Update Chrome to fix Critical Use-After-Free Flaw; WP Ghost Wordpress Plugin Vulnerable to RCE; "IngressNightmare" Flaws in Ingress NGINZ Controller

Chrome stable channel for desktop has been updated to version 134.0.6998.117/.118 for Windows and Mac, and 134.0.6998.117 for Linux. The newest version of Google's browser includes a fix for a critical use-after-free flaw in Lens that could be exploited to crash the browser or infect a vulnerable computer with malware. The flaw can be exploited by 'a remote attacker to potentially exploit heap corruption via a crafted HTML page.' The updates will roll out over a period of several days.

A critical unauthenticated Local File Inclusion vulnerability in the WP Ghost WordPress plugin could be exploited to allow remote code execution. The flaw is "due to insufficient user input value via the URL path that will be included as a file." The issue has been patched in WP Ghost version 5.4.02; users are urged to update top the most recent version. The vulnerability was reported in late February and the patched version was released within a week. WP Ghost, which "offers protection against SQL injection, script injection, vulnerability exploitation, malware dropping, file inclusion exploits, directory traversal attacks, and cross-site scripting," has more than 200,000 active installations.

Researchers from Wiz have identified four critical vulnerabilities affecting Ingress NGINZ Controller for Kubernetes. Collectively dubbed IngressNightmare, the flaws could be exploited to allow unauthenticated remote code execution. Wiz Research writes, "exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover."

Researchers from Cisco Talos have detected an ongoing advanced persistent threat (APT) campaign involving a group with ties to China that is targeting Taiwan's critical infrastructure. The group, which Talos identifies as UAT-5918, is an APT group that targets entities in Taiwan to establish long-term persistent access in victim environments. UAT-5918 usually obtains initial access by exploiting N-day vulnerabilities in unpatched web and application servers exposed to the internet. The threat actor will subsequently use a plethora of open-source tools for network reconnaissance to move through the compromised enterprise." The Talos report includes a chart of APT tools and tactics, techniques, and procedures (TTP) overlap between APT groups, as well as a chart of targeted countries and sectors.

Cloudflare published a blog post on Thursday, March 20, 2025 announcing that all HTTP ports on api.cloudflare.com will be closed, rejecting all unencrypted connections in order to eliminate the risk of API requests' cleartext traffic, including API keys or tokens, being exposed and intercepted. HTTP connections will no longer return a 403 Forbidden response, as the interface will be entirely closed. This transition coincides with modifying api.cloudflare.com to be able to "change IP addresses dynamically, in line with on-going efforts to decouple names from IP addresses, and reliably managing addresses in [Cloudflare's] authoritative DNS."

The FBI Denver field office issued a warning on March 7, 2025 noting recent prevalence of scams employing compromised online file converter, downloader, and combiner tools. While the sites may perform their function, the new file returned to the user may contain malware meant to steal personal information or infect their system with ransomware. The tools may also steal sensitive information from the uploaded documents themselves, including social security numbers, dates of birth, phone numbers, and other personally identifiable information (PII), banking information, cryptocurrency information, email addresses, and passwords. The FBI urge regular security scans and caution with any downloaded files, and ask that reports of these attacks and attempts be submitted to the FBI Internet Crime Complaint Center (IC3). To any victims, they recommend contacting financial institutions and protecting against identity theft; changing passwords from a device known not to be infected; scanning for malware or seeking professional security services; and making a report at www.ic3.gov.

Earlier this year, WhatsApp notified 90+ people that they had been targeted with spyware from Paragon Solutions. With input from a collaborator, Citizen Lab says "we mapped out server infrastructure that attribute to Paragon's Graphite spyware tool. We identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore."

Authorities in seven African countries have arrested a total of more than 300 people in as part of Operation Red Card, a four-month international operation that 'targeted mobile banking, investment and messaging app scams.' Authorities also seized nearly 1,850 devices. The operation was orchestrated through INTERPOLÕs African Joint Operation against Cybercrime (AFJOC) and involved authorities in Benin, C™te d'Ivoire, Nigeria, Rwanda, South Africa, Togo and Zambia.

US Federal Communications Commission (FCC) chair Brendan Carr announced that the FCCÕs new Council on Security will investigate the extent to which Chinese companies placed on the USÕs "Covered List" are operating within the US. Their designation means the companies may not receive federal funds, be used by government contractors, or provide products or services to US critical infrastructure. Specifically, the FCC imposed operational restrictions on Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, Dahua Technology Company, China Mobile International USA Inc., China Telecom (Americas) Corp., Pacifica Networks Corp./ComNet (USA) LLC, and China Unicom (Americas) Operations Ltd. In his statement, Carr notes, "We have reason to believe that, despite those actions, some or all of these Covered List entities are trying to make an end run around those FCC prohibitions by continuing to do business in America on a private or 'unregulated' basis." The investigation is currently in an information-gathering phase.

The US National Institute of Standards and Technology (NIST) has published an update regarding the backlog of vulnerabilities submitted for analysis to the National Vulnerability Database (NVD). NIST says while "we are currently processing incoming CVEs at roughly the rate we had sustained prior to the processing slowdown in spring and early summer of 2024, [É] CVE submissions increased 32 percent in 2024, and that prior processing rate is no longer sufficient to keep up with incoming submissions. As a result, the backlog is still growing." NIST expects the rate of CVE submissions to continue to rise. In an effort to improve the process, NIST is "exploring the use of machine learning to automate certain processing tasks." The Cyberscoop article provides a history of the NVD, including issues arising from increasing the number of CVE numbering authorities (CNAs), and the factors that led to the backlog first reported a year ago.