News - Page 14 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

PingAM Java Agent Vulnerability Creates an Opportunity for Cybercriminals

In today’s world, cybersecurity is more important than ever. In this regard, Ping Identity has announced the discovery of a critical vulnerability (CVE-2025-20059) in the PingAM Java Agent software. This vulnerability allows bypassing security policies and gaining unauthorized access to…

News

Discovered Vulnerability in Cisco Nexus Switches Allows Execution of Malicious Commands

One of the significant cybersecurity events is Cisco’s announcement of a critical vulnerability found in its Nexus 3000 and 9000 series switches. This vulnerability, registered under CVE-2025-20161, allows authenticated users with administrative privileges to execute commands with root access. The…

News

GitLab: Discovered Vulnerabilities Allow Bypassing Security Measures and Executing Malicious Code

Several high-risk vulnerabilities have been identified in the GitLab platform. In particular, two critical Cross-Site Scripting (XSS) vulnerabilities allow attackers to bypass security defenses and execute malicious scripts in users’ browsers. The vulnerabilities, CVE-2025-0475 (CVSS 8.7) and CVE-2025-0555 (CVSS 7.7),…

News

New Vulnerability in LibreOffice Allows Attackers to Execute Malicious Files

A new critical vulnerability (CVE-2025-0514) has been discovered in LibreOffice, which has now been patched. Researchers have found that attackers can exploit specially crafted documents to execute malicious files on Windows systems. This vulnerability has been rated 7.2 on the…

News

Unknown VMware ESXi Vulnerability Exploit for Sale: Virtualization at Risk!

A new alarming event has occurred in the world of cybercrime. An unknown cybercriminal operating under the alias “Vanger” has announced on underground hacker forums that they are selling a 0-Day exploit targeting VMware ESXi systems. The most dangerous aspect…

News

Palo Alto, Cisco, and Microsoft Exchange at Risk Due to 23 Vulnerabilities Exploited by the Black Basta Hacking Group

In recent days, one of the most alarming developments in cybersecurity has been the disclosure of internal chats from the Black Basta hacking group. Analysts at GreyNoise examined the leaked data and confirmed that out of 62 identified vulnerabilities, 23…

News

Vulnerability in Cisco Nexus Switches Could Cause Network Failure

Recently, in the field of cybersecurity, information has spread about a serious vulnerability discovered in Cisco Nexus 3000 and 9000 series switches. This vulnerability could allow attackers to disrupt network operations, causing a Denial-of-Service (DoS) condition. This vulnerability is linked…

News

More than 2,850 Ivanti Connect Secure devices vulnerable to remote code execution attacks

Cyber threats are becoming increasingly complex. Recent security audits have revealed that the CVE-2025-22467 vulnerability in Ivanti Connect Secure (ICS) devices poses a serious global threat. CVE-2025-22467 has a CVSS score of 9.9 and is classified as a critical flaw.…

News

XWorm and AsyncRAT: Hidden Malware Spreading via PowerShell and Visual Basic

Recent cybersecurity research has shown that malware distribution methods are becoming increasingly sophisticated. A newly discovered batch script is a clear example of this trend. This script is used to distribute powerful malware such as XWorm and AsyncRAT, employing advanced…

News

Rsync Vulnerabilities: Millions of Servers at Risk!

Several critical vulnerabilities have been discovered in Rsync, a widely used tool for server and data synchronization. These vulnerabilities allow attackers to execute malicious code remotely, steal confidential data, and bypass key security mechanisms. Affected Versions: All versions of Rsync…