April 2025 – Page 3 – TheCyberThrone

CVE-2025-32445 Privilege Escalation Flaw in Argo Events

CVE-2025-32445 is a critical privilege escalation vulnerability affecting Argo Events, an event-driven workflow automation framework designed for Kubernetes environments. The flaw enables users with permissions to create or modify EventSource…

PravinKarthik April 19, 2025

CISA adds Microsoft and Apple vulnerabilities to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation in the wild. These vulnerabilities affect Microsoft…

PravinKarthik April 18, 2025

CVE-2025-24054 Critical NTLM Hash Flaw

CVE-2025-24054 is a high-severity NTLM authentication vulnerability that allows attackers to leak NTLMv2-SSP (Security Support Provider) hashes through spoofing techniques. The exploitation relies on maliciously crafted .library-ms files, which can…

PravinKarthik April 17, 2025

CVE-2025-3608 impacts Mozilla Firefox

CVE-2025-3608 is a high-severity vulnerability identified in Mozilla Firefox that arises due to a race condition within the nsHttpTransaction component. This flaw could lead to memory corruption, potentially resulting in…

PravinKarthik April 16, 2025

CVE-2025-24859 impacts Apache Roller

CVE-2025-24859 is a critical security vulnerability found in Apache Roller, an open-source Java-based blogging platform. This flaw impacts session management, allowing unauthorized session persistence even after a user resets their…

PravinKarthik April 16, 2025

Outlaw Linux Malware Detailed Out

The Outlaw Linux malware is a persistent and evolving cryptojacking botnet designed to exploit Linux servers with weak SSH credentials. Operated by the Outlaw hacking group, this malware spreads autonomously…

PravinKarthik April 15, 2025

Medusa Ransomware Gang’s Attack on NASCAR

The recent cyberattack by the Medusa ransomware gang on NASCAR represents a significant threat to the organization's operations, reputation, and data security. The attack, which resulted in the alleged theft…

PravinKarthik April 14, 2025

GOFFEE Advanced Persistent Threat

The GOFFEE APT group is a sophisticated cyber-espionage entity that has been active since early 2022, focusing primarily on organizations within the Russian Federation. Its operations target sectors critical to…

PravinKarthik April 14, 2025