BleepingComputer reports that Amazon Web Services, Google, Microsoft Azure, Hadoop, and other big data platforms could be subjected to significant compromise through the exploitation of a maximum-severity remote code execution vulnerability impacting the widely used open-source columnar storage format Apache Parquet, tracked as CVE-2025-30065.
Sensitive data compromise could have been achieved through the exploitation of the recently patched Google Cloud Run privilege escalation flaw dubbed "ImageRunner," according to SecurityWeek.
Immediate patching has been urged by Cisco for a critical flaw impacting its Smart Licensing Utility, tracked as CVE-2024-20439, following the discovery of its attempted exploitation last month, reports BleepingComputer.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm over a series of high-risk vulnerabilities present in industrial control systems
Ongoing intrusions leveraging the critical static credential backdoor flaw impacting the Cisco Smart Licensing Utility, tracked as CVE-2024-20439, have prompted the bug's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerability catalog, with federal agencies urged to apply remediations by Apr. 21, Security Affairs reports.
Ivanti Connect Secure instances that remain vulnerable to the patched stack-based buffer overflow bug, tracked as CVE-2025-0282, were reported by the Cybersecurity and Infrastructure Security Agency to have been subjected to attacks spreading the nascent RESURGE malware, according to The Hacker News.
Threat actors have been launching intrusions leveraging a pair of old vulnerabilities impacting the Sitecore CMS and Experience Platform, as well as other security issues affecting the open-source JavaScript framework Next.js and DrayTek devices, according to The Hacker News.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
