Aggregator

Security Week 2025 has officially come to a close. Our updates for the week included a deep dive on our AI offering, a unified navigation experience, and an introduction to our AI Agent Cloudy.

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. This vulnerability is handled as CVE-2025-2732. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. This vulnerability is known as CVE-2025-2731. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-2730. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The identification of this vulnerability is CVE-2025-2729. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. This vulnerability was named CVE-2025-2728. The attack can be initiated remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-2727. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. This vulnerability is handled as CVE-2025-2726. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. This vulnerability is known as CVE-2025-2725. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #520426 / VDB-300753

特朗普政府的行为降低了全世界对美国科技公司及其产品的信任度，促使越来越多的人寻找替代产品和服务，尤其是来自欧洲的替代。European Alternatives 就是一家介绍欧洲替代数字服务和产品的网站。统计数据显示，该网站至今吸引了约 200 万访客，而今年前三个月的访客人数多达 130 万，2025 年流量激增了 1100%。绝大部分人是直接访问 European Alternatives，还有 31.1 万访客是通过网友在论坛 Reddit 上的讨论过来的，Google 搜索只有 19.3 万为第三大流量来源。访问者平均在网站上停留了 2 分 47 秒，访问最多的类别是电子邮件提供商、搜索引擎、云计算平台、导航应用和网络分析服务。大部分访客来自欧洲，德国人数最多、其次是荷兰、法国和美国（10.2 万）。访客使用的浏览器是 Chrome（38.9%）、Firefox（25.7%）、Safari（22.2%） 、Microsoft Edge（5%）。

Customer success is Akamai?s priority ? and our many industry awards highlight how we've empowered our partners to thrive. See what we have planned for 2025.

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to make the shift from vulnerability management to exposure management. In this blog, Tenable Senior Staff Information Security Engineer Arnie Cabral, who is leading the company's internal exposure management journey, shares his experiences. You can read the entire Exposure Management Academy series here.  

In my role as an information security engineer at Tenable, I am directly involved in transitioning our own security infrastructure from traditional vulnerability management to a more proactive exposure management approach. The first steps required strategic planning, policy realignment and resource allocation.

The need to move beyond simply identifying vulnerabilities drove Tenable’s transition. We needed to focus on managing real-world exposures that pose significant risk to our security posture.

The starting point: Recognizing the need for change

They say a journey of a thousand miles begins with a single step. At Tenable, our shift to exposure management in our internal infrastructure began with a simple realization. We knew that, although it is critical to modern cybersecurity, vulnerability management alone doesn’t provide a complete picture of cyber risk. 

Traditional vulnerability management typically involves scanning assets for known vulnerabilities and remediating them based on severity scores. However, true security risk management requires a broader view that includes misconfigurations, attack surface visibility and real-time threat intelligence.

To start our move to cyber exposure management, we reframed our existing policies to align with the new approach. This was not just a simple editing exercise, although there was some carry-over from the current policies. 

Instead, we redefined our objectives and transformed our policies to ensure alignment with emerging risk-based exposure management frameworks.

Establishing a policy framework

With our new exposure management policy in place, we created a foundation to ensure our security teams have clear guidelines on how to assess, prioritize and remediate exposures beyond just addressing common vulnerabilities and exposures (CVEs).

As we completed the policy, we understood the new approach would need to incorporate:

• A broader vulnerability assessment of risk, beyond the Common Vulnerability Scoring System (CVSS) scores
• Vulnerability prioritization frameworks that account for asset criticality, attack paths and real-world exploitability
• The integration of multiple security tools to gain comprehensive visibility for more actionable attack surface management
• Alignment with a broader set of stakeholders to match the expanded scope of assets and detections

Building a project plan

Alongside the policy we developed, our team drafted a project plan to operationalize security exposure management. This plan included:

• Identifying gaps between the existing risk-based vulnerability management program and the desired state of the exposure management program
• Mapping inputs (i.e., the sources of vulnerability and exposure data) and outputs (i.e., the teams responsible for remediation)
• Defining key milestones and deliverables
• Assigning responsibilities and estimating resource needs

Smaller organizations could manage this process with common tools like spreadsheets. But larger enterprises, like ours, usually turn to platforms like Jira and Confluence to help the process. Of course, no plan would be complete without Gantt charts that provide a visual understanding of the project structure and timeline. 

My advice is to use tools that help you reach your goals without adding unnecessary process overhead. For example, a platform that integrates data from multiple siloed security tools from multiple vendors gives you a continuous and complete view of your environment and an accurate risk profile. 

Addressing operational challenges

One of the key challenges in this transition was the complexity of security operations. Traditional vulnerability management mostly relies on vulnerability scanning assets with Nessus scanners and agents, but the move to exposure management required incorporating other elements, including:

• Cloud environments and ephemeral assets
• Configuration management across various asset types (i.e., SaaS, PaaS, IaaS and hardware) as well as identity exposure risks
• Application security and software development lifecycle (SDLC) vulnerabilities

Third-party security risks

Our teams had to ensure remediation workflows could handle this broader scope while maintaining efficiency. This led to discussions about automation and orchestration — essentially, we wanted to understand how we could centralize the triage and response process without overloading security teams.

How to implement an exposure management program

If your organization is embarking on, or considering starting, your own exposure management journey, here are exposure management best practices and key takeaways from Tenable’s experience:

• Don’t neglect traditional vulnerability management: Continuous threat exposure management expands the scope but does not replace foundational vulnerability management practices. CVE-based remediation remains a critical component.
• Start with policy and governance: Establish a clear exposure management policy to provide structure, establish service level agreements (SLAs) and ensure accountability. 
• Align teams: Organize teams and resources to ensure they’re working in support of your exposure management policy.
• Prioritize based on real-world risk: Not all vulnerabilities pose immediate threats. Focus on threat exposures that present actual risk based on attack feasibility.
• Optimize workflows for scale: Exposure management introduces a higher volume of security issues. Automation and orchestration are essential.
• Expect a continuous evolution: Exposure management is not a one-time project but an ongoing program that adapts to new threat detection and business changes.

Takeaways

The transition from vulnerability management to exposure management is a necessary evolution in cybersecurity strategy. 

As attack surfaces expand and threats become more sophisticated, your organization needs to adopt a more holistic approach to cyber risk reduction. Although the journey can be complex and resource-intensive, the benefits — increased visibility, better risk prioritization and improved security outcomes — make it a worthwhile investment. I’m excited about what lies ahead and look forward to sharing more about our journey.

This is a news item roundup of privacy or privacy-related news items for 16 MAR 2025 - 22 MAR 2025. Information and summaries provided here are as-is for warranty purposes.

Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed.

Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories.

TABLE OF CONTENTS

• Privacy Tip of the Week
• Surveillance Tech in the News
• Privacy Tools and Services
• • Privacy Tools
  • Privacy Services
• Vulnerabilities and Malware
• • Vulnerabilities
  • Malware
• Phishing and Scams
• • Phishing
• Service Providers' Privacy Practices
• Legislation/Regulations/Lawsuits
• • Legislation and Regulation
• Data Breaches and Leaks
• • Data breaches
  • Data leaks

Privacy Tip of the Week

You should at least enable MFA on important/sensitive accounts. While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts.

Surveillance Tech in the News

This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy.

Android Apps Use Bluetooth and WiFi Scanning to Track Users Without GPS

Cyber Insider

Researchers found that 86% of apps they analyzed collect sensitive data, including location data stemming from scanning Wi-Fi network details, and collecting device identifiers. These apps also frequently use Bluetooth data to gather location information and proximity to nearby devices.

This data collection is primarily facilitated by software development kits, which developers may include in apps to bring features without coding things from the ground up - however, they may even be unaware of the privacy implications for their app users.

Judge stops Musk's team from 'unbridled access' to Social Security private data

Reuters

As DOGE continues to push for more access to various systems containing sensitive information of Americans' a judge orders the Social Security Administration to stop sharing data with "DOGE affiliates". Allegedly (and in line with prior reporting), DOGE accessed sensitive SSA data without proper vetting -- similar to when they gained access to US Treasury payment data, which also contains sensitive information of millions of Americans.

Researchers name several countries as potential Paragon spyware customers

TechCrunch

The Citizen Lab, a group of academics and security researchers, recently published a report indicating the governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are "likely" customers of Israeli spyware maker Paragon Solutions.

Privacy Tools and Services

Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com

Privacy Tools

Bitwarden enables biometric unlock on Linux

Bitwarden

Installing Bitwarden through Snapcraft on Linux can use biometrics to unlock the desktop application.

Privacy Services

Cape opens $99/month beta of its privacy-first mobile plan, inks Proton deal, raises $30M

TechCrunch

I usually don't include beta software on in this series (or really on avoidthehack) or early-stage startups because things in those early-stages go through such turbulence... but given the Salt Typhoon breach and the apparent lackluster security practices and culture at just about every American telecommunications company, this was too interesting to ignore.

Cape is a mobile carrier startup claiming to provide a more secure and private service alternative to traditional telecommunications services. They also have appeared to partner with Proton...

Vulnerabilities and Malware

Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.

This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.

Vulnerabilities

Apple’s Passwords app was vulnerable to phishing attacks for nearly three months after launch

9to5Mac

Mysk security researchers first discovered this vulnerability after noticing the Passwords app had connected to 130 different domains over regular (unencrypted) HTTP. Specifically, it was fetching account icons and defaulted to opening password reset pages over HTTP.

This vulnerability was patched by Apple in December 2024, but they only disclosed it recently.

Cybercriminals Exploit CheckPoint Antivirus Driver in Malicious Campaign

Infosecurity Magazine

Threat actors are leveraging a "bring your own vulnerable driver" (BYOVD) attack to bypass Windows security measures. Once bypassed, threat actors had high-level access and could view information such as user passwords and other stored credentials.

Microsoft isn't fixing 8-year-old shortcut exploit abused for spying

The Register

Nation-state backed threat actors (which includes North Korea, Iran, Russia, and China) have been abusing Windows shortcut files LNK for many years. These threat actors go to lengths to bury the actual commands used in malicious .LNK files which download malware onto the machine.

According to Microsoft, despite this observed trend, it doesn't intend to release a security fix -- but could do so in the future.

Malware

AMOS and Lumma stealers actively spread to Reddit users

MalwareBytes

Reddit posts (directly on reddit.com) by threat actors on subreddits frequented by cryptocurrency traders link to information stealing malware.

New Arcane infostealer infects YouTube, Discord users via game cheats

Bleeping Computer

A campaign spreading information stealer Arcane primarily uses video game cheats as a lure; specifically, the campaign uses YouTube videos promoting game cheats and cracks to trick users into downloading a password-protected archive containing a malware loader script. Once executed, the script fetches the information stealing malware.

The Kaspersky researchers noted the this "Arcane" information stealer has no known links or overlapping code with Arcane Stealer V. Additionally, Arcane steals a wide range of user data, including VPN account credentials, gaming client information, messaging apps, and information stored in various web browsers.

300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads

SecurityWeek

Vapor campaign included over 180 malicious apps on Google Play posing as utility, health and fitness, and lifestyle apps designed to deploy "endless, intrusive full-screen interstitial video ads." Apps in the Vapor campaign bypassed the recent protections introduced in the latest...

The post Privacy Roundup: Week 12 of Year 2025 appeared first on Security Boulevard.

Today we're announcing our latest contribution to Node.js, now available in v23.8.0: URLPattern.

Submit #520499 / VDB-300752

Submit #520497 / VDB-300751

Submit #520495 / VDB-300750

Submit #520494 / VDB-300749

Submit #520462 / VDB-300748