Security researchers have uncovered a series of cyberattacks exploiting vulnerabilities in Progress Telerik UI and Advantive VeraCore software. The attacks, attributed to the Vietnamese threat actor XE Group, represent a significant shift from their previous credit card skimming operations to sophisticated supply chain targeting.

Key Vulnerabilities:
– CVE-2024-57968 (CVSS 9.9): File upload vulnerability in VeraCode
– CVE-2025-25181 (CVSS 5.8): SQL injection vulnerability
– CVE-2019-18935 (CVSS 9.8): Progress Telerik UI vulnerability

Attack Methodology:
The threat actors deploy ASPXSpy web shells for unauthorized system access and utilize Meterpreter payloads for remote control. Their sophisticated toolset includes capabilities for:
– File system enumeration
– Data exfiltration
– Network scanning
– SQL query execution

CISA Updates:
The U.S. Cybersecurity and Infrastructure Security Agency has added five critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:
– CVE-2025-0411: 7-Zip Mark of the Web Bypass
– CVE-2022-23748: Dante Discovery Process Control
– CVE-2024-21413: Microsoft Outlook Input Validation
– CVE-2020-29574: CyberoamOS SQL Injection
– CVE-2020-15069: Sophos XG Firewall Buffer Overflow

Federal agencies must implement patches by February 27, 2025, to protect against these active threats. The continued exploitation of older vulnerabilities emphasizes the critical importance of timely system patching, especially for internet-exposed systems.