-
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor, realizes its nefarious functionality through a dependency package called colorinal by means of a multi-stage malware operation, Zscaler
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Rockwell Automation’s ControlLogix Ethernet communication modules, potentially allowing remote attackers to execute arbitrary code on industrial control systems.
The vulnerability, tracked as CVE-2025-7353, affects multiple ControlLogix Ethernet modules and carries a maximum CVSS score of 9.8, indicating severe security implications for industrial automation environments.
Key Takeaways
1. Critical flaw in Rockwell ControlLogix Ethernet modules due to the enabled web debugger agent.
2. Attackers can remotely execute code, dump memory, and control industrial systems.
3. Update immediately; implement network segmentation if patching is delayed.Rockwell Automation published the security advisory on August 14, 2025, after discovering the flaw during internal testing procedures.
Insecure Default Configuration Flaw (CVE-2025-7353)
The CVE-2025-7353 vulnerability stems from an insecure default configuration in the web-based debugger (WDB) agent that remains enabled on production devices.
This debugging interface, intended for development purposes, creates a significant attack vector when left active in operational environments.
The vulnerability allows unauthenticated remote attackers to establish connections using specific IP addresses to access the WDB agent functionality.
The flaw is classified under CWE-1188: Initialization of a Resource with an Insecure Default, highlighting the fundamental security issue of shipping products with debugging capabilities enabled by default.
The CVSS 3.1 vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates that the vulnerability can be exploited over the network with low complexity, requires no privileges or user interaction, and provides high impact across confidentiality, integrity, and availability.
The vulnerability impacts several ControlLogix Ethernet communication modules, including 1756-EN2T/D, 1756-EN2F/C, 1756-EN2TR/C, 1756-EN3TR/B, and 1756-EN2TP/A models running firmware version 11.004 or below.
These modules serve as critical communication interfaces between ControlLogix programmable automation controllers (PACs) and Ethernet networks in industrial environments.
Successful exploitation enables attackers to perform memory dumps, modify system memory, and control the execution flow of the affected devices.
This level of access could potentially allow attackers to manipulate industrial processes, access sensitive operational data, or disrupt manufacturing operations.
The web-based debugger agent provides low-level system access typically reserved for authorized development and maintenance personnel.
Risk Factors Details Affected Products Rockwell Automation ControlLogix Ethernet Modules:- 1756-EN2T/D- 1756-EN2F/C- 1756-EN2TR/C- 1756-EN3TR/B- 1756-EN2TP/A(All running firmware version 11.004 or below) Impact Execute remote code Exploit Prerequisites – Network access to target device- Specific IP address connection to WDB agent- No authentication required- No user interaction needed CVSS 3.1 Score 9.8 (Critical) Mitigations
Rockwell Automation has released firmware version 12.001 to address the vulnerability across all affected ControlLogix Ethernet modules.
Organizations should prioritize updating to this corrected version as the primary mitigation strategy. The update disables the insecure default configuration of the WDB agent, eliminating the primary attack vector.
For environments where immediate firmware updates are not feasible, Rockwell Automation recommends implementing comprehensive security best practices.
These include network segmentation to isolate industrial control systems, implementation of proper firewall rules to restrict access to debugging interfaces, and continuous monitoring of network traffic for suspicious activities.
Organizations should also conduct thorough security assessments of their industrial automation infrastructure to identify similar vulnerabilities in other systems.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.The post Rockwell ControlLogix Ethernet Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Use-after-free (UAF) vulnerabilities represent one of the most critical and prevalent security threats in modern software systems, particularly affecting applications written in memory-unsafe languages like C and C++.
These vulnerabilities occur when a program continues to use a memory location after it has been freed, creating opportunities for attackers to manipulate program execution flow, corrupt data, or achieve arbitrary code execution.
The severity of use-after-free vulnerabilities is underscored by their frequent appearance in high-profile security advisories and their exploitation in real-world attacks against web browsers, operating systems, and critical infrastructure software.
How Use-After-Free Vulnerability Occurs
Use-after-free vulnerabilities emerge from fundamental flaws in memory management practices within applications that manually handle dynamic memory allocation and deallocation.
The vulnerability manifests when a program deallocates a memory region using functions like
free()in C ordeletein C++, but subsequently attempts to access or manipulate the same memory location through dangling pointers.This creates a dangerous condition where the freed memory may have been reallocated for different purposes, leading to unpredictable program behavior.
The following concise C code demonstrates the core mechanism of a use-after-free vulnerability:
how it occurs The technical mechanics of use-after-free vulnerabilities involve several critical stages in the memory lifecycle. Initially, a program allocates memory dynamically using allocation functions such as
malloc(),calloc(), or thenewoperator, creating a valid pointer to a memory region.During normal execution, the program may legitimately free this memory using
free()ordelete, marking the memory region as available for reuse by the memory allocator.However, if the program fails to set the pointer to NULL after freeing the memory, or if multiple pointers reference the same memory location, subsequent access attempts create use-after-free conditions.
The vulnerability becomes particularly dangerous when the freed memory is reallocated for different data structures or objects with varying layouts and purposes.
Modern memory allocators often reuse freed memory blocks quickly to optimize performance, meaning that a use-after-free access might interact with completely different data than originally intended.
This memory reuse can lead to type confusion vulnerabilities, where the program interprets data of one type as another, potentially allowing attackers to manipulate object properties, function pointers, or other critical program state.
Common programming patterns that introduce use-after-free vulnerabilities include improper cleanup in object destructors, race conditions in multithreaded applications, and complex object lifetime management in callback-heavy architectures.
Web browsers, which manage numerous objects with intricate relationships and event-driven lifecycles, are particularly susceptible to these vulnerabilities due to their complex JavaScript engines and DOM manipulation capabilities.
Exploiting Use-After-Free Vulnerability
The exploitation of use-after-free vulnerabilities requires sophisticated techniques that leverage the predictable behavior of memory allocators and the specific memory layout patterns of target applications.
Attackers typically employ a multi-stage approach that begins with triggering the vulnerability through carefully crafted input or interaction sequences, followed by precise memory manipulation to achieve desired exploitation outcomes.
The following concise C code demonstrates the core mechanism of a use-after-free vulnerability:
Use-After-Free Vulnerability Heap Spraying and Memory Layout Control represents the foundational technique in use-after-free exploitation. Attackers first trigger the freeing of a target object, then immediately allocate numerous objects of the same size to increase the probability that one of their controlled objects occupies the freed memory location.
This technique, known as heap spraying, allows attackers to replace the freed object with malicious data structures containing crafted function pointers, object properties, or other exploitable elements.
Real-world exploitation examples demonstrate the severity of these vulnerabilities. In 2019, researchers discovered CVE-2019-5786, a use-after-free vulnerability in Google Chrome FileReader implementation that affected millions of users worldwide.
The vulnerability occurred when JavaScript code triggered the destruction of FileReader objects while asynchronous file operations were still pending, creating a window where freed memory could be accessed during callback execution.
Attackers exploited this vulnerability by carefully timing JavaScript execution to control the freed memory contents, ultimately achieving arbitrary code execution within the browser’s renderer process.
Advanced exploitation techniques involve Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP) to bypass modern security mitigations like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR).
Attackers leverage use-after-free vulnerabilities to overwrite function pointers or virtual function tables, redirecting program execution to carefully chosen instruction sequences that perform attacker-controlled operations without requiring executable memory regions.
The Pointer Authentication Bypass technique has emerged as attackers adapt to newer processor security features.
On systems with pointer authentication capabilities, attackers use use-after-free vulnerabilities to leak authentic pointer values, then reuse these authenticated pointers in subsequent exploitation stages to bypass pointer integrity checks.
Mitigating Use-After-Free Vulnerability
Comprehensive mitigation of use-after-free vulnerabilities requires a multi-layered approach combining secure coding practices, automated detection tools, and runtime protection mechanisms.
The most effective strategies address vulnerabilities at multiple stages of the software development lifecycle, from initial design through deployment and maintenance.
The following table provides a comprehensive overview of mitigation techniques categorized by their implementation approach and effectiveness:
Mitigation Category Technique Description Implementation Phase Effectiveness Performance Impact Static Analysis Code Review Manual examination of code for memory management flaws Development Medium None Static Analysis Static Analysis Tools Automated source code scanning (Clang Static Analyzer, PVS-Studio) Development High None Dynamic Analysis AddressSanitizer (ASan) Runtime memory error detection with immediate crash on UAF Testing/Debug Very High High (2-3x slowdown) Dynamic Analysis Valgrind Memcheck Comprehensive memory error detection during testing Testing High Very High (10-50x slowdown) Dynamic Analysis Hardware-Assisted Sanitizers Intel MPX, ARM Memory Tagging for runtime detection Runtime High Low-Medium Language Solutions Memory-Safe Languages Rust, Go, Swift with ownership/borrowing systems Design Very High None to Low Language Solutions Managed Languages Java, C#, Python with garbage collection Design Very High Variable Runtime Protection Control Flow Integrity (CFI) Prevents hijacking of corrupted function pointers Runtime Medium-High Low Runtime Protection Pointer Authentication ARM/Intel hardware pointer signing Runtime High Very Low Runtime Protection Stack Canaries Detection of stack-based corruption Runtime Low (UAF specific) Very Low Coding Practices Pointer Nullification Setting pointers to NULL after free() Development Medium None Coding Practices Reference Counting Smart pointers and automated lifetime management Development High Low Coding Practices Object Ownership Models Clear ownership hierarchies and RAII patterns Design/Development High None Allocator-Based Debug Allocators Allocators that detect use-after-free (Debug CRT, Guard Malloc) Testing/Debug High High Allocator-Based Hardened Allocators Production allocators with UAF detection (Scudo, PartitionAlloc) Runtime Medium-High Low-Medium Memory Safety Tools and Static Analysis provide the first line of defense against use-after-free vulnerabilities. AddressSanitizer (ASan), a runtime error detector integrated into major compiler toolchains, instruments memory allocation and deallocation operations to detect use-after-free conditions immediately upon occurrence.
When ASan detects a use-after-free access, it terminates the program and provides detailed diagnostic information, including stack traces for both the original allocation and the erroneous access attempt.
Dynamic analysis tools like Valgrind’s Memcheck offer comprehensive memory error detection capabilities during testing phases, identifying not only use-after-free vulnerabilities but also related issues such as memory leaks and buffer overflows.
These tools employ shadow memory techniques to track the state of every allocated byte, enabling precise detection of improper memory access patterns.
Language-Level Mitigations represent a fundamental approach to eliminating entire classes of memory safety vulnerabilities. Modern programming languages like Rust enforce memory safety through ownership systems and borrow checking, making use-after-free vulnerabilities impossible to introduce through normal language constructs.
Similarly, managed languages like Java and C# eliminate manual memory management entirely, relying on garbage collection to prevent premature memory deallocation.
Runtime Protection Mechanisms provide additional security layers for applications that must continue using memory-unsafe languages. Control Flow Integrity (CFI) prevents attackers from hijacking program control flow through corrupted function pointers, significantly reducing the impact of successful use-after-free exploits.
Hardware-assisted solutions like Intel’s Control-flow Enforcement Technology (CET) and ARM’s Pointer Authentication provide processor-level protections against common exploitation techniques.
Secure Coding Practices remain essential for preventing use-after-free vulnerabilities in existing codebases. These practices include immediately setting pointers to NULL after freeing memory, implementing reference counting systems for shared objects, and designing clear object ownership models that prevent ambiguous lifetime management. Code review processes should specifically focus on memory management patterns, particularly in complex scenarios involving callbacks, event handlers, and multithreaded access.
Use-after-free vulnerabilities continue to pose significant security risks to modern software systems, requiring comprehensive mitigation strategies that combine technological solutions with disciplined development practices.
While automated detection tools and runtime protections provide valuable safeguards, the fundamental solution lies in transitioning to memory-safe programming languages and architectures.
Organizations maintaining legacy codebases must implement rigorous testing regimens, deploy runtime protection mechanisms, and maintain continuous vigilance against these persistent and evolving threats.
The ongoing arms race between attackers developing sophisticated exploitation techniques and defenders implementing advanced mitigations underscores the critical importance of proactive security measures throughout the software development lifecycle.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post What is Use-After-Free Vulnerability? – Impact and Mitigation appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government contracting, or education. Some of these standards and frameworks include, but are not limited to:
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Phrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit tactics, compromised system details, and a sophisticated Linux rootkit. The dump, linked to a Chinese threat actor targeting South Korean and Taiwanese government and private sectors, shows overlaps with the North Korean Kimsuky APT group. […]
The post North Korean Hackers’ Secret Linux Malware Surfaces Online appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In an era where users rely on vigilance against shady websites and file hashing via platforms like VirusTotal, a new wave of trojan horses is challenging traditional defenses. These threats masquerade as legitimate desktop applications, such as recipe savers, AI-powered image enhancers, and virtual assistants, all while embedding malicious capabilities. For instance, the JustAskJacky app, […]
The post The AI-Powered Trojan Horse Returns: How LLMs Revive Classic Cyber Threats appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Military use of drones for air, land, and sea is booming—and so is the need to power them. So the Pentagon is working on a strategy for how it sources and buys batteries—including the critical minerals they require—which officials expect to release in 2026.
This strategy will be an update to a lithium ion battery strategy published in 2023 “that laid out the groundwork for how we were going to address battery challenges in the department,” including working with other government agencies, allies and partners, Eric Shields, the senior battery advisor in the Pentagon’s industrial base policy office, told reporters Friday.
Congress mandated a department-wide battery strategy in the 2025 annual defense policy bill. The goal is to have the new strategy signed by March 2026.
“What we know is, especially from the battlefield in Ukraine, that batteries are really important. They're important for enabling capabilities like drones, communications, and many other things that we need to fight and win. It's important for the department to have secure supply chains for these and…really important that we have standards, because that's one way that we're going to tackle some of these challenges,” Shields said. “And you can see clearly in executive orders coming down on drone dominance and security, you can see guidance coming down on the importance of critical minerals to the administration that these are priorities and are going to need resources to make progress.”
The Pentagon’s reliance on critical minerals, including those required for batteries, has long been a concern, especially because much of the supply chain resides in China.
Nearly 80 percent of the Defense Department’s weapons systems rely on critical minerals, according to a recent Govini report. And that demand is only increasing as the White House and Pentagon push new technologies, such as drones, across all warfighting domains.
“We need these batteries yesterday. I need way more energy and power available in all of my platforms than what I've been fielding to date. And and the more I can get out there, the better off we're going to be,” said Daphne Fuentevilla, the Navy’s deputy director for operational energy.
Friday, the Army, Navy, and Marine Corps hosted their first industry day for battery technology, with a focus on standardizing and improving supply chains and stockpiles.
“This was really the first time we sat down and collectively hosted an event with a specific purpose of bringing industry into the discussion as an equal partner,” said Marnie Bailey, the senior scientific technical manager for power and energy at the Army’s Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center.
“Technology is moving fast. The Army is moving fast, the Navy is moving fast, DOD is moving fast. And so this industry day was the beginning of this conversation, this open dialogue with industry, so we can move fast together.”
Standardizing batteries from all angles, including cell material and modular architecture, is a primary focus, since different platforms and devices have different batteries.
“One of the things that that we're looking looking at standardization for is: if we have to engage in conflict today—and we're not going to have a lot of time to do a lot of the assessments and and review every single individual piece of equipment for the next two years before we field something—we're going to be taking some risk. And the more we can provide this upfront guidance on standardization, the better off we're going to be when we do have to actually be in a conflict,” Fuentevilla said. “Areas where we're looking at future standardization: the small UAS space, our undersea architectures…large format batteries embedded into our ships, is also going to be a challenge.”
Making sure there’s a robust, secure, and domestic supply chain that can keep up with demand is also another priority.
“Some of this technology evolution within batteries has really enabled us to get after more capable defense weapon systems and platforms. And we have to be able to keep up with that in order to address our mission,” Fuentevilla said. “Specifically, we need batteries in our destroyers and frigates on the surface side. I need more capable sensors and weapons on our surface platforms. I also need small unmanned aerial systems, and these one-way attack drones. Because for these systems in particular, the capability that I can deliver is directly proportional to the amount of energy and battery energy that I can put on those systems.”
The Navy is also investing heavily in uncrewed surface and undersea vehicles that require battery power. And the Army and Marine Corps rely on battery-powered equipment for mobile equipment, aerial and ground vehicles—a challenge the Defense Innovation Unit has been working on.
One key takeaway from the inaugural event was that companies want to know when and what the Pentagon wanted to buy. Shields said the money is there, but the requirements are still en route.
“With the significant resourcing the department just received through the one big, beautiful bill, a lot of those decisions are still being made… stand by is kind of the message, because the requirements are coming, but we don't have them just yet.”
On Thursday, the Energy Department proposed $1 billion in an effort to shore up the critical minerals supply chain. Earlier this year, a White House issued an executive order calling for an increase in critical minerals production, and the recently passed budget reconciliation carves out $1 billion in appropriations for Defense Production Act, which has previously been used to produce critical minerals.
The bill also includes $2 billion to improve critical minerals stockpiles and supply chains “through the National Defense Stockpile Transaction Fund” run by the Defense Logistics Agency, plus $5 billion for “investments in critical minerals supply chains” for fiscal year 2025.
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators’ infrastructure. “The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft capabilities to target more than 700 banking, shopping, and cryptocurrency applications,” Hunt.io
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerability in the Microsoft Management Console (MMC) framework (CVE-2025-26633, aka MSC EvilTwin) to trigger
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. government must reduce environmental and other regulations to make it easier for commercial space companies to launch rockets, expand launch facilities, and perform "novel” space activities, according to a new executive order.
"It is the policy of the United States to enhance American greatness in space by enabling a competitive launch marketplace and substantially increasing commercial space launch cadence and novel space activities by 2030," says the order, signed Wednesday by President Donald Trump.
Specifically, the order will “eliminate or expedite” environmental reviews for launch and re-entry licenses and permits and establish “exclusions” to the National Environmental Policy Act, or NEPA.
The order would also “reevaluate, amend, or rescind” regulations under the Federal Aviation Authority’s Part 450 rules, which govern safety requirements for launch and re-entry operations but are widely viewed as too restrictive by commercial launch companies.
The push to streamline license and permit approvals comes amid a surge in both national security and commercial launches—so many that they are straining the Space Force’s main launch facilities, Cape Canaveral in Florida and Vandenberg in California
To speed up the “next-generation” of spaceport infrastructure, the order directs the Commerce, Defense, and Transportation departments, along with NASA, to identify any state or local barriers to building spaceports on federal lands that “may be inconsistent with federal law.”
The new policy will benefit Elon Musk’s SpaceX, which has been battling with the FAA for years and views environmental regulations as an obstacle to testing its new mega-rocket Starship. Earlier this year, the FAA grounded Starship for two months after debris fell on the Caribbean islands.
But while the order will help SpaceX in the near-term, it will also clear the way for more launch competitors in the long-term: “This is the space industry overall getting heard,” said Todd Harrison, a senior fellow at the American Enterprise Institute.
The regulatory reform is a “big step in the right direction” and will help the launch and commercial satellite industry keep an edge over other countries, Harrison said.
But Harrison cautioned that the administration still hasn’t staffed the National Space Council, the entity which coordinates space policy across the federal government, so it will be difficult to implement the executive order and coordinate with different departments.
“Commercial space regulatory reform is not going to be a priority for Commerce, Transportation, or Defense unless consistent top-level pressure is applied from the White House,” Harrison said.
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
