"Gladinet vulnerability exploited in the wild A vulnerability affecting Gladinet's CentreStack and Triofox products has been exploited in the wild, Huntress warns. CentreStack is a mobile access and secure sharing solution while Triofox is a secure file access solution. Huntress earlier this year discovered exploitation of CVE-2025-30406, a hardcoded machine key issue affecting the products, and it has now detected exploitation of a new vulnerability, CVE-2025-11371, which allows unauthenticated local file inclusion. Gladinet is aware of the issue and is in the process of providing a workaround to customers until a patch is developed."
"US universities targeted by payroll pirates Microsoft has warned that a cybercrime group it tracks as Storm-2657 has been targeting US universities in an effort to hack employee accounts on HR platforms such as Workday. The goal is to divert salary payments to accounts controlled by the attackers. These types of threat actors are known as "payroll pirates". The attacks seen by Microsoft do not involve exploitation of Workday vulnerabilities. Instead the hackers are leveraging social engineering tactics and the lack of MFA to compromise accounts."
Gladinet's CentreStack and Triofox products have been exploited in the wild, with Huntress observing prior exploitation of CVE-2025-30406 and new exploitation of CVE-2025-11371, an unauthenticated local file inclusion; Gladinet is providing a workaround until a patch is developed. Microsoft reports that the Storm-2657 group is targeting US universities to hijack HR platform accounts such as Workday and divert salary payments to attacker-controlled accounts, using social engineering and exploiting the absence of MFA rather than platform vulnerabilities. StrikeReady reported a Zimbra vulnerability tracked as CVE-2025-27915 was exploited earlier this year to target Brazil's military.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]