Tag: informationsecurity

Week 24 – Critical vulnerability in Windows is fixed on Patch Tuesday

Week 24 – Critical vulnerability in Windows is fixed on Patch Tuesday

09 – 15 June 2025 After our last CVE of the Week post exploring a critical vulnerability in the open source landscape, we are back again in the Microsoft ecosystem, as it’s just past Patch Tuesday, which keeps on giving (and more importantly, fixing) weaknesses 

Week 23 – Critical flaw in Roundcube

Week 23 – Critical flaw in Roundcube

02 – 08 June 2025 Open-source enthusiast sysadmins might be familiar with Roundcube, one of the most popular webmail clients deployed, to be exact, Shodan currently lists over 160,000 publicly available instances. Unfortunately, it has now become the subject of our regular CVE of the 

Week 22 – High severity vulnerability affects Versa Concerto

26 May – 01 June 2025

Our new CVE of the Week is high severity vulnerability, CVE-2025-34027, has been identified and is making waves across the cybersecurity landscape.

It affects Versa Concerto, an orchestrator and interface to configure and monitor Versa OS devices in Secure SD-WAN and secure access service edge (SASE) deployments. The flaw affects widely used software and poses a serious risk of remote code execution (RCE) without authentication – making it a top priority.

It has the highest possible CVSS score of 10.

This vulnerability allows threat actors to exploit exposed systems over the network, potentially gaining full control. The attack surface is broad, and with proof-of-concept (PoC) exploits already circulating.

Affected systems are commonly used in enterprise environments.
Exploits are trivial to deploy once a target is found.
The impact can range from data theft to full infrastructure compromise.

  • Patch immediately if you are running affected versions: Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
  • Scan your network for vulnerable endpoints.
  • Monitor logs and traffic for signs of exploitation.

This is a wake-up call to stay vigilant, keep systems updated, and prioritize proactive vulnerability management. CVE-2025-34027 is not just another CVE — it’s a critical risk that requires immediate attention.

Let’s not wait for headlines. Secure your systems today!

You can find more information and details on the subject at the link below:
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce


White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Week 21 – Multiple high-severity vulnerabilities in VMware Cloud Foundation

19 – 15 May 2025 Multiple high-severity vulnerabilities were responsibly disclosed in VCF by Gustavo Bonito of the NATO Cyber Security Centre. From among these, our #CVEOfTheWeek is CVE-2025-41229. This is a Directory Traversal vulnerability, which might allow a malicious actor with network access to 

Week 20 – Critical elevation of privilege vulnerability in Azure DevOps

12 – 18 May 2025 A critical elevation of privilege vulnerability has been found in Azure DevOps, published on May 8, 2025, and updated with more details 2 days later on May 10, 2025. It has a CVSS score of 10.0! It’s not often that 

Week-19 – A critical security vulnerability in the OpenCTI Platform

05 – 11 May 2025

A critical security vulnerability has been identified in the OpenCTI Platform which is designed to structure, store, organize and visualize technical and non-technical information about cyber threats. This vulnerability, tracked as CVE-2025-24977 is our new CVEofTheWeek with an assigned CVSS score of 9.1. It could allow attackers to execute commands on the hosting infrastructure and access secrets.

The security weakness is found in OpenCTI’s web-hook functionality. As outlined in the advisory, this feature enables users to tailor messages transmitted through web-hooks. It operates using JavaScript, which users can input into a web-hook template field.

The primary concern is that a malicious user could exploit this mechanism to execute commands within the hosting environment where OpenCTI runs. Although a protective layer has been implemented to block external modules in JavaScript code used for web-hooks, these safeguards can still be circumvented.

Furthermore, OpenCTI’s container-based deployments poses a security risk, as attackers could exploit web-hook JavaScript to access sensitive environment variables. Successful exploitation could lead to a wide range of malicious activities, including data breaches, system compromise, and lateral movement within the affected network.

The affected version of OpenCTI Platform is 6.4.8 and the patched version, which resolves this vulnerability, is 6.4.11.

Users of the OpenCTI Platform are strongly advised to upgrade OpenCTI Platform instance to version 6.4.11 or later to mitigate the risk posed by CVE-2025-24977.

Recommended Action:

  • Upgrade to OpenCTI latest version
  • Review user permissions, especially for the ‘manage customizations’ capability, and restrict them to trusted individuals.
  • Audit webhook configurations to ensure they are not susceptible to misuse

Official advisory: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm


White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Week 18 – SAP NetWeaver’s Visual Composer component

Week 18 – SAP NetWeaver’s Visual Composer component

White Hat IT Security’s CVE Of The Week, CVE-2025-31324, is a critical zero-day vulnerability affecting SAP NetWeaver’s Visual Composer component

Cyber (In)Securities – Issue 128

Cyber (In)Securities – Issue 128

Information Security News 89% of Enterprise GenAI Usage Is Invisible to Organizations, Exposing Critical Security Risks The Hacker NewsA new report reveals that a staggering 89% of generative AI usage within enterprises remains undetected, exposing organisations to severe security risks. This covert AI activity can 

Week 9 – Palo Alto PAN-OS Authentication Bypass

Week 9 – Palo Alto PAN-OS Authentication Bypass

03-10 March 2025

Palo Alto PAN-OS authentication bypass exploited in the wild: CVE-2025-0108

This week’s #CVEofTheWeek is about an actively exploited critical Authentication Bypass vulnerability in Palo Alto PAN-OS. PAN-OS is the software that runs all Palo Alto Networks Next-Generation Firewalls (NGFW). The high-level properties of this CVE are very familiar to last year’s CVE-2024-0012.

The vulnerability was found and reported by Adam Kues from the Assetnote Security Research Team, who also published a detailed blog post about the vulnerability after the patch was released for the product.

Palo Alto Networks released a security bulletin on February 12 about the vulnerability as “CVE-2024-0108 PAN-OS”, where they published the warning and listed the affected versions and fixes.

The CVE was added to CISA’s Known Exploited Vulnerabilities Catalog on the 18th of February.

This issue is categorized as Missing Authentication for Critical Function (CWE-306) – The CVSSv3 base score is 9.1 Critical.

It impacts various versions of PAN-OS 10.1, 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. On 11.2, the first fixed version is 11.2.4-h4, on 11.1 they are 11.1.2-h18 and 11.1.6-h1. For details about the other main versions’ status, please see the compatibility matrix in the Security Bulletin. Cloud NGFW and Prisma Access are not affected.

This vulnerability enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit additional vulnerabilities such as CVE-2024-9474 or CVE-2025-0111.

CVE-2024-9474 is a privilege escalation vulnerability in the web management interface of PAN-OS devices, also mentioned in this Advisory as observed attempts in the wild chained this exploit. An authenticated, remote attacker could exploit this vulnerability to gain root privileges on the firewall.

CVE-2025-0111 is an authenticated file read vulnerability in the Management Web Interface, which enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

The risk of these issues is greatly reduced if the management web interface access is restricted only to trusted internal IP addresses.

Security Researchers urge customers using vulnerable versions to upgrade as soon as possible, because according to the Security Advisory, this flaw was already exploited in the wild.

Details about the issue, the list of affected versions and additional information are available in the released bulletin:

https://security.paloaltonetworks.com/CVE-2025-0108

Link to the researcher’s write-up at Assetnote Security:

https://www.assetnote.io/resources/research/nginx-apache-path-confusion-to-auth-bypass-in-pan-os

For more information about the vulnerability, please visit NVD’s site:

https://nvd.nist.gov/vuln/detail/CVE-2025-0108

https://www.tenable.com/cve/CVE-2025-0108

State of (Cyber)War Ep. 8.2 – Military Cryptology, Part II

State of (Cyber)War Ep. 8.2 – Military Cryptology, Part II

Hugo Tarrida and John Salomon talk about the history of military encryption, from the Cold War until today, part of CyAN’s State of (Cyber)War podcast series.