Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions […]

CISA BlueHammer (CVE-2026-33825)

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the descriptions for these flaws:

  • CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
  • CVE-2025-4428 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
  • CVE-2024-11182 (CVSS score: 5.3) MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability. A remote attacker can trigger the flaw by sending an HTML e-mail message with JavaScript in an img tag. This could allow the attacker to load arbitrary JavaScript code in the context of a webmail user’s browser window.
  • CVE-2025-27920 (CVSS score: 7.2) Srimax Output Messenger Directory Traversal Vulnerability that allows attackers to access files outside the intended directory using ../ sequences.
  • CVE-2024-27443 (CVSS score: 6.1) Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability. The issue is due to improper input validation. An attacker can use crafted email with a malicious calendar header to trigger JavaScript execution when viewed in the classic webmail interface, risking session hijacking or other attacks.
  • CVE-2023-38950 ZKTeco BioTime Path Traversal Vulnerability. An unauthenticated attacker can exploit the flaw to read arbitrary files via supplying a crafted payload.

In mid-May, Ivanti released security updates to address vulnerabilities CVE-2025-4427 and CVE-2025-4428, in Endpoint Manager Mobile (EPMM) software. The company confirmed that threat actors have chained the flaws in limited attacks to gain remote code execution.

Below is their description:

  • CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass in Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials. 
  • CVE-2025-4428 (CVSS score: 7.2) – A remote code execution vulnerability in Endpoint Manager Mobile allowing attackers to execute arbitrary code on the target system. 

CERT-EU reported both vulnerabilities to the software firm. The company confirmed that threat actors could chain the two vulnerabilities to achieve remote code execution without authentication.

The vulnerabilities have been addressed with versions 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1.  

The vulnerabilities affect two unnamed open-source libraries used in EPMM, the company pointed out that they don’t reside in their code. The company is still investigating the attacks, however, it does not have “reliable atomic indicators” at the time of this writing.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by June 9, 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)