News - Page 7 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

Critical Vulnerability in Apache Roller: Hackers Remain in the System Even After Password Changes

A dangerous vulnerability discovered in the popular blogging platform Apache Roller poses a serious threat to users and organizations. The vulnerability, identified as CVE-2025-24859, affects all versions of the platform from 1.0.0 to 6.1.4 and has received the highest CVSS…

News

Dangerous Cyberattacks via “SureTriggers” WordPress Plugin Began Just 4 Hours After Vulnerability Disclosure

On April 10, 2025, only four hours after a critical vulnerability in the popular WordPress plugin SureTriggers was publicly disclosed, active exploitation of the flaw began. This plugin is installed on over 100,000 websites worldwide and has been found to…

News

Chinese Hackers Target Global Organizations via Ivanti VPN Vulnerabilities

Since the spring of 2025, hacker groups linked to China have launched cyberattacks on organizations across 12 countries and more than 20 industries worldwide. These attacks were carried out by exploiting critical vulnerabilities in Ivanti Connect Secure VPN appliances. Cybersecurity…

News

Critical Vulnerability Discovered in Jenkins Docker Images: Hackers Can Hijack Network Connections!

On April 10, 2025, the Jenkins team disclosed a newly discovered vulnerability posing a serious threat to CI/CD (Continuous Integration / Continuous Deployment) processes in thousands of organizations worldwide. This vulnerability was found in the management of SSH host keys…

News

Critical Vulnerability Found in AMD Processors: Attackers Can Inject Malicious Microcode to Disrupt CPU Operation!

A serious vulnerability discovered in AMD processors by Google researchers has created a stir in the cybersecurity world. This vulnerability may allow attackers to load malicious microcode directly into AMD processors, potentially compromising their operation. The vulnerability has been assigned…

News

A Critical Vulnerability Threatens WordPress Sites!

Cybersecurity researchers have discovered a critical vulnerability in the popular WordPress plugin — InstaWP Connect. This vulnerability could potentially expose thousands of websites to remote attacks. Experts from Wordfence identified and reported the vulnerability CVE-2025-2636, which allows unauthenticated attackers to…

News

Over 5,000 Ivanti Devices at Risk

Security Warning: Over 5,000 Ivanti Connect Secure VPN devices used across corporate networks worldwide remain at serious risk. This vulnerability, identified as CVE-2025-22457, allows cybercriminals to gain access to your systems and steal your data. This is a stack-based buffer…

News

Serious vulnerability discovered in Kibana

Elastic has issued an urgent security update for its Kibana data visualization platform, addressing a high-severity vulnerability that could allow attackers to execute arbitrary code. Tracked as CVE-2024-12556 with a CVSS score of 8.7 (High), this flaw affects Kibana versions 8.16.1 through 8.17.1 The security flaw stems from…

News

Vulnerability in Apache mod_auth_openidc Module: Could Allow Unauthenticated Users to Access Protected Content

A serious security vulnerability has been discovered in the mod_auth_openidc module for OpenID Connect authentication and authorization in the Apache HTTP server. This issue could allow unauthenticated users to gain access to protected web resources. The vulnerability, named CVE-2025-31492, has…

News

New Vulnerability Found in Windows Remote Desktop Service: Hackers Can Execute Malicious Code Remotely

A serious vulnerability has been identified in Microsoft Windows Remote Desktop Services (RDP), allowing attackers to execute malicious code remotely without requiring user authentication. This vulnerability, named CVE-2025-27480, is a use-after-free issue in the Remote Desktop Gateway service and has…