SonicWall has released software updates to address a high-severity vulnerability in SonicOS

Vulnerability:
CVE-2025-40601 - Stack-based buffer overflow

Impact: Allows an attacker to cause denial of service and crash the firewall

Recommendation:
- Apply patches ASAP
- If not able to patch, disable SSL VPN
- If not able to disable SSL VPN, limit access to SonicWall firewall to trusted sources

#cybersecurity #vulnerabilitymanagement #SonicWall

https://www.bleepingcomputer.com/news/security/new-sonicwall-sonicos-flaw-allows-hackers-to-crash-firewalls/

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute ShadowPad malware.
“The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source PowerShell-based Netcat utility, to obtain a system shell (CMD). Subsequently, they downloaded and installed ShadowPad using certutil and curl.”
Once installed, the malware launches a core module responsible for loading additional plugins embedded in the shellcode into memory. It incorporates multiple anti-detection and persistence techniques. The activity has not been attributed to any known threat actor.
“After the proof-of-concept (PoC) exploit code for the vulnerability was publicly released, attackers quickly weaponized it to distribute ShadowPad malware via WSUS servers,” AhnLab said. “This vulnerability is critical because it allows remote code execution with system-level permission, significantly increasing the potential impact.”

🚨 New plugin: ICTBroadcastRcePlugin (CVE-2025-2611).

ICTBroadcast unauthenticated RCE vulnerability detection.

Results: https://leakix.net/search?q=%2Bplugin%3AICTBroadcastRcePlugin&scope=leak