE: CVE-2025-32433 Exploitation Wave

⚠️ Unit 42 details active exploitation of CVE-2025-32433, a critical (CVSS 10.0) unauthenticated RCE in the Erlang/OTP SSH daemon that processes SSH protocol messages prior to authentication. Researchers reproduced and validated the bug and observed exploit bursts from May 1–9, 2025, with payloads delivering reverse shells and DNS-based callbacks to randomized subdomains. Immediate remediation is to upgrade to OTP-27.3.3, OTP-26.2.5.11 or OTP-25.3.2.20 (or later); temporary measures include disabling SSH, restricting access and applying Unit 42 signature 96163.

Customer Guidance for SharePoint CVE-2025-53770 Patch

🔒 Microsoft warns of active attacks against on-premises SharePoint Server and has issued security updates that fully remediate CVE-2025-53770 and CVE-2025-53771 for supported versions. Customers should apply the published updates immediately, enable AMSI with HTTP request body scanning where available, and deploy endpoint protections such as Microsoft Defender for Endpoint. After patching, rotate ASP.NET machine keys and restart IIS to complete mitigation; SharePoint Online is not affected.

Mass-Scale Vulnerability in Hikvision Surveillance Cameras

🔓 Over 80,000 Hikvision surveillance cameras remain vulnerable to an 11-month-old command injection flaw tracked as CVE-2021-36260, which NIST rated 9.8/10. Researchers report evidence of criminal activity in Russian dark-web forums where leaked credentials are being sold and exploitation collaborations are solicited. The persistent exposure underscores systemic IoT weaknesses, widespread use of default credentials, and uneven patching practices that leave organizations and critical infrastructure at risk.

CISA Alerts: Palo Alto PAN-OS Vulnerability Under Attack

🔔 CISA has warned that firewalls running Palo Alto Networks PAN-OS are under active attack and require immediate patching. The issue, tracked as CVE-2022-0028, can be abused without authentication to perform reflected and amplified TCP denial-of-service attacks using PA-Series, VM-Series and CN-Series devices. Palo Alto has released patches for multiple PAN-OS branches and CISA added the flaw to its Known Exploited Vulnerabilities Catalog, urging federal agencies to remediate by September 9. Administrators should review URL filtering profiles with blocked categories on externally facing interfaces and apply vendor fixes promptly.