Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week CrushFTP warned of a zero-day, tracked as CVE-2025-54309 (CVSS score of 9.0), […]

CISA BlueHammer (CVE-2026-33825)

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the descriptions for these flaws:

  • CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability
  • CVE-2025-6558 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
  • CVE-2025-2776 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
  • CVE-2025-2775 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

This week CrushFTP warned of a zero-day, tracked as CVE-2025-54309 (CVSS score of 9.0), that has been exploited since July 18 via HTTPS. The flaw in the managed file transfer software CrushFTP allows attackers to gain administrative privileges on vulnerable servers via HTTPS. The attackers reversed older code to exploit a bug that had been patched in versions released before July 1.

Last week, Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group reported the vulnerability on June 23, 2025. Google’s TAG team investigates attacks by nation-state actors and commercial spyware vendors. One of these threat actors likely exploited the issue in the wild.

Three critical flaws (CVEs 2025-2775, CVEs 2025-2776, CVEs 2025-2777) in SysAid’s on-prem software could let attackers take over admin accounts or read server files via unsafe XML input. When chained with a previous bug (CVE-2024-36394), they may even enable remote code execution. SysAid fixed the issues in version 24.4.60 build 16 (March 2025).

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by August 12, 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)