Security researchers have identified a significant campaign exploiting compromised IAM credentials to conduct large-scale cryptocurrency mining operations across AWS environments. Attackers gain access through credential compromise, then abuse cloud resources for illicit crypto mining, resulting in substantial financial losses and infrastructure degradation.
FreePBX has released security patches addressing four critical vulnerabilities that could allow attackers to execute arbitrary code on affected systems. These flaws include SQL injection attacks, arbitrary file upload capabilities, and authentication type bypass mechanisms. The vulnerabilities span multiple components and require immediate attention from organizations running FreePBX deployments.
Threat actors are actively exploiting hard-coded cryptographic keys in Gladinet to bypass authentication controls and achieve unauthorized access and code execution capabilities. Two critical vulnerabilities, CVE-2025-11371 and CVE-2025-30406, have been identified as primary attack vectors affecting healthcare and technology sectors.
Security researchers have uncovered ConsentFix, a sophisticated phishing attack targeting Azure CLI users. This supply chain attack leverages compromised development tools to gain access to enterprise networks. Understanding the attack vectors and implementing proper vetting procedures is critical for organizations relying on third-party tools like the Azure CLI.
Page 44 of 47