Vulnerability

Mattermost Critical Vulnerability Summary A default configuration in Mattermost, an open source collaboration platform used by enterprises and government agencies, exposes deployments to critical Account Takeover risk. The vulnerability, identified as CVE-2025-12421, allows an attacker, via a single request, to hijack any user account on the system. Technical Details of CVE-2025-12421 The flaw lies in Mattermost’s authentication flow, specifically its handling of switching between different authentication methods (such as email/password to OAuth). The problem is in the /users/login/sso/code-exchange endpoint. ...

Critical Bug Discovery in Fluent Bit Cybersecurity researchers have discovered a set of critical vulnerabilities affecting Fluent Bit, a widely used telemetry agent with more than 15 billion deployments. These flaws highlight weaknesses in essential components that organizations use to move logs, metrics and traces across banking, cloud and software-as-a-service (SaaS) platforms. According to an advisory from Oligo Security, the flexibility of Fluent Bit can become a significant risk if data sanitization fails. The problems identified lie in input handling, label processing and output management. ...

New research from CrowdStrike has revealed that the artificial intelligence (AI) reasoning model DeepSeek-R1 produces a significantly higher number of security vulnerabilities in response to requests containing topics considered politically sensitive by China. The study, which assessed the impact of geopolitical biases on the quality of AI-generated code, found that the likelihood of DeepSeek-R1 generating code with serious vulnerabilities increases by up to 50% when including “topics that the Chinese Communist Party (CCP) is likely to consider politically sensitive.” ...

Potentially Historic Massive Data Leak Austrian researchers have revealed a mass enumeration vulnerability in WhatsApp that allowed the extraction of 3.5 billion user phone numbers. This finding highlights a security flaw in the app’s “contact discovery” feature, which, lacking strict rate limiting, allowed researchers to scrape a large portion of WhatsApp’s user base. The method exploited by the researchers is based on how WhatsApp makes it easy to add contacts: when you enter a phone number, the platform instantly checks whether that number is registered and often displays the profile photo and associated name. By repeating this process billions of times using the browser-based WhatsApp app, researchers were able to collect phone numbers of almost all WhatsApp users in the world. ...

A newly disclosed security vulnerability affecting 7-Zip is being actively exploited in practice, according to an advisory issued by the United Kingdom’s NHS England Digital. The vulnerability allows remote attackers to execute arbitrary code on affected systems. Vulnerability Details (CVE-2025-11001) The primary vulnerability, identified as CVE-2025-11001 (with a CVSS score of 7.0), lies in the handling of symbolic links within ZIP files. Exploitation Mechanism: Attackers can create crafted data within a ZIP archive that forces the decompression process to traverse unwanted directories. Impact: Allows remote code execution (RCE) in the context of the affected user or service account. Discovery: The flaw was discovered and reported by Ryota Shiga of GMO Flatt Security Inc., with the help of the AI-powered AppSec Auditor Takumi audit tool. Related Vulnerability (CVE-2025-11002) The 7-Zip version 25.00 update also addresses another similar flaw, CVE-2025-11002 (CVSS score of 7.0). This vulnerability also exploits improper handling of symbolic links in ZIP files to achieve directory traversal and RCE. Both flaws were introduced in 7-Zip version 21.02. ...

A newly discovered cyberattack campaign, dubbed Operation WrtHug, has compromised tens of thousands of ASUS routers that are end-of-life (EoL) or outdated. The operation has recruited these devices into a vast network of botnets. Over the past six months, SecurityScorecard’s STRIKE team identified more than 50,000 unique IP addresses of compromised devices globally. The most affected regions include Taiwan, the United States and Russia, although infections have also been reported in Southeast Asia and European countries. ...