The vulnerability exists because the appliance does not properly validate user-supplied input. As a result, even a user with the Observer role—the lowest level of access—can send crafted HTTP requests that bypass normal security checks.

Once exploited, attackers could create new accounts, modify system settings, or take over the appliance entirely.

Which Deployments Are Affected?

Cisco confirms that the issue affects only the Virtual Appliance running on VMware ESXi.
The following are not impacted:

• Catalyst Center hardware appliances
• Virtual Appliances deployed on AWS

In terms of software versions:

• Not affected: Versions earlier than 2.3.7.3-VA and version 3.1
• Affected: Versions 2.3.7.3-VA and later
• Fixed version: Upgrade to 2.3.7.10-VA or later

There are no temporary workarounds. An upgrade is the only way to eliminate the risk.

According to Cisco’s PSIRT team:

• No active exploitation has been detected
• No public reports or attacks have been observed
• The vulnerability was found internally during a TAC support case

Even though it hasn’t been exploited yet, the ease of privilege escalation makes this a high-priority issue for organizations.

Action Required

Cisco advises all customers using the affected Virtual Appliance to:

1. Review the official Cisco security advisory
2. Check the running software version
3. Immediately apply the fixed release (2.3.7.10-VA or higher)

Updating ensures the appliance cannot be compromised through this privilege escalation flaw and keeps the deployment aligned with Cisco’s security best practices.

The post Cisco Catalyst Center Bug Lets Attackers Gain Higher Access appeared first on First Hackers News.

The vulnerability, CVE-2025-64446, allows attackers to run admin-level commands without logging in. This means they can take complete control of the system. The issue has a CVSS score of 9.1, making it very serious.

The problem comes from a path traversal bug in the FortiWeb GUI. With a specially crafted HTTP or HTTPS request, attackers can bypass security checks and run commands with full privileges. This can result in:

• Creating unauthorized admin accounts
• Stealing data
• Total system compromise

Fortinet has confirmed active attacks, so patching immediately is strongly recommended.

Affected Versions:
FortiWeb 8.0, 7.6, 7.4, 7.2, and 7.0

Recommended Updated Versions:
8.0.2, 7.6.5, 7.4.10, 7.2.12, and 7.0.12 or higher

If you cannot apply the update right away, Fortinet suggests disabling HTTP/HTTPS access to the management interface on all internet-facing interfaces. This can help reduce risk but should only be used as a temporary solution.

After updating, admins should check system logs and look for any unknown or suspicious admin accounts to ensure their device has not already been compromised.

The post Active Exploits Target Critical FortiWeb WAF Flaw appeared first on First Hackers News.

These bugs—CVE-2025-4918 and CVE-2025-4919—were found in Firefox’s JavaScript engine. They allowed attackers to access memory out of bounds, which could lead to remote code execution or data leaks.

The good news? Neither exploit was able to break out of Firefox’s sandbox, a key layer of defense that stops attackers from fully taking over your device.

Mozilla acted fast, releasing security updates for:

• Firefox 138.0.4
• Firefox ESR 128.10.1
• Firefox ESR 115.23.1
• Firefox for Android

Researchers found two serious security flaws in Firefox’s JavaScript engine, SpiderMonkey, that could let attackers run code on your device if you visit a malicious site.

All about the Vulnerability

CVE-2025-4918
This bug happens when Firefox mishandles memory while working with JavaScript Promises. Hackers could use this to read or write memory they shouldn’t, possibly taking control of the system.
Discovered by Edouard Bochin and Tao Yan (Palo Alto Networks).

CVE-2025-4919
This issue involves an integer overflow during array index calculations. It can lead to memory corruption and could also allow attackers to run code.
Found by Manfred Paul.

Simple Example of the Bug

let arr = [1, 2, 3];
let idx = calculateIndex(); // attacker controls this value
arr[idx] = 42; // writing outside the array causes memory issues

Summary of the Bugs

These bugs only work if a user visits a malicious website, but Firefox’s sandboxing helped limit the damage. Even so, update your browser immediately to stay safe.

Mozilla’s Fast Security Fix

Mozilla quickly fixed two Firefox zero-day bugs found at Pwn2Own 2025. Global teams developed and released patches the same day, showing their strong focus on user safety.

The exploits didn’t break out of Firefox’s sandbox, thanks to recent security improvements. Mozilla says these updates lower the risk of full system attacks.

Users should update to Firefox 138.0.4, ESR 128.10.1, or ESR 115.23.1 right away.
Admins can scan systems using Qualys QIDs 383252 and 383254.

Mozilla continues to improve browser security and welcomes researchers to join their bug bounty program.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!

The post Mozilla Urgently Patches Firefox Pwn2Own 2025 Flaws appeared first on First Hackers News.

One of the highlights is the debut of NOVA, the first Direct Rendering Manager (DRM) driver written in Rust. It supports NVIDIA RTX 2000 “Turing” series and newer GPUs. NOVA is designed to replace the Nouveau driver, offering better performance and improved memory safety.

Rust support doesn’t stop at graphics. Linux 6.15 also includes Rust-based support for hrtimer and ARMv7, showing the growing use of Rust for safer, low-level kernel code.

Enabling Rust and NOVA in the Kernel

bashCONFIG_RUST=y

CONFIG_DRM_NOVA=y

Feature Overview

This release marks a shift toward safer kernel development by reducing memory-related bugs in critical components.

Linux 6.15 brings major performance boosts to file systems, especially for exFAT.

Thanks to smarter discard handling, deleting large files is now up to 150 times faster. For example, removing an 80GB file now takes just 1.6 seconds (down from over 4 minutes) when mounted with the discard option. This speedup comes from batching discard operations instead of handling clusters one by one.

mount -t exfat -o discard /dev/sdX1 /mnt/exfat
time rm /mnt/exfat/largefile.img

Other file system updates:

• Btrfs: Adds fast/realtime zstd compression (-15 to -1) and better handling of checksum-related write errors in VMs.
• FUSE: Supports longer file names (over 1024 characters) and server timeouts for better reliability.
• bcachefs: Adds case-insensitive file handling and a “scrub” feature for detecting and fixing errors.

Networking Improvements

Linux 6.15 also improves networking with zero-copy receive (zcrx) via io_uring, letting network data go directly to userspace memory. This removes the need for extra kernel-to-user copies and simplifies memory handling.

Another addition is the new TCP_RTO_MAX_MS option, giving more control over TCP retransmission timeouts.

Example:

int timeout_ms = 3000;
setsockopt(sockfd, IPPROTO_TCP, TCP_RTO_MAX_MS, &timeout_ms, sizeof(timeout_ms));

Summary Table

Hardware and Kernel Improvements in Linux 6.15

Linux 6.15 expands hardware support and improves core kernel features.

• Apple Touch Bar: Now fully supported on Intel and M1/M2 MacBook Pros, including touch input, backlight, and function key display.
• Samsung GalaxyBook: Gets full ACPI support for battery status, platform features, and function keys.
• Game Controllers: Better support for PlayStation 5, Xbox, and Turtle Beach devices, plus new drivers for racing and flight sim gear.
• Intel Killer E5000 Ethernet: Added with minimal changes for improved networking.

Kernel Infrastructure Updates

• fwctl: A new subsystem for handling firmware RPCs more consistently.
• fanotify API: Adds real-time mount/unmount event tracking.

Example: Use fanotify to watch filesystem events

fanotify_init(FAN_CLASS_NOTIF, O_RDONLY);
fanotify_mark(fd, FAN_MARK_ADD, FAN_MOUNT, AT_FDCWD, “/mnt”);

• Block Layer: Now supports hardware-encrypted keys, boosting disk security.

Summary Table

Linux 6.15 sets a strong foundation for faster, safer, and more hardware-friendly Linux systems.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!

The post Linux 6.15 Released: Major Performance & Hardware Upgrades appeared first on First Hackers News.

For years, CISOs have reported to Chief Information Officers (CIOs), based on the idea that cybersecurity is a technical function. But this setup is no longer ideal. Cybersecurity now touches every part of the business—from compliance and legal exposure to customer trust and reputation.

Cybersecurity is no longer just an IT concern. It’s a core business issue. Attacks can disrupt operations, harm brand reputation, and even affect stock prices. That’s why treating security as a technical add-on doesn’t work anymore.

Reporting to the CEO Reflects Reality

When the CISO reports directly to the CEO, it shows that the company takes security seriously—on the same level as finance, legal, and operations. This structure reduces internal conflicts, ensures better funding for security initiatives, and brings security into strategic discussions from the start.

CIOs often focus on system uptime and cost efficiency, which can conflict with security needs. For example, delaying patches to avoid downtime might leave systems exposed.

Giving the CISO more independence helps balance security with operational goals, so that innovation doesn’t come at the cost of risk.

Changing the CISO’s reporting line isn’t just about titles—it’s about making sure cybersecurity is built into how the business runs. In a world where digital threats are growing, that kind of shift is no longer optional—it’s essential.

Why the CISO Role Should Report to the CEO

1. Avoid Conflicts of Interest: CIOs focus on IT infrastructure and may prioritize performance and cost over security. A CISO reporting to the CEO can advocate for essential security measures without internal pressures.
2. Secure Budget Independence: Cybersecurity often competes for funding with IT projects. A CISO reporting to the CEO can better justify security investments based on business risks.
3. Improve Board Communication: Cyber threats are a board-level issue. CISOs who report to the CEO can more easily communicate risks and impacts to the board, ensuring informed decisions.
4. Enhance Risk Management: Cyber risk affects legal, financial, and operational areas. A CISO at the CEO level can work across departments to integrate security into the company’s overall risk strategy.
5. Meet Regulatory Demands: With regulations like the SEC’s cybersecurity rules and GDPR, a CISO reporting to the CEO helps ensure compliance and demonstrates strong governance.

Building a Stronger Future

Shifting the CISO to report to the CEO isn’t just about hierarchy—it’s about making security central to every decision.

A CEO-level CISO can lead initiatives like zero-trust or AI-based threat detection, securing the resources and backing needed.

This shift also protects the company against future risks, especially with new tech like cloud services and IoT increasing vulnerabilities.

A CISO with CEO support ensures security is built into new technologies from the start, not added later.

CEO-aligned CISOs can invest in proactive threat intelligence, staying ahead of emerging risks instead of reacting after the fact.

Security affects all departments, from HR to legal to marketing. A CISO reporting to the CEO enables seamless collaboration across teams in responding to threats.

Ultimately, a CISO’s position shows a company’s commitment to cybersecurity. A direct line to the CEO highlights that cyber risks are business risks, empowering leaders to innovate while staying protected.

The real question is how quickly organizations can adapt to this change.

The post CISO to CEO: A Reporting Structure Argument appeared first on First Hackers News.

Cybercriminals, mainly from Chinese underground networks, are using NFC (Near Field Communication) technology to carry out large-scale fraud at ATMs and point-of-sale (POS) terminals.

According to Resecurity, many banks, FinTech firms, and credit unions reported a sharp rise in NFC-based fraud in early 2025. One major U.S. financial institution lost millions as a result.

These attackers use advanced tools to manipulate NFC systems and make unauthorized payments. Targets include regions like the U.S., UK, EU, Australia, Canada, Japan, and the UAE.

How the Fraud Works

The attackers take advantage of Android’s Host Card Emulation (HCE), which lets phones act like payment cards. Tools like “Z-NFC” and “Track2NFC”—sold on the Dark Web—are used to steal payment data and simulate legitimate transactions at ATMs and POS terminals.

Some techniques, like “Ghost Tap,” allow payments without alerting payment processors. Others use apps like “HCE Bridge” to fake contactless payment methods.

Resecurity found that these tools are designed to hide from detection, using complex code and encryption. Some criminals even operate mobile device “farms” to commit fraud on a large scale.

Global Impact

Hackers have targeted major banks like Barclays, HSBC, and Santander. They also abuse loyalty programs and use stolen card data from ATM skimmers to make contactless payments that don’t require PINs.

NFC-enabled terminals are often misused or registered with fake identities, allowing fraud and money laundering in countries like China, Malaysia, and Nigeria.

With nearly 2 billion devices supporting NFC worldwide, and the privacy of encrypted communication, these crimes are hard to trace. As more people use contactless payments, stronger security and international cooperation are essential to stop this growing threat.

Indicators of Compromise (IOC)

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!

The post NFC Exploited to Steal Funds from ATMs and POS appeared first on First Hackers News.

Vulnerability Details

• CVE ID: CVE-2024-13059
• Severity: Critical (CVSS 9.1)
• Exploitation Risk: Low (EPSS 0.04%)
• Affected Versions: AnythingLLM before version 1.3.1
• Fixed In: Version 1.3.1 (released February 10, 2025)
• Impact: Remote Code Execution through path traversal

How the Vulnerability Works

Offsec researchers found that the issue comes from how the multer library handles file uploads in AnythingLLM. Specifically, it doesn’t properly check filenames with non-ASCII characters and directory traversal patterns (like ../../malicious.sh).

An attacker with manager or admin access can upload a file with a crafted name, such as ../../malicious.js. Because of the filename issue, the app may save the file outside the intended upload folder.

For example, an attacker could place a file like ../../../etc/cron.d/exploit into a system directory. If this file gets executed—by a scheduled task or system script—it could give the attacker full control of the system.

This shows how a simple file upload, combined with elevated access and weak input checks, can lead to a serious system breach.

Organizations using AnythingLLM for tasks like customer support or internal data analysis should update immediately. Delaying the patch could risk data leaks, system downtime, or unauthorized access.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!

The post AnythingLLM Systems at Risk: Critical Remote Code Execution Vulnerability Discovered appeared first on First Hackers News.

Vulnerabilities Explained

The issues were found in two key components:

• CoreAudio (CVE-2025-31200): A memory corruption flaw that could be triggered by a malicious media file, allowing attackers to execute harmful code.
• RPAC (CVE-2025-31201): A security bypass that could let attackers disable Pointer Authentication, a critical defense mechanism in iOS.

These vulnerabilities weren’t just theoretical—they were actively used in real-world attacks targeting specific iPhone and iPad users. Apple and Google’s Threat Analysis Group confirmed that the flaws were part of a highly advanced campaign. With iOS 18.4.1 and iPadOS 18.4.1, Apple has patched the memory issue in CoreAudio and removed the vulnerable code in RPAC, effectively closing both security gaps. Updating your device is strongly recommended to stay protected.

Devices Affected

Apple’s latest security update—iOS 18.4.1 and iPadOS 18.4.1—applies to a wide range of devices, including:

• iPhone XS and later
• iPad mini (5th generation and later)
• iPad (7th generation and later)
• iPad Air (3rd generation and later)
• iPad Pro 11-inch (1st generation and later)
• iPad Pro 13-inch and 13.9-inch (3rd generation and later)

The update fixes two major security issues. One was a bug in CoreAudio, which Apple patched with improved checks. The other was in RPAC, which Apple resolved by removing the vulnerable code.

Although Apple hasn’t shared details about who was targeted or responsible, the complexity of the attacks points to highly advanced threat actors—possibly even nation-state groups. These zero-day flaws are rare and often used in espionage or against high-profile individuals.

Cybersecurity experts stress the urgency of this update. One analyst noted, “These exploits are a stark reminder of how critical timely updates are. Users must act quickly to secure their devices.”

As usual, Apple kept details under wraps until the fixes were ready, following its standard approach to user safety. The security notes, released on April 16, 2025, list all affected devices and vulnerabilities. More information can be found on the Apple Product Security page.

To update, go to Settings > General > Software Update and install iOS/iPadOS 18.4.1. Apple strongly recommends updating right away to stay protected.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!

The post Two Apple Zero-Days Under Active iOS Attack appeared first on First Hackers News.

All about the outage

The outage occurred from 21:38 to 22:45 UTC, causing all R2 write operations to fail and 35% of read operations to be unsuccessful worldwide. No data was lost or corrupted, as successful uploads and changes were retained.

Cloudflare blamed human error for the issue, where new credentials were mistakenly deployed to a development instance instead of the production environment.

Impact on Services

The Cloudflare outage caused disruptions across multiple services:

• R2: Write operations failed, and 35% of read operations were unsuccessful. Cached object reads reduced errors for customers accessing public assets via custom domains.
• Billing: Customers had trouble accessing past invoices.
• Cache Reserve: Increased requests to origins occurred due to failed R2 reads.
• Email Security: Customer-facing metrics were not updated.
• Images: Uploads failed, and image delivery dropped to 25%.
• Key Transparency Auditor: All operations failed during the incident.
• Log Delivery: Log processing was delayed by up to 70 minutes.
• Stream: Uploads failed, and video segment delivery faced intermittent stalls.
• Vectorize: Queries and operations on indexes were impacted, with all insert and upsert operations failing.

The issue was traced to the R2 engineering team omitting the –env parameter during the credential rotation, causing new credentials to be deployed to a non-production environment.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!

The post Cloudflare: password error, outage appeared first on First Hackers News.

All about the vulnerability

RSA key security relies on two large prime numbers used to generate the public key. If these primes aren’t chosen randomly, multiple keys may share a prime factor. By calculating the Greatest Common Divisor (GCD) of two RSA moduli, attackers can easily find shared factors, compromising both keys.

This method is simpler than factoring the RSA modulus and works well for large datasets. The widespread use of IoT devices increases the risk, as compromising them could have serious consequences.

The study analyzed 75 million RSA keys and added 100 million certificates from Certificate Transparency logs. It found a higher vulnerability rate in the broader internet dataset, mainly due to IoT devices with limited entropy, which lead to predictable random number generation.

Similar vulnerabilities were found in 2012 and 2016, where many keys were compromised due to shared factors.

Impacts

This vulnerability poses serious risks, especially with the growing use of IoT devices in critical sectors like healthcare and transportation. Attacks could lead to data breaches or even physical harm.

Patching IoT devices is difficult due to their decentralized nature and lack of centralized management. The availability of cloud computing makes it easier for attackers to exploit these weaknesses at low cost.

To reduce risks, manufacturers should ensure keys are generated with enough randomness, using external entropy sources. Improved patching systems and greater awareness of IoT security are also needed. Addressing these vulnerabilities is crucial as the IoT ecosystem continues to grow.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!

The post Millions of RSA keys exposed: major flaws appeared first on First Hackers News.