Cyber criminals attack young safety intervals in many products. Commvault, Brocade Fabric OS and active are impressed! Match. Attacks in the wild were seen on weaknesses. Admins should quickly install error -adjustable versions.
US Cyber Security Authority CISA is currently warning In front of the ongoing cyber attacks. One of the attacked security intervals can be found in the brocade fabric OS operating system. According to the weak point description, the developers have removed the root access since the version 9.1.0, but local users with administrator rights can possibly run any code with full root rights. Fabric OS 9.1.0 to 9.1.1D6 (Cve-2025-1976Cvss 8.6risk “High“). loud Broadcom security notification If the fabric OS 9.1.1D7 corrects the problem, the version 9.2.0, however, is not weak.
Backup and recovery software attacked
Commvault backup and recovery actually serves to secure and restore data. A safety difference in the web server can be abused by deadly actors to step into the webchal and take out – and they actually do so on the net. To do this, you need access data to an account, which makes the attacks a little more difficult. Commvault calls the difference in a safety notification “Critical” (Cve 2025-3928, CVSS 8.7risk “High“). Linux and Windows 11.36.46, 11.32.89, 11.28.141 and 11.20.217 Comvolt versions for Iron the Errr.
A third actively attacked weak point affects the active! Mail 6. A stack-based buffer overflow can be misbehaved with careful inquiry from the attackers without authentication from the network, to paralyze the service or even to step into a malicious code (CVE-2015-42599, CVSS) 9.8risk “Serious“). This message comes from the Japanese certificate, where software is also likely to be used.
CISA does not share what the attacks see, what scope they have or how they can be identified. Therefore, IT managers should set up the update as soon as possible to reduce the surface of the attack and not fall prey to the attacks.
Last week, CISA had to warns of active attacks on a weak point in NTLM authentication of Microsoft. Windows update safety leaked from March.
(DMK)
