The vulnerability was internally discovered and reported by SonicWall’s security team. The flaw, tracked as CVE-2025-40601, carries a CVSS score of 7.5 and affects multiple generations of SonicWall firewall products.

Understanding the Vulnerability

The vulnerability exists in the SSLVPN service component of SonicOS and stems from a stack-based buffer overflow weakness (CWE-121).

When exploited, an attacker can send specially crafted requests to the vulnerable SSLVPN interface without authentication, causing the affected firewall to crash and interrupting services.

SonicWall states that this vulnerability only impacts devices with the SSLVPN interface or service enabled on the firewall. Organizations that do not use this feature remain unaffected.

Currently, SonicWall PSIRT reports no active exploitation in the wild, and no proof-of-concept code has been publicly released.

The vulnerability impacts both Gen7 and Gen8 SonicWall firewalls across hardware and virtual platforms.

Gen7 devices running firmware versions 7.3.0-7012 and older are vulnerable, while Gen8 firewalls with versions 8.0.2-8011 and earlier are affected. SonicWall Gen6 firewalls and SMA 1000/100 series SSL VPN products are not impacted.

SonicWall strongly urges organizations to update to the patched firmware versions immediately.

Until patches can be applied, administrators should restrict SSLVPN access to trusted source IP addresses only or disable the service from untrusted internet sources by modifying existing access rules.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely appeared first on Cyber Security News.

The new system represents a significant leap in agentic AI capabilities, enabling machines to work on coding projects with minimal human intervention. GPT-5.1-Codex-Max operates differently from general-purpose AI models.

Built specifically for software engineering, the model features compaction technology that enables it to process millions of tokens in a single session.

This breakthrough means developers can assign extensive refactoring projects, debugging sessions, and multi-hour agent loops to the AI.

Advanced Architecture Powers Independent Development

Which completes them independently without losing context or coherence. The model can sustain work for extended periods.

In internal testing, GPT-5.1-Codex-Max completed tasks running for over 24 hours, automatically managing its context window by compacting sessions when necessary.

This capability transforms how teams approach large-scale code modernization and complex system maintenance. Performance benchmarks demonstrate substantial improvements over previous versions.

On SWE-bench Verified evaluations, GPT-5.1-Codex-Max achieves 77.9% accuracy compared to 73.7% from its predecessor.

More notably, the model uses 30% fewer thinking tokens while delivering superior results, directly translating to reduced computational costs for developers.

Frontend design tasks showcase these efficiency gains effectively. GPT-5.1-Codex-Max produces high-quality interfaces with approximately 27,000 thinking tokens, compared to 37,000 for older models.

Requiring fewer tool calls and generating more efficient code. The enhanced capabilities bring responsibility.

OpenAI acknowledges that advanced coding models can, in theory, assist in cybersecurity attacks. However, the company states it hasn’t observed meaningful abuse at scale.

The team has already disrupted cyber operations by attempting to misuse the model. GPT-5.1-Codex-Max runs in a secure sandbox by default.

File operations remain confined to designated workspaces, and network access stays disabled unless explicitly enabled.

OpenAI recommends keeping Codex restricted, as enabling internet connectivity introduces prompt injection vulnerabilities. The company advises developers to review all AI-generated code before deployment.

Codex produces terminal logs and cites tool calls, reducing bug risks, but should complement rather than replace human code reviews.

GPT-5.1-Codex-Max is now available through Codex for ChatGPT Plus, Pro, Business, Edu, and Enterprise subscribers. API access is coming soon.

Internally, 95% of OpenAI’s engineers use Codex weekly, and adoption correlates with approximately 70% more pull requests shipped.

The model represents progress toward reliable AI coding partners that enhance developer productivity while maintaining security standards.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post OpenAI Releases GPT-5.1-Codex-Max that Performs Coding Tasks Independently appeared first on Cyber Security News.

This Russia-based bulletproof hosting company provides infrastructure to ransomware and other cybercriminals.

The U.S. Federal Bureau of Investigation also coordinated the action targeting the company’s leadership team and related entities.

Bulletproof hosting providers offer specialized servers designed to help criminals hide their activities and avoid law enforcement.

These services give ransomware gangs, hackers, and other cybercriminals the infrastructure they need to launch attacks against businesses and critical infrastructure.

Media Land’s Criminal Operations

Media Land, headquartered in St. Petersburg, Russia, supplied hosting services to major ransomware groups, including LockBit, BlackSuit, and Play.

The company’s infrastructure was also used for distributed denial-of-service (DDoS attacks targeting U.S. companies and critical systems. Company leadership played direct roles in the criminal operation.

Aleksandr Volosovik, Media Land’s general director, advertised the company’s services on cybercriminal forums under the alias “Yalishanda” and provided servers to ransomware actors.

Kirill Zatolokin, an employee, collected payments from customers and coordinated with other cyber actors. Yulia Pankova assisted Volosovik with legal matters and financial management.

The Treasury also designated Hypercore Ltd., a UK-registered company created by the Aeza Group after it was sanctioned in July 2025. Aeza attempted to rebrand and hide its connections to avoid sanctions.

Treasury officials designated new companies and individuals involved in the evasion effort, including directors Maksim Makarov and Ilya Zakirov. Related entities in Serbia and Uzbekistan were also targeted.

All property and assets belonging to the designated individuals and companies in the United States are now frozen.

U.S. persons and businesses are prohibited from conducting transactions with these entities. Financial institutions engaging with sanctioned parties risk enforcement actions.

The U.S. Treasury emphasized that these coordinated international actions demonstrate a commitment to preventing ransomware and protecting citizens from cybercrime.

The Cybersecurity and Infrastructure Security Agency released additional guidance on protecting against bulletproof hosting providers.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Authorities Sanctioned Russia-based Bulletproof Hosting Provider for Supporting Ransomware Operations appeared first on Cyber Security News.

According to Horizon3.ai, it allows unauthenticated attackers to bypass authentication, access legacy APIs, and exfiltrate sensitive files, including credentials and database backups.

The Vulnerability Chain

Earlier this year, N-able N-central was added to the CISA Known Exploited Vulnerabilities (KEV) catalog for CVE-2025-8875 and CVE-2025-8876.

These vulnerabilities enable authenticated attackers to achieve remote code execution via deserialization and command injection.

Horizon3.ai researchers found more serious flaws in the latest versions. They also uncovered new weaknesses and built a dangerous attack chain.

An unauthenticated attacker can exploit CVE-2025-9316, a weak authentication bypass in the legacy SOAP API, to obtain valid session IDs.

This initial access opens doors to CVE-2025-11700, an XML External Entity (XXE) injection vulnerability that allows reading arbitrary files from the filesystem.

With approximately 3,000 N-central instances exposed on the internet according to Shodan, the attack surface is significant.

Horizon3.ai researchers demonstrated how attackers can chain these vulnerabilities to read sensitive configuration files, including /opt/nable/var/ncsai/etc/ncbackup.conf, which contains database backup credentials stored in cleartext.

Most critically, accessing the N-central database backup reveals all integration secrets: domain credentials, API keys, SSH private keys, and encrypted database entries.

Using cryptographic keys stored in the backup (masterPassword and keystore.bcfks), attackers can decrypt all stored secrets, leading to complete infrastructure compromise.

N-able addressed these vulnerabilities in version 2025.4.0.9, released on November 5, 2025, by restricting access to vulnerable legacy SOAP API endpoints.

Organizations should upgrade immediately and review logs for indicators of exploitation, including “Failed to import service template” entries in dmsservice.log.

The vulnerability chain demonstrates why legacy API endpoints pose persistent security risks in enterprise software, particularly for widely deployed RMM solutions that threat actors commonly target.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Critical N-able N-central Vulnerabilities Allow attacker to interact with legacy APIs and read sensitive files appeared first on Cyber Security News.

Rapid7 discovered that the vulnerabilities can be chained together to compromise administrator accounts without any user interaction or valid credentials. The vulnerabilities affect Twonky Server installations on both Linux and Windows platforms.

Twonky Server is widely deployed in network-attached storage (NAS) devices, routers, set-top boxes, and gateways worldwide. With approximately 850 instances currently exposed to the public internet, according to Shodan data.

Vulnerabilities Let Attackers Bypass Authentication

The first vulnerability (CVE-2025-13315) allows attackers to bypass API authentication controls through an alternative routing mechanism.

By using the “/nmc/rpc/” prefix instead of the standard “/rpc/” path, attackers can access the log_getfile endpoint without authentication.

This endpoint exposes application logs containing the administrator’s username and encrypted password.

The second vulnerability (CVE-2025-13316) makes password decryption easy. Twonky Server uses hardcoded Blowfish encryption keys across all installations.

Rapid7 researchers identified twelve static keys embedded in the compiled binary, meaning any attacker with knowledge of the encrypted password can decrypt it to plaintext using these publicly available keys.

Rapid7 correctly reported these vulnerabilities to Lynx Technology, the vendor behind Twonky Server.

However, the vendor ceased communications after acknowledging receipt of the technical disclosure and stated that patches would not be possible.

Version 8.5.2 remains the latest available release with no security updates. Organizations using Twonky Server should immediately restrict application traffic to trusted IP addresses only.

All administrator credentials should be considered compromised and rotated if the server is exposed to untrusted networks.

Rapid7 has released a Metasploit module that demonstrates the complete exploitation chain and plans to provide detection capabilities in its vulnerability scanning tools.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Critical Twonky Server Vulnerabilities Let Attackers Bypass Authentication appeared first on Cyber Security News.

Published on November 19, 2025, this guidance targets internet service providers (ISPs) and network defenders, offering strategic recommendations to dismantle the infrastructure that underpins global cybercrime.

The advisory, developed by the Joint Ransomware Task Force (JRTF), addresses the growing threat posed by “bulletproof hosting” (BPH) services that knowingly support ransomware groups, phishing campaigns, and other malicious activities.

Bulletproof hosting providers differ from legitimate infrastructure services by intentionally ignoring abuse complaints and legal processes such as court orders or subpoenas.

These entities market their services to cybercriminals with the assurance of impunity, often allowing illicit content to remain online despite evidence of criminal activity.

The joint guidance highlights that BPH providers frequently resell infrastructure leased or stolen from legitimate data centers and cloud providers, effectively hiding malicious traffic within valid networks.

To evade detection, these actors employ sophisticated techniques such as “fast flux,” in which they rapidly cycle through IP addresses and domain names, or migrate frequently between Autonomous System Numbers (ASNs) to bypass static blocklists.

Mitigation Strategies for Network Defenders

The authorizing agencies emphasize that mitigating BPH risks requires a nuanced approach to avoid disrupting legitimate internet traffic. Network defenders are urged to curate high-confidence lists of malicious internet resources by leveraging commercial and open-source threat intelligence feeds.

Rather than relying solely on broad blocking measures, defenders should implement granular filtering at the network border, targeting specific IP ranges or ASNs identified as hostile.

The guidance also highlights the importance of traffic analysis to establish baseline network behavior, which allows security teams to identify outlier activity that may indicate a connection to BPH infrastructure.

Centralized event logging systems should be configured to alert on traffic from known malicious sources, ensuring rapid identification of potential compromises.

ISPs play a critical role in the proposed defense strategy and are encouraged to adopt stricter “Know Your Customer” (KYC) protocols to prevent BPH providers from easily acquiring infrastructure.

The advisory suggests that ISPs require verifiable identification and banking details from prospective customers to validate their legitimacy. Furthermore, the guidance proposes establishing sector-wide codes of conduct, such as agreeing to block malicious IP ranges for up to 90 days to disrupt criminal operations.

ISPs are also advised to notify customers when traffic is blocked due to malicious associations and to offer opt-out filtering services that provide enhanced protection for organizations with lower risk tolerances.

By tightening these controls, the international coalition aims to force cybercriminals away from bulletproof havens and onto legitimate platforms where law enforcement can more effectively intervene.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post NSA Issues Guidance for ISPs and Network Defenders to Combat Malicious Activity appeared first on Cyber Security News.

Ollama is a widely used tool that allows developers and AI specialists to run large language models locally without relying on external services like OpenAI.

The platform supports numerous open-source models, including gpt-oss, DeepSeek-R1, Meta’s Llama4, and Google’s Gemma3.

Sonarsource researchers found a critical Out-Of-Bounds Write vulnerability during security auditing of Ollama’s codebase.

The vulnerability affects all Ollama versions before 0.7.0 and exists in the model file parsing mechanism. When processing specially crafted GGUF model files, the software fails to validate specific metadata values properly.

Specifically, during the parsing of mllama models, the code does not verify whether indices specified in the model’s metadata fall within acceptable bounds. This oversight allows attackers to manipulate memory beyond allocated boundaries.

The exploitation path involves creating malicious model files with oversized metadata entries or invalid layer indices. When Ollama processes these files, the vulnerability triggers an Out-Of-Bounds Write condition.

Attackers who gain access to Ollama’s API can load and execute these weaponized models, achieving remote code execution on the target system.

Sonarsource confirmed the vulnerability is exploitable in builds without Position Independent Executable configuration, releases include this protection; experts believe exploitation remains feasible with additional effort.

The vulnerability particularly affects the mllama model parsing code written in C++, where unsafe memory operations occur during model initialization.

The Ollama development team addressed this vulnerability in version 0.7.0 by completely rewriting the vulnerable mllama model handling code in Go, eliminating the unsafe C++ implementation.

Users running older versions face significant security risks and should upgrade to the latest release immediately.

Organizations using Ollama in production environments should audit their deployments and implement version controls to prevent the loading of untrusted model files.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Ollama Vulnerabilities Let Attackers Execute Arbitrary Code by Parsing of Malicious Model Files appeared first on Cyber Security News.

The flaw enables unauthorized actions, including data theft, privilege escalation, and exfiltration of external email, even with ServiceNow’s built-in prompt injection protection enabled.

The vulnerability stems from three default configurations that, when combined, create a dangerous attack surface. ServiceNow Assist agents are automatically assigned to the same team and marked as discoverable by default.

This enables inter-agent communication through the AiA ReAct Engine and Orchestrator components, which manage information flow and task delegation between agents.

ServiceNow AI Prompt Injection Attacks

Attackers exploit this by injecting malicious prompts into data fields that other agents will read when a safe agent encounters the compromised data.

It can be tricked into recruiting more powerful agents to execute unauthorized tasks on behalf of the highly privileged user who triggered the initial interaction.

In proof-of-concept demonstrations, Appomni researchers successfully performed Create, Read, Update, and Delete (CRUD) operations.

On sensitive records and sent external emails containing confidential data, all while avoiding existing security protections.

The attack succeeds primarily because agents execute with the privileges of the user who initiated the interaction, not the user who inserted the malicious prompt.

A low-privileged attacker can therefore leverage administrative agents to bypass access controls and access data they would otherwise be unable to reach.

Appomni advises organizations using ServiceNow to immediately implement these protective measures: Enable Supervised Execution Mode: Configure powerful agents performing CRUD operations or email sending to require human approval before executing actions.

Disable Autonomous Overrides: Ensure the sn_aia.The enable_usecase_tool_execution_mode_override system property remains set to false.

Segment Agent Teams: Separate agents into distinct teams based on function, preventing low-privilege agents from accessing powerful ones.

Monitor Agent Behavior: Deploy real-time monitoring solutions to detect suspicious agent interactions and deviations from expected workflows.

ServiceNow confirmed that these behaviors align with the intended functionality but updated the documentation to clarify configuration risks. Security teams must prioritize auditing their AI agent deployments immediately to prevent exploitation of these default settings.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Can Exploit Default ServiceNow AI Assistants Configurations to Launch Prompt Injection Attacks appeared first on Cyber Security News.

Mindgard researchers discovered the flaws during an audit of the popular VSCode extension, which supports Claude Sonnet and the free Sonic model.

The vulnerabilities stem from inadequate prompt-injection protections during Cline’s analysis of source code files. Attackers can embed malicious instructions in Python, Markdown, and shell scripts to override the agent’s safety guardrails.

Notably, exploitation requires nothing more than opening a compromised repository and requesting analysis.

Mindgard reports that all vulnerabilities were disclosed to the vendor before publication, though the team did not respond to repeated coordination attempts.

Cline AI Coding Agent Vulnerabilities

DNS-based Data Exfiltration allows attackers to leak sensitive API keys and environment variables. By hiding instructions in code comments, attackers can trick Cline into running ping commands that embed system information in DNS requests sent to their own servers.

.clinerules Arbitrary Code Execution exploits Cline’s custom rules system. Attackers place malicious Markdown files in a project’s .clinerules directory.

To force all execute_command operations to run with requires_approval=false, bypassing user consent mechanisms and enabling silent code execution.

The TOCTOU Vulnerability uses time-of-check-time-of-use logic to gradually modify shell scripts across multiple analysis requests.

An attacker can first add harmless code to a script, then later change it to add harmful code while the background task is still running.

Information Leakage reveals the underlying model infrastructure through error messages, exposing that the Sonic model is powered by grok-4.

Cline’s development team implemented mitigations in version 3.35.0, including enhanced prompt injection detection.

Mindgard researchers note the vendor’s delayed response raises concerns about the velocity of LLM agent exploitation relative to security remediation timelines.

The findings underscore that system prompts are not harmless configuration files but core security boundaries.

As AI agents become integral development tools, securing the intersection of language, tools, and code execution remains critically underdeveloped.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Cline AI Coding Agent Vulnerabilities Enables Prompt Injection, Code Execution, and Data Leakage appeared first on Cyber Security News.

Starting next year, Windows 11 and Windows Server 2025 will include System Monitor (Sysmon) capabilities, transforming how security teams detect threats and investigate incidents.

For years, Sysmon has been the go-to tool for IT administrators, security professionals, and threat hunters seeking deep visibility into Windows systems.

However, deploying and maintaining it across thousands of endpoints has been cumbersome, requiring manual downloads, consistent updates, and operational overhead that introduces security risks when updates lag.

The native integration solves these critical pain points. Security teams gain instant threat visibility with the same rich functionality, custom configuration files, and automated compliance through standard Windows Update.

Most importantly, organizations now receive official customer service support, eliminating the risks associated with unsupported production environments.

Sysmon in Windows delivers granular diagnostic data that powers advanced threat detection and technical investigation.

Security applications can access these events through Windows Event Logs (Applications and Services Logs / Microsoft/Windows/Sysmon/Operational) or feed directly into SIEM systems.

Key detection events include process creation monitoring to identify suspicious command-line activity. Network connection tracking to flag Command and Control (C2) traffic, and process access detection to expose credential dumping attempts.

The tool also identifies file creation in suspicious locations, detects tampering techniques such as process hollowing, and captures WMI persistence mechanisms.

Enabling Sysmon functionality is straightforward. Administrators can activate it using the Turn Windows Features On/Off feature, then install it with a single command: sysmon -i.

This command installs the driver, starts the service immediately, and applies the default configuration, with no separate tooling required.

Microsoft plans to expand capabilities further, including enterprise-scale management and AI-powered inferencing.

Imagine automatically detecting credential theft or lateral movement patterns with edge AI, dramatically reducing dwell time and improving organizational resilience.

This native integration represents a significant shift in how Windows handles security monitoring, combining OS-level signals with automated updates to build more resilient, secure-by-design systems.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Sysmon – Go-to Tool for IT Admins, Security Pros, and Threat Hunters Coming to Windows appeared first on Cyber Security News.