Week 16 has been packed with critical cybersecurity developments, highlighting growing threats and major defensive efforts across the industry. A severe vulnerability in Apache Roller risks persistent unauthorised access, while SonicWall’s SMA100 suffers from an OS command injection flaw. Microsoft’s April Patch Tuesday addressed over 130 vulnerabilities, including a WinRAR bug that bypasses Windows security warnings and a critical Erlang/OTP SSH flaw allowing unauthenticated remote code execution.
Meanwhile, a new variant of the BrickStorm malware is actively targeting Windows systems. On the defence front, CISA extended funding to MITRE’s CVE program to support ongoing vulnerability tracking. Google also took a strong stance against abuse, blocking over 5.1 billion harmful ads and suspending 39.2 million advertiser accounts.
Here’s a breakdown of the top cybersecurity stories from Week 16:
- Critical Apache Roller Vulnerability Allows Persistent Unauthorised Access
- SonicWall SMA100 OS Command Injection Vulnerability
- CISA Extends MITRE’s CVE Program Funding
- New BrickStorm Malware Variant Targets Windows Systems
- Microsoft’s April 2025 Patch Tuesday Addresses Over 130 Vulnerabilities
- WinRAR Vulnerability Allows Bypass of Windows Security Warnings
- Critical Erlang/OTP SSH Vulnerability Allows Unauthenticated Remote Code Execution
- Google Blocks 5.1 Billion Harmful Ads and Suspends 39.2 Million Advertiser Accounts
Critical Apache Roller Vulnerability Allows Persistent Unauthorised Access
A critical security flaw has been identified in Apache Roller, an open-source Java-based blogging platform, affecting versions up to and including 6.1.4.
Tracked as CVE-2025-24859, with a maximum CVSS score of 10.0, the vulnerability stems from improper session invalidation. Specifically, when a user’s password is changed—either by the user or an administrator—existing sessions remain active, allowing potential attackers to maintain unauthorised access even after credentials are updated.
This issue has been addressed in version 6.1.5, which introduces centralised session management to ensure all active sessions are invalidated upon password changes or user deactivation.
Users are strongly advised to upgrade to the latest version to mitigate this risk.
View SourceSonicWall SMA100 OS Command Injection Vulnerability
CISA has added CVE-2021-20035 to its Known Exploited Vulnerabilities (KEV) Catalog. This critical flaw affects SonicWall SMA100 appliances and stems from an OS command injection vulnerability in the management interface.
A remote, authenticated attacker could exploit this flaw to execute arbitrary commands as the ‘nobody’ user, potentially leading to full code execution.
While it is not yet confirmed to be used in ransomware campaigns, organisations are urged to apply vendor-recommended mitigations immediately. In line with BOD 22-01, the vulnerability must be remediated by May 7, 2025. If no fix is available, CISA advises discontinuing use of the affected product.
View SourceCISA Extends MITRE’s CVE Program Funding
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended funding for MITRE’s Common Vulnerabilities and Exposures (CVE) program, averting an imminent shutdown.
The CVE program, a cornerstone of global cybersecurity, catalogs publicly disclosed software vulnerabilities and has been instrumental in vulnerability management since its inception in 1999. Despite this extension, concerns persist regarding the program’s long-term sustainability due to its reliance on U.S. government funding.
In response, members of the CVE Board have initiated the formation of the CVE Foundation, a nonprofit entity aimed at ensuring the program’s independence and continued operation. Industry experts emphasise the critical nature of the CVE program, noting that any disruption could have widespread implications for cybersecurity efforts worldwide.
View SourceNew BrickStorm Malware Variant Targets Windows Systems
Cybersecurity firm Nviso has identified a new variant of the BrickStorm malware targeting Windows systems, marking a significant expansion from its previous association with Linux architectures.
This malware is linked to the Chinese state-sponsored group UNC5221 and is designed to infiltrate Western companies, establishing covert access points within their networks to exfiltrate sensitive data such as intellectual property and strategic business information. Notably, in at least one instance, the malware operated undetected for several years. UNC5221 employs sophisticated techniques, including the exploitation of zero-day vulnerabilities and the use of legitimate cloud services like Cloudflare, to maintain persistence and evade detection.
Nviso warns that this threat may be more widespread than currently known and urges organisations to review their detailed report to detect and mitigate the presence of BrickStorm in their systems.
View SourceMicrosoft’s April 2025 Patch Tuesday Addresses Over 130 Vulnerabilities
On April 14, 2025, Microsoft released its monthly Patch Tuesday updates, addressing over 130 security vulnerabilities across various products. The update includes fixes for 11 critical-severity issues, notably affecting Microsoft Excel, Windows Remote Desktop Services, Hyper-V, LDAP, and TCP/IP. Additionally, 110 important-severity vulnerabilities were patched, encompassing remote code execution, denial of service, privilege escalation, security feature bypass, information disclosure, and spoofing flaws.
Significantly, Microsoft also resolved an actively exploited zero-day vulnerability in the Windows Common Log File System Driver (CVE-2025-29824), a use-after-free flaw that could allow attackers to gain SYSTEM privileges. Users and administrators are strongly advised to apply these updates promptly to mitigate potential security risks.
View SourceWinRAR Vulnerability Allows Bypass of Windows Security Warnings
A recently patched vulnerability in WinRAR, identified as CVE-2025-31334, permitted attackers to bypass Windows’ Mark-of-the-Web (MotW) security feature, potentially leading to arbitrary code execution.
The flaw affected all WinRAR versions prior to 7.11 and involved the handling of symbolic links within archive files. Specifically, when a user opened a specially crafted archive containing a symbolic link pointing to an executable, WinRAR failed to apply the MotW flag, allowing the executable to run without the standard security warning.
This vulnerability, discovered by security researcher Shimamine Taihei of Mitsui Bussan Secure Directions was addressed in WinRAR version 7.11.
Users are strongly advised to update to the latest version to mitigate potential risks.
View SourceCritical Erlang/OTP SSH Vulnerability Allows Unauthenticated Remote Code Execution
A critical vulnerability has been identified in the Erlang/Open Telecom Platform (OTP) SSH implementation, tracked as CVE-2025-32433 with a maximum CVSS score of 10.0. Discovered by researchers at Ruhr University Bochum, the flaw permits unauthenticated attackers with network access to execute arbitrary code on affected systems.
The issue arises from improper handling of SSH protocol messages, allowing malicious actors to send connection protocol messages prior to authentication. If the SSH daemon runs with root privileges, successful exploitation could grant full control over the device, leading to potential data breaches or denial-of-service attacks.
Users operating SSH servers based on the Erlang/OTP SSH library are advised to update to versions OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20. As a temporary measure, restricting SSH port access to authorised users via firewall rules is recommended.
View SourceGoogle Blocks 5.1 Billion Harmful Ads and Suspends 39.2 Million Advertiser Accounts in 2024
In its 2024 ad safety report, Google announced it blocked 5.1 billion harmful ads and suspended over 39.2 million advertiser accounts, marking a significant increase from the previous year’s 12.7 million suspensions. The company also restricted 9.1 billion ads and took action on 1.3 billion pages for policy violations.
Key infractions included ad network abuse (793.1 million ads), trademark misuse (503.1 million), and misrepresentation (146.9 million). Leveraging AI-powered tools, Google tackled emerging threats such as deepfake scams, resulting in the suspension of over 700,000 accounts. Additionally, the expansion of advertiser identity verification to more than 200 countries led to the removal of over 10.7 million unverified election ads.
View SourceIf you’re ready to chat about how we can help protect your business from cyber threats, contact us using the form below 👇.
