News - Page 6 of 26 - UZCERT xizmati

Computer Emergency
Response Team

News

Critical Vulnerabilities in Dell Unity Systems: Recommendations for Ensuring System Security

Recently, Dell Technologies identified several critical vulnerabilities in its Unity, UnityVSA, and Unity XT storage systems and released security updates to mitigate them. These vulnerabilities allow attackers to gain unauthorized access, execute commands with root privileges, and delete critical system…

News

Serious Vulnerability Found in CrushFTP, Cybercriminals Have Begun Exploiting It!

Active Exploitation of CVE-2025-2825 Vulnerability! 🔴 After the discovery of an authentication bypass vulnerability in CrushFTP, cybercriminals have started actively exploiting it. According to data from the Shadowserver Foundation, as of March 30, 2025, 1,512 vulnerable servers remain exposed to…

News

Serious Threat to Apple Devices: Three New Zero-Day Vulnerabilities Are Being Actively Exploited!

Apple has announced the discovery of three new zero-day vulnerabilities that are currently being actively exploited by cybercriminals. These vulnerabilities, identified as CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085, pose a significant threat to iPhones, iPads, Macs, and other Apple ecosystem devices. Hackers…

News

Has Attacking the Appsmith System Become Easier? A New Vulnerability Poses a Threat!

🔴 Appsmith users, stay alert! Appsmith is an open-source software platform widely used for building internal applications. However, serious security vulnerabilities have recently been discovered, which could allow attackers to remotely execute arbitrary commands. The most critical vulnerability is CVE-2024-55963,…

News

SnapCenter Server Vulnerability Allows Attackers to Gain Administrator Privileges!

A critical vulnerability has been discovered in NetApp SnapCenter software, posing a significant security risk. This vulnerability allows authenticated users to escalate their privileges to an administrator level on remote systems, potentially leading to infrastructure compromise and data breaches. 📌…

News

Malicious Packages with Hidden Code Discovered in the NPM Repository

🔍 Cybercriminals are increasingly using sophisticated techniques to inject malicious code into the NPM repository. Although the number of malicious packages seemed to decline in 2023–2024, this trend has not continued in 2024. Recently, security researchers identified two NPM packages…

News

Critical Vulnerability in Splunk: Attackers Can Upload Malicious Files and Take Control of the System

🔍 Cybersecurity experts have discovered a serious vulnerability in the Splunk system. This flaw allows attackers to upload malicious files and execute arbitrary code within the system. Splunk has identified a Remote Code Execution (RCE) vulnerability, CVE-2025-20229, in its Splunk…

News

Critical Vulnerability Discovered in CrushFTP: Attackers Can Gain Unauthorized Access

Cybersecurity threats continue to escalate, putting the confidential data of companies and organizations at risk. On March 21, 2025, a serious security vulnerability was discovered in CrushFTP, allowing attackers to bypass authentication and gain access to the system through HTTPS…

News

Critical Vulnerability Discovered in VMware Tools for Windows: Attackers Can Bypass Authentication

As virtualization technologies continue to advance, a new security vulnerability—CVE-2025-22230—has been discovered in VMware Tools for Windows. This flaw allows attackers to bypass authentication in a Windows guest virtual machine and gain elevated privileges. CVE-2025-22230 affects VMware Tools for Windows…

News

New Dangerous Vulnerability Discovered in Windows MMC

A new security vulnerability, CVE-2025-26633, has been discovered in the Microsoft Management Console (MMC), which is being actively exploited by the Russian hacker group Water Gamayun (also known as EncryptHub and Larva-208). This vulnerability allows attackers to bypass Windows security…