Top 20 Cybersecurity International News

Here's a summary of top cybersecurity news:

1. Over 400 IPs Exploiting Multiple SSRF Vulnerabilities: A coordinated surge in exploitation of Server-Side Request Forgery (SSRF) vulnerabilities across multiple platforms has been observed. At least 400 IPs are actively exploiting multiple CVEs simultaneously.
   Source: thehackernews.com
2. Microsoft Patches Actively Exploited Zero-Days: Microsoft released security updates to address 57 security vulnerabilities, including six zero-days actively exploited in the wild.
   Source: thehackernews.com
3. Apple Patches WebKit Zero-Day Vulnerability: Apple released a security update for a zero-day flaw in WebKit that has been exploited in targeted attacks.
   Source: thehackernews.com
4. Blind Eagle Hacks Colombian Institutions: The threat actor Blind Eagle has been targeting Colombian institutions and government entities since November 2024 using NTLM flaws and RATs.
   Source: thehackernews.com
5. Ballista Botnet Exploits TP-Link Vulnerability: Unpatched TP-Link Archer routers are being targeted by the Ballista botnet, which exploits a remote code execution (RCE) vulnerability (CVE-2023-1389).
   Source: thehackernews.com
6. SideWinder APT Targets Multiple Sectors: The SideWinder APT group is targeting maritime, nuclear, and IT sectors across Asia, the Middle East, and Africa.
   Source: thehackernews.com
7. Moxa Fixes Authentication Bypass Vulnerability: Moxa has released a security update to address a critical authentication bypass vulnerability in its PT switches (CVE-2024-12297).
   Source: thehackernews.com
8. CISA Adds Exploited Vulnerabilities to KEV List: CISA added five security flaws impacting Advantive VeraCore and Ivanti EPM to its Known Exploited Vulnerabilities (KEV) catalog.
   Source: thehackernews.com
9. Polymorphic Attack Clones Browser Extensions: Researchers exposed a new technique where malicious browser extensions clone legitimate ones to steal credentials.
   Source: thehackernews.com
10. KerioControl Firewall Vulnerability Exposes Systems: A severe vulnerability (CVE-2024-52875) in GFI KerioControl firewalls allows remote code execution (RCE).
    Source: cybersecuritynews.com
11. SonicWall Firewalls Exploited: Attackers are exploiting a flaw (CVE-2024-53704) in SonicWall firewalls to hijack SSL VPN sessions.
    Source: cybersecuritynews.com
12. Hackers Use Social Engineering to Exploit PowerShell: North Korean hacking group Emerald Sleet is tricking victims into running PowerShell commands.
    Source: cybersecuritynews.com
13. zkLend DeFi Hack: The Ethereum-based DeFi protocol zkLend suffered a major breach, with $8.5 million stolen.
    Source: cybersecuritynews.com
14. PAN-OS Authentication Bypass Exploited: Palo Alto Networks patched a high-severity authentication bypass vulnerability (CVE-2025-0108) in PAN-OS software.
    Source: cybersecuritynews.com
15. Salt Typhoon Hackers Exploit Cisco Devices: The Chinese state-sponsored group Salt Typhoon exploited over 1,000 unpatched Cisco devices.
    Source: cybersecuritynews.com
16. Microsoft SharePoint Connector Vulnerability: A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users.
    Source: cybersecuritynews.com
17. Apple Zero-Day Vulnerability: Apple released iOS and iPadOS 18.3.1 to address a zero-day vulnerability targeting USB Restricted Mode (CVE-2025-24200).
    Source: cybersecuritynews.com
18. Ivanti CSA RCE Vulnerability: Ivanti patched a command injection vulnerability in its Cloud Services Appliance (CSA) (CVE-2024-47908).
    Source: cybersecuritynews.com
19. OpenSSL MitM Vulnerability: A high-severity flaw in OpenSSL versions 3.2–3.4 could enable man-in-the-middle attacks (CVE-2024-12797).
    Source: cybersecuritynews.com
20. Chrome Use-After-Free Vulnerability: Google released an urgent Chrome update addressing vulnerabilities, including a use-after-free flaw in the V8 JavaScript engine (CVE-2025-0995).
    Source: cybersecuritynews.com