Cloud computing and virtualization software vendor Citrix recently released patches to fix multiple security vulnerabilities, including critical and high-severity issues, in its flagship NetScaler product line.  The company noted that the most severe of these issues is CVE-2024-6235, an improper authorization bug that could allow attackers to access sensitive information.  Citrix also fixed CVE-2024-6236, a buffer overflow bug in NetScaler Console, Agent, and SVM products that could be exploited to cause a denial-of-service (DoS) condition.

Alexander Sherbrooke, a first-year computer science and engineering student at UC Santa Cruz, explored the security of an Internet-connected laundry machine. With his computer, he was able to use the machine's public-facing Application Programming Interface (API) to run a script that told the laundry machine to start a load without paying the $1 fee. He informed Slug Security, a hacking and cybersecurity club for students, about the laundry machine's interface vulnerability.

Researchers have found that clickable website links often lead to malicious destinations. Millions of "hijackable hyperlinks" have been found across the web, including on trusted websites. At the 2024 Web Conference, their paper showed that web cybersecurity threats can be exploited much more widely than previously thought. They found hijackable hyperlinks on websites belonging to large organizations, religious organizations, financial companies, and governments. These websites' hyperlinks can be hijacked without warning.

The critical "BlastRADIUS" vulnerability in the RADIUS protocol exposes most networking equipment to Man-in-the-Middle (MitM) attacks. The vulnerability is hard to exploit, but an exploit could have serious consequences. BlastRADIUS lets attackers exploit certain RADIUS packets. The RADIUS protocol enables certain Access-Request messages to have no integrity or authentication checks. Therefore, an attacker can modify these packets without being detected. They could force any user to authenticate and give authorization to that user.

According to the antivirus provider Avast, law enforcement organizations have been sharing decryptor keys with victims of the "DoNex" ransomware since March 2024. The Avast Threat Research Team recently noted that it had silently distributed the decryptor to DoNex ransomware victims after discovering a flaw in the cryptographic schema of the malware and predecessors. This article continues to discuss the DoNex ransomware and the release a decryptor to victims of this ransomware.

Researchers have found that attackers can perform cryptocurrency mining using improperly configured Jenkins Script Console instances. Trend Micro warned that improperly set up authentication mechanisms expose the '/script' endpoint to attackers, making Remote Code Execution (RCE) possible. Jenkins is a widely used Continuous Integration and Continuous Delivery (CI/CD) platform with a Groovy script console that enables users to run arbitrary Groovy scripts in the Jenkins controller runtime.

Attackers are exploiting a Remote Code Execution (RCE) vulnerability in a Linux-wide Ghostscript document conversion toolkit. Ghostscript is pre-installed on many Linux distributions and is used by ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, and the CUPS printing. All Ghostscript 10.03.0 and earlier installations are vulnerable to this format string flaw. Unpatched Ghostscript versions fail to prevent changes to uniprint device argument strings after the sandbox is activated, allowing attackers to escape the default -dSAFER sandbox.

A new cyber espionage actor, tracked as "CloudSorcerer," is targeting government organizations in the Russian Federation with sophisticated malware that can adapt its behavior based on the execution environment. The Advanced Persistent Threat (APT) group uses an operational style similar to that of "CloudWizard," another APT discovered last year that also targets Russian entities. This article continues to discuss findings regarding CloudSorcerer's cyber espionage campaign.

The Ethereum Foundation's account on a mailing list platform was hacked to send email phishing lures to about 35,794 addresses. Phishing emails from a legitimate email address promoted a Lido scam and linked to a malicious website that drained visitors' wallets. According to the Ethereum Foundation, this website had a cryptocurrency drainer running in the background that would drain a user's wallet if they signed the transaction requested by the website. This article continues to discuss the hacking of the Ethereum Foundation's account on a mailing list platform.

The ransomware group known as RansomHub recently leaked data allegedly stolen from the Florida Department of Health.  RansomHub added the agency to its Tor-based leak site on July 2, claiming to have stolen over 100 gigabytes of data from its network, including personally identifiable information (PII) and protected health information (PHI).