29 Aug 2025
Week in review
Greetings,
The team are already hard at work planning another amazing AUSCERT conference, and we’re excited to share these key dates with you! AUSCERT2026 will run from 19–22 May at The Star, Gold Coast.
Tutorials will take place on 19 and 20 May, followed by the main conference on 21 and 22 May.
Don’t miss the Welcome Reception at 5:00 PM on 20 May, or the Gala Dinner on 21 May.
Stay tuned for more details, including the Call for Tutorials in October and the Call for Presentations in November. We can’t wait to see you there!
This week marked Scams Awareness Week, a nationwide campaign aimed at helping Australians stay safe online. This year’s theme, “Stop. Check. Protect.” encourages us all to pause before clicking, verify information, and take proactive steps to safeguard our personal and financial details.
The Scamwatch “Scam Statistics” page is a standout resource, providing an interactive dashboard that allows you to explore real-time data on scam reports. Every report feeds into a national intelligence network that contributes to early detection and disruption efforts. You can see which scams are growing, which methods are being used most effectively, and where education and awareness are making an impact.
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Date: 2025-08-25
Author: The Hacker News
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container.
The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3.
Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775
Date: 2025-08-27
Author: Security Affairs
[See AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2025.5974]
Experts at the Shadowserver Foundation warn that more than 28,200 Citrix instances are vulnerable to the vulnerability CVE-2025-7775, which is under active exploitation.
CVE-2025-7775 (CVSS score: 9.2) is a memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service.
This week, Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it said has been actively exploited in the wild.
CISA warns of actively exploited Git code execution flaw
Date: 2025-08-26
Author: Bleeping Computer
[See AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2025.5077]
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system.
The agency has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and has set the patch deadline for federal agencies to September 15th.
Git version control system allows software development teams to track codebase changes over time. The library is the backbone of modern software collaboration, serving as the basis for platforms such as GitHub, GitLab, and Bitbucket.
High-severity vulnerability in Passwordstate credential manager. Patch now.
Date: 2025-08-29
Author: Ars Technica
The maker of Passwordstate, an enterprise-grade password manager for storing companies’ most privileged credentials, is urging them to promptly install an update fixing a high-severity vulnerability that hackers can exploit to gain administrative access to their vaults.
The authentication bypass allows hackers to create a URL that accesses an emergency access page for Passwordstate. From there, an attacker could pivot to the administrative section of the password manager. A CVE identifier isn’t yet available.
A hacker used AI to automate an 'unprecedented' cybercrime spree, Anthropic says
Date: 2025-08-27
Author: NBC News
A hacker has exploited a leading artificial intelligence chatbot to conduct the most comprehensive and lucrative AI cybercriminal operation known to date, using it to do everything from find targets to write ransom notes.
In a report published Tuesday, Anthropic, the company behind the popular Claude chatbot, said that an unnamed hacker “used AI to what we believe is an unprecedented degree” to research, hack and extort at least 17 companies.
ESB-2025.5938 – Atlassian Products: CVSS (Max): 9.4
Atlassian monthly bulletin addresses 14 high-severity and 1 critical-severity vulnerabilities. Users are advised to upgrade their Server/Data Center instances to the latest versions.
ESB-2025.5966 – IBM Security QRadar SIEM: CVSS (Max): 9.8
IBM has addressed vulnerable open-source components such as Linux kernel and Python libraries in QRadar SIEM which may be exploitable via automated scanning tools.
ESB-2025.5974 – Citrix Products: CVSS (Max): 9.2
Citrix has released urgent patches addressing three serious vulnerabilities in NetScaler ADC and NetScaler Gateway—including a critical zero-day memory-overflow flaw actively exploited in the wild, and additional memory-overflow & management-interface access control issues.
ESB-2025.6029 – GitLab Community Edition and Enterprise Edition: CVSS (Max): 6.5
GitLab delivered patch releases 18.3.1, 18.2.5, and 18.1.5 for both CE and EE, addressing multiple security and bug fixes, and strongly urges all self-managed users to upgrade immediately.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
