Gladinet’s CentreStack and Triofox platforms face an urgent security challenge as a critical vulnerability, tracked as CVE-2025-30406, has been actively exploited. The flaw, which has already impacted seven organizations, involves a hard-coded cryptographic key enabling remote code execution attacks on internet-accessible servers. This exploit was initially a zero-day attack last month before it was addressed in the new Gladinet CentreStack version released on April 3, 2025. Despite the fix, similar vulnerabilities persist in Triofox up to version 16.4.10317.56372, with attackers exploiting identical hard-coded keys for remote system control.
Meanwhile, Fortinet has issued warnings concerning another vulnerability affecting its FortiGate devices. Threat actors are able to retain access to these systems even after patches are applied, using a symbolic link exploit. This technique connects user and root file systems, specifically in the directory serving language files for SSL-VPNs, thus evading usual detection methods.
In another development, threat actor Paper Werewolf targeted Russian entities through a sophisticated implant known as PowerModul. Between July and December of the previous year, attacks focused on mass media, telecom, and energy sectors, incorporating phishing emails and malware to disrupt operations and alter employee credentials.
Microsoft has responded to cybersecurity threats with patches for 125 vulnerabilities across its software. These updates tackle privilege escalation, remote code execution, and denial-of-service bugs. Notably, one actively exploited flaw involves a vulnerability in the Windows Common Log File System Driver, which allows attackers to elevate user privileges.
Lastly, Amazon has fixed a flaw in its EC2 SSM Agent, originally allowing attackers to utilize directory path traversal for privilege escalation and arbitrary code execution. This crucial update safeguards Amazon Web Services from potential exploitation across its remote management platform.
