Coordinated cyberattacks target two years old Zyxel firewall flaw

A coordinated global cyberattack campaign on June 16, 2025, involved 244 unique IP addresses exploiting a critical command injection vulnerability (CVE-2023-28771) in Zyxel firewall and VPN devices that allows unauthenticated remote code execution via a single malicious packet to UDP port 500. Even though patches are available for over two years since the vulnerability's original disclosure in April 2023, organizations worldwide remain vulnerable.

**If you still haven't patched your ZyXel firewall, and it's exposed on UDP port 500 to the internet, time to act NOW! Isolate the UDP port 500 from the internet, and start patching your firewalls. And check for any indicators of compromise, if possible even do a factory reset and load a trusted configuration.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/coordinated-cyberattacks-target-two-years-old-zyxel-firewall-flaw-1-b-6-0-7/gD2P6Ple2L

Another flaw in ASUS Armoury Crate mainboard update system enables System-level privilege escalation

ASUS has patched a high-severity authorization bypass vulnerability (CVE-2025-3464) in its Armoury Crate system management software that allows attackers with existing system access to manipulate hard links and bypass driver security controls, potentially gaining complete operating system compromise through extensive low-level privileges.

**If you are running an ASUS mainboard on your computer, update the Armory Crate software. The exploit chain is complicated, but hackers have found a way to abuse it before, so they will find a way to abuse it again.**
#cybersecurity #infosec #advisory #ransomware
https://beyondmachines.net/event_details/another-flaw-in-asus-armoury-crate-mainboard-update-system-enables-system-level-privilege-escalation-i-6-s-j-9/gD2P6Ple2L

@ilsk 👌

@patrickcmiller Here's a crazy idea: Turn off the all the servers running AI slop. More available energy and water. Less excess heat.

@wcbdata as we affectionally call it, the bubble

Some people will understand

@wcbdata also known as a...

Virginia Radford School District hit by cyberattack

Radford City Public Schools in Virginia experienced a cybersecurity incident that disrupted parts of their computer network and internal systems. The district has not disclosed details about the nature of the attack or any data exposure. The timing during summer break when schools are closed minimized operational impact.

****
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/virginia-radford-school-district-hit-by-cyberattack-4-6-v-3-7/gD2P6Ple2L

Four images, one answer.
Can you solve it?

@CauseOfBSOD Iterative improvement.

State of (in)security - Week 24, 2025

During the week of June 9-16, 2025, there were 31 total cybersecurity events (10 vulnerabilities and 21 incidents/breaches) affecting over 3.3 million individuals. Malware and ransomware attacks are the primary cause (9 incidents) and IT, government, healthcare, and insurance sectors being most heavily targeted.

**Attackers are hiding malicious AI commands in messages to people, hoping people will use AI to parse messages. Read your messages! Before an AI does that! Be very careful about messages with content that looks like AI prompt instructions to do something which makes little sense to you. If not needed, fully delete such messages and content and report it to your admins so it's possibly not loaded into the AI.**
#cybersecurity #infosec #knowledge #weeklyreport
https://beyondmachines.net/event_details/state-of-in-security-week-24-2025-7-g-s-e-6/gD2P6Ple2L

@CauseOfBSOD why not path:/(^|\/)\.env$/ /^.*KEY=0x[0-9a-fA-F]{64}$/

World Leaks gang claims cyberattack and are extorting Freedman HealthCare

Massachusetts-based health data management company Freedman HealthCare was hit by a data theft and extortion attack by the World Leaks cybercriminal group, who claim to have stolen 52.4 GB of sensitive data including healthcare claims, insurance information, and protected health information with a threat to release it by June 17th. The breach could potentially expose financial and health data of millions of Americans given Freedman's partnerships with dozens of US state health departments.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/freedman-healthcare-reports-cyberattack-data-extortion-z-t-u-9-g/gD2P6Ple2L

Mitel reports critical path traversal flaw in Mitel MiCollab

Mitel has disclosed a critical path traversal vulnerability (CVE-2025-23092) in its MiCollab platform that allows remote, unauthenticated attackers to access provisioning information and perform unauthorized administrative actions. This flaw bypasses a previous security patch and similar vulnerabilities have already been exploited in the wild.

**If you have Mitel MiCollab systems running version 9.8 SP2 or earlier, immediately upgrade to version 9.8 SP3 or apply the available patch to fix CVE-2025-23092. Hackers love the Mitel platform since it's a messaging platform exposed to the world by it's very design. Don't ignore this one.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mitel-reports-critical-path-traversal-flaw-in-mitel-micollab-4-b-6-t-c/gD2P6Ple2L

@oneiros @kae_bytheocean seemed like a great idea at development debug time 🤷

@leckse We are beyond UX. We are in the realm of HX (Hacker eXperience)

Car-sharing Zoomcar reports data breach exposing 8.4 M users

Zoomcar Holdings, an Indian car-sharing marketplace, reports a data breach affecting 8.4 million users that was discovered on June 9, 2025, when employees received communications from a threat actor. The breach exposed personal information including names, phone numbers, addresses, and car registration data. This marks the second major breach for the company, following a 2018 incident that compromised 3.6 million customer records.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/car-sharing-zoomcar-reports-data-breach-exposing-8-4-m-users-z-r-o-u-n/gD2P6Ple2L

@Datterich @nixCraft so it must be good

@inthehands @adamshostack @rk Damn, this is so scary. And I need to think about it

@rk @adamshostack @inthehands Whatever AI generates is something they have been trained on.