Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

Por
Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775 Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation. Experts at the Shadowserver Foundation warn that more than 28,200 Citrix instances are vulnerable to the vulnerability CVE-2025-7775, which is under active exploitation. CVE-2025-7775(CVSS score: 9.2) is … Ler mais

IT system supplier cyberattack impacts 200 municipalities in Sweden

Por
Picus Blue Report 2025

A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden’s municipal systems, has caused accessibility problems in more than200 regions of the country. In addition to the service disruption, there are concerns that attackers also stole sensitive data. Local media reportthat the threat actor demanded a ransom of 1.5 (currently around $168,000) … Ler mais

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

Por
U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Citrix NetScalerflaw to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScalerflaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Citrix NetScalerflaw, tracked as CVE-2025-7775, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Citrixaddressedthree security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) … Ler mais

Global Salt Typhoon hacking campaigns linked to Chinese tech firms

Por
Picus Blue Report 2025

The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms. According to the joint advisories [NSA, NCSC], Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., and Sichuan Zhixin … Ler mais

CISA Strengthens Software Procurement Security With New Tool

Por
CISA Strengthens Software Procurement Security With New Tool

A new Software Acquisition Guide: Supplier Response Web Tool has been released by the US Cybersecurity and Infrastructure Security Agency (CISA) to improve security in software procurement. The free, interactive platform is designed to assist IT leaders, procurement officersand software vendors in strengthening cybersecurity practices throughout the acquisition process. The tool builds on CISA’s Software … Ler mais

Researchers Discover First Reported AI-Powered Ransomware

Por
Researchers Discover First Reported AI-Powered Ransomware

In what is reportedly a world-first, ESET researchers have discovered PrompLock, a generative AI-powered ransomware implant currently in development. The researchers described it as the “first known AI-powered ransomware.” It utilizes generative AI to execute attacks via a freely available large language model (LLM) that operates locally through an application programming interface (API). However, ESET … Ler mais

Over 28,000 Citrix devices vulnerable to new exploited RCE flaw

Por
Picus Blue Report 2025

More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild. The vulnerability affectsNetScaler ADC and NetScaler Gateway and the vendor addressed it in updates released yesterday. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Citrix, the security … Ler mais

Nevada “Network Security Incident” Shuts Down State Offices and Servic

Por
Nevada “Network Security Incident” Shuts Down State Offices and Servic

The State of Nevada has been hit by a “network security incident,” which has resulted in the closure of government offices and digital services taken offline. The Office of the Governor of Nevada, Joe Lombardo, confirmed the incident in a memo published on X on August 25. “On early Sunday morning, the State of Nevada … Ler mais

Cephalus ransomware explora RDP para acesso inicial na última campanha de ataque

Por
Chinese Hackers Exploit SharePoint Flaws to Deploy Backdoors, Ransomware, and Loaders

Pesquisadores de segurança cibernética da Huntress identificaram uma nova variante de ransomware apelidada de Cephalus, implantada em dois incidentes separados, direcionados às organizações sem controles de acesso robustos. Essa ameaça emergente, que reivindica seu nome da mitologia grega que simboliza tragédia inevitável, aproveita os pontos de extremidade expostos do protocolo de desktop remoto (RDP) como … Ler mais

ShadowSilk Campaign Targets Central Asian Governments

Por
ShadowSilk Campaign Targets Central Asian Governments

A series of cyber-attacks against government organizations in Central Asia and the Asia-Pacific has been linked to a threat cluster known as ShadowSilk, according to new research by Group-IB. The activity, which began in 2023 and remains active as of July 2025,shows clear connections to operations previously attributed to the group YoroTrooper.What’s new now is … Ler mais