An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-847x-x4jg-6gf4: croogo Host header injection

Dallas, United States, TX, 21st April 2025, CyberNewsWire

**Dallas, United States, TX, April 21st, 2025, CyberNewsWire**

Brings Automated Response to Your Assets, Identity, Vulnerabilities, Alerts, and More to Redefine Risk Prioritization.

For years, security teams have operated in reactive mode, contending with siloed tools, fragmented intelligence, and a never-ending backlog of alerts. Traditional Security Operations platforms were supposed to unify data and streamline response—but they often introduced their own complexity, requiring heavy customization and manual oversight. “Hyper automation” delivered much of the same empty promises, leaving most security teams firefighting today’s incidents with limited bandwidth to proactively manage tomorrow’s risks.

At the 2025 RSA Conference, StrikeReady is introducing its next-generation Security Command Center v2. This AI-powered platform is engineered to go beyond basic alert processing, offering integrated asset and identity visibility, comprehensive vulnerability management, and coordinated automated response capabilities—enabling organizations to address threats with a focus on effective risk resolution.

> “We built StrikeReady to help security teams escape the cycle of perpetual reactivity,” said Alex Lanstein, CTO at StrikeReady. “With our platform, you don’t just see threats faster—you control and reduce risk in real time, closing gaps before they’re exploited. It’s a complete shift from dousing fires to preventing them from igniting.”

**v2 Key Business Outcomes and Metrics**

**1\. Proactive Risk Visibility**

A consolidated risk view across your identities, assets, and vulnerabilities, validated in a single unified interface/command center. Enable informed, strategic planning, rather than being in constant firefighting mode.

**2\. Radical Time Reduction**

Validating risk with threat intelligence, like threat intelligence reports, is cut from four to six hours to four to six minutes.

Alert processing drops from one hour to one minute, freeing analysts to focus on hunting.

All alerts, from any source—high, medium, and low severity—are all processed without differentiation, and at machine speed and accuracy.

**3\. Better, Faster, and More Cost-Effective Deployments**

Automated workflows and capabilities can be live in as little as 60 minutes, unlike traditional automation systems that often require six to 18 months of customization and cost upwards of $1 million.

**4\. Lower Operational Expenses**

One of many examples is phishing alert backlogs cleared in minutes, reducing manual efforts and saving over $180,000 annually.

Analysts spend less time on foundational work, false positives, and repetitive tasks, slashing overhead and burnout.

**5\. Native Case Management, Collaboration, and Real-Time Validation**

Built-in case management means no external ticketing, and zero trust collaboration with any internal or external team, with auto-documentation as standard (auditable).

**6\. Validate Your Security Controls** 

Use prepackaged or custom live attack content across your endpoints, cloud, and network to assess your security posture, resolve risk, and report improvements to your business.

**7\. Moving from Alerts to Strategic Defense**

While many AI-based security solutions focus on short-term alert handling, StrikeReady frames cybersecurity as an end-to-end risk management process. The platform’s proprietary Large Action Model (LAM) goes beyond mere analysis—directly executing defensive actions across the environment based on user prompts. This proactive approach helps organizations:

**Optimize** existing security investments by centralizing management.

**Preemptively** counter sophisticated threats, rather than reacting after the fact.

**Continuously** improve security efficiency through automation and instant control validation.

> “Success in cybersecurity today isn’t about chasing the latest threat—it’s about operationalizing intelligence, standardizing incident resolution, and eliminating friction at every step,” said Adil Mufti, CISO at StrikeReady. “StrikeReady makes this shift possible by consolidating the entire security lifecycle under one roof.”

**Experience StrikeReady at RSA Conference**

At **RSA Conference 2025**, StrikeReady will demonstrate live how the platform unifies risk visibility, orchestrates proactive actions, and frees analysts to make strategic decisions. Attendees can learn how to lower mean time to respond (MTTR), reduce false positives, and transform their SOC from a reactive entity into a proactive defense powerhouse.

**About StrikeReady**

Founded in 2019, StrikeReady introduced the first unified, vendor-agnostic, AI-powered Security Command Center delivering full-spectrum risk visibility, intelligent threat management, and automated response from a single, integrated platform.

By unifying identities, assets, vulnerabilities, and advanced simulations in one place, StrikeReady empowers organizations to proactively defend against modern threats and stay ahead of an ever-shifting cyber landscape. Moving beyond conventional AI, StrikeReady leverages its Large Action Model (LAM) to automate actions across the tech stack, creating a force multiplier for security teams seeking truly proactive risk management.

Recognized by Gartner as the only Virtual Security Assistant in its Emerging Technologies report, StrikeReady is dedicated to reshaping the future of cybersecurity.

**For more information users can visit**: https://strikeready.com/

**To schedule a demo at RSA, users can contact:** 

Lee Weyers | \[email protected\] | +1 (702) 588-1131

**Contact**

**Director, Public Relations**  
**Cara Harbor**  
**StrikeReady**  
**\[email protected\]**

Industry First: StrikeReady AI Platform Moves Security Teams Beyond Basic, One-Dimensional AI-Driven Triage Solutions

A list of topics we covered in the week of April 12 to April 18 of 2025

April 18, 2025 - Text scams come in many forms and are an ever increasing threat doing an awful lot of financial, and other, damage

April 17, 2025 - Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited...

April 16, 2025 - A new variant of the hello pervert emails claims that the target's system is infected with njRAT and spoofs the victims email address

April 15, 2025 - Car rental giant Hertz data suffered a data breach caused by a CL0P ransomware attack on file sharing vendor Cleo

April 14, 2025 - A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204

 A week in security (April 12 &#8211; April 18) 

This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact security scenarios for Copilot and Cloud with up to $4 million in potential awards.

This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact security scenarios for Copilot and Cloud with up to $4 million in potential awards.  

We’re excited to share that we received more than 600 vulnerability submissions and awarded more than $1.6 million during the qualifying research challenge and live event. Our team is continuing to evaluate potential vulnerabilities and mitigate where necessary.

During the qualifying rounds, researchers submitted their work for a chance to attend the event in person and earn additional incentives beyond our regular bug bounty awards. A select group of researchers then dug in even further in Redmond and online for the live event where they worked on capture-the-flag challenges in Microsoft products, attended social events, and held technical discussions with the Microsoft security teams.

Nearly 100 researchers also participated in our training sessions, which included AI bug hunting with our AI Red Team, SSRF training with our engineering team, and tips and advice from the bounty team.  

Following the success of this inaugural event, today we are making two key investments to deepen our partnership with the research community:  

*   The 100% award multiplier for all Copilot bounty awards will remain active. This will continue to incentivize AI research through additional payments for high-impact research. Learn more on our Copilot bounty program page.
    
*   Zero Day Quest will return annually with new research challenges, bounty multipliers, and deeper collaboration between Microsoft product engineering teams, Microsoft security teams, and the security research community.
    

The Zero Day Quest is part of Microsoft’s broader bug bounty program, which awarded more than $16 million in 2023 to researchers who responsibly reported vulnerabilities and helped us address them before they could impact our customers. While we ask the research community to follow Coordinated Vulnerability Disclosure (CVD), we also encourage public writeups after mitigation to support continued learning. As part of our Secure Future Initiative (SFI) and our commitment to transparency, we will issue CVEs for all critical issues. Learnings from this and future events will also be shared across Microsoft to help improve cloud and AI security - by default, by design, and in operations. You can read more about our Secure Future Initiative in our latest progress report.  

We look forward to our continuing partnership with the security community as we all work together to raise the security bar for everyone.  

**Tom Gallagher  
VP of Engineering, Microsoft Security Response Center (MSRC)**

Zero Day Quest 2025: $1.6 million awarded for vulnerability research

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-mfvv-mgf6-q25r: GoBGP crashes in the flowspec parser

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

GHSA-c5jg-wr5v-2wp2: GoBGP does not verify that the input length

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

GHSA-7m35-vw2c-696v: GoBGP panics due to a zero value for softwareVersionLen

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

GHSA-hqhq-hp5x-xp3w: GoBGP does not properly check the input length

QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.

GHSA-wm65-ph3w-587c: QMarkdown Cross-Site Scripting (XSS) vulnerability

Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and…

Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and Russia after years of silence. Learn about its new tactics and modular design.

Cybercriminals are constantly developing new malware for cyberattacks. These malicious tools have varying lifespans; some malware families have been tracked for decades, while others vanish from public awareness relatively quickly. In 2021, Kaspersky researchers discovered one such short-lived implant during their investigation of the CVE-2021-40449 zero-day vulnerability, which they dubbed MysterySnail RAT.

At the time of its discovery, MysterySnail RAT was linked to IronHusky APT, a Chinese-speaking threat group active since at least 2017. After the initial report, no further public details about this malware emerged.

However, recent observations have uncovered attempted deployments of a new version of MysterySnail RAT targeting government entities in Mongolia and Russia. This targeting aligns with previous intelligence indicating IronHusky’s specific interest in these two countries dating back to 2018, suggesting the RAT has been active covertly for several years.

A recent infection began with a malicious MMC script disguised as a document from Mongolia’s National Land Agency (ALAMGAC). This script downloaded a ZIP archive from fileio, which contained a secondary malicious component and a decoy DOCX file. The script would then extract the archive, placing the decoy in %AppData%\Cisco\Plugins\X86\bin\etc\Update, and execute CiscoCollabHost.exe from the archive. For persistence, it configured CiscoCollabHost.exe to run at start-up and opened the decoy document to deceive the user.

While CiscoCollabHost.exe was legitimate, the archive also held a malicious DLL named CiscoSparkLauncher.dll, designed for DLL Sideloading by the legitimate process, acting as a new intermediary backdoor. This backdoor facilitated C2 communication by leveraging the open-source piping-server project.

The new version can execute around 40 commands, enabling various malicious activities like file system management, command execution via cmd.exe process creation and termination, service management, and network resource connection.

Unlike the 2021 samples, the new version uses five additional DLL modules for command execution, a key upgrade from the previous version’s single malicious component.

Moreover, it was configured to establish persistence on infected machines as a service, and the malicious DLL loads a payload encrypted using RC4 and XOR algorithms. Upon decryption, it gets loaded into memory through DLL hollowing, facilitated by code within the run_pe library.

Following the disruption of recent MysterySnail RAT intrusions, the threat actors persisted by deploying a modified, single-component variant named MysteryMonoSnail. This streamlined version communicated with the same C2 servers as the original RAT but utilised the WebSocket protocol instead of HTTP and possessed a reduced set of only 13 basic commands, enabling actions like listing directories, writing files, and launching processes and remote shells.

The return of MysterySnail RAT shows how old malware doesn’t just disappear; they evolve. It’s also a reminder that staying on top of new and resurfacing cybersecurity threats is key to keeping systems secure.

Tag

#vulnerability