Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems.
The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability.
“A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems,” the company said in an advisory.
The networking equipment maker, which credited Kentaro Kawane of GMO Cybersecurity for reporting the flaw, noted it’s aware of the existence of a proof-of-concept (PoC) exploit. There is no evidence that it has been maliciously exploited in the wild.
Source: The hacker news / Bleeping computer / Dark reading / Securityweek / CISCO security advisory
Link: https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html
Link: https://www.securityweek.com/cisco-patches-critical-ise-vulnerability-with-public-poc/
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads
Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems.
According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments.
“Chaos RAT is an open-source RAT written in Golang, offering cross-platform support for both Windows and Linux systems,” security researchers Santiago Pontiroli, Gabor Molnar, and Kirill Antonenko said in a report shared with The Hacker News.
“Inspired by popular frameworks such as Cobalt Strike and Sliver, Chaos RAT provides an administrative panel where users can build payloads, establish sessions, and control compromised machines.”
While work on the “remote administration tool” started way back in 2017, it did not attract attention until December 2022, when it was put to use in a malicious campaign targeting public-facing web applications hosted on Linux systems with the XMRig cryptocurrency miner.
Source: The hacker news
Link: https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.
The high-severity flaw is being tracked as CVE-2025-5419 (CVSS score: 8.8), and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.
“Out-of-bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” reads the description of the bug on the NIST’s National Vulnerability Database (NVD).
Google credited Clement Lecigne and Benoît Sevens of Google Threat Analysis Group (TAG) with discovering and reporting the flaw on May 27, 2025. It also noted that the issue was addressed the next day by pushing out a configuration change to the Stable version of the browser across all platforms.
Source: The hacker news / Securityweek
Link: https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.html
Link: https://www.securityweek.com/google-researchers-find-new-chrome-zero-day/
Critical Fortinet flaws now exploited in Qilin ransomware attacks
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely.
Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over 310 victims on its dark web leak site.
Its victim list also includes high-profile organizations, such as automotive giant Yangfeng, publishing giant Lee Enterprises, Australia’s Court Services Victoria, and pathology services provider Synnovis. The Synnovis incident impacted several major NHS hospitals in London, which forced them to cancel hundreds of appointments and operations.
Threat intelligence company PRODAFT, which spotted these new and partially automated Qilin ransomware attacks targeting several Fortinet flaws, also revealed that the threat actors are currently focusing on organizations from Spanish-speaking countries, but they expect the campaign to expand worldwide.
Source: Bleeping computer
Hewlett Packard Enterprise warns of critical StoreOnce auth bypass
Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution.
Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093, three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue.
The flaws impact all versions of the HPE StoreOnce Software before v4.3.11, which is now the recommended upgrade version.
Here’s the complete list of the eight vulnerabilities HPE fixed in version 4.3.11:
- CVE-2025-37089 – Remote Code Execution
- CVE-2025-37090 – Server-Side Request Forgery
- CVE-2025-37091 – Remote Code Execution
- CVE-2025-37092 – Remote Code Execution
- CVE-2025-37093 – Authentication Bypass
- CVE-2025-37094 – Directory Traversal Arbitrary File Deletion
- CVE-2025-37095 – Directory Traversal Information Disclosure
- CVE-2025-37096 – Remote Code Execution
Not many details were disclosed about the flaws this time.
However, Zero Day Initiative (ZDI), which discovered them, mentions that CVE-2025-37093 exists within the implementation of the machineAccountCheck method, resulting from improper implementation of an authentication algorithm.
Source: Bleeping computer / Securityweek / HP support center
Link: https://www.securityweek.com/hpe-patches-critical-vulnerability-in-storeonce/
Link: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US
MITRE Publishes Post-Quantum Cryptography Migration Roadmap
The MITRE-founded Post-Quantum Cryptography Coalition (PQCC) this week published fresh guidance for organizations looking to ready themselves to transition to quantum-safe cryptography.
Advancements in the development of advanced quantum computing represent threats to the systems currently ensuring authenticity and securing communications and sensitive data, making the migration to post-quantum cryptography (PQC) a necessity, PQCC says.
Intended for CIOs and CISOs, the coalition’s PQC migration roadmap (PDF) provides an overview of four key stages of the migration process, namely preparation, baseline understanding, planning and execution, and monitoring and evaluation.
For each organization, transitioning to PQC requires outlining migration aims, understanding data inventories and prioritizing updates, acquiring/developing post-quantum solutions and implementing them, and building measures to track the migration process and assess security as quantum capabilities evolve. The migration process, however, differs.
“How an organization applies this roadmap depends on the shelf-life and volume of its critical data, the amount of available information about its assets, its budget for potentially significant software and hardware updates, and numerous other influencing factors,” the document reads.
Cryptographically-relevant quantum computers capable of breaking the current cryptographic security may still be decades away, but organizations should begin the transition process now, to mitigate the threat of data being stolen now and decrypted later, PQCC says.
“This roadmap empowers CIOs (chief information officers) and CISOs (chief information security officers) to act decisively, taking proactive steps to protect sensitive data now and in the future,” MITRE vice president Wen Masters commented.
PQCC’s guidance comes out two years after the US government released a set of quantum readiness recommendations and one year after NIST’s post-quantum cryptography standards were published.
Source: Securityweek
Link: https://www.securityweek.com/mitre-publishes-post-quantum-cryptography-migration-roadmap/