Cisco CSLU Critical Flaw Added to KEV; Oracle Faces Class Action Suit; Ivanti Buffer Overflow Exploited for RCE

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical hardcoded credentials flaw in Cisco Smart Licensing Utility (CSLU) to the Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability (CVE-2024-20439) was disclosed on September 4, 2024; Cisco released updates to address the issue at that time. CISA added the flaw to the KEV after confirmation that it is being actively exploited. In mid-March, Johannes Ullrich wrote in an Internet Storm Center diary that they were "seeing some exploit activity" of the flaw, chained with a second flaw that Cisco also patched in September, and in an April 1 update to the September advisory, Cisco notes, "In March 2025, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild."

A class action lawsuit has been filed in a US district court in Texas seeking damages and financial relief from Oracle in the wake of a March 2025 data breach of Oracle Cloud that the company denies occurred despite customers' confirmations and verification of the stolen data. The Plaintiff and Class members demand a jury trial, alleging that "Oracle violated Texas state data breach notification laws in not informing the alleged victims of a breach within 60 days of becoming aware of one." The lawsuit focuses on Oracle Cloud, but also alludes to the February 2025 breach of an Oracle Health server, only privately acknowledged by Oracle in non-letterhead notices. Bloomberg reports that certain Oracle Cloud customers also received private notices that credentials were stolen, but Oracle has not commented publicly. Cybersecurity researchers Kevin Beaumont and Jake Williams believe Oracle has attempted to remove evidence of the Oracle Cloud intrusion stored in the Internet Archive's Wayback Machine. Beaumont criticizes Oracle for "attempting to wordsmith statements" by distinguishing between Oracle Cloud and Oracle Cloud Classic, misleadingly only denying that the former was breached. Beaumont writes: "Oracle need to clearly, openly and publicly communicate what happened, how it impacts customers, and what they're doing about it. This is a matter of trust and responsibility." Connor Jones, writing for the register, characterizes Oracle's reactions as "denial and potentially deception and destruction."

Ivanti has released an advisory regarding a critical stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2. The flaw can be exploited to achieve remote code execution. Both Ivanti and Mandiant Incident Response researchers have noted that the vulnerability is being actively exploited by threat actors with ties to China. Ivanti has addressed the vulnerability in Ivanti Connect Secure 22.7R2.6, which was released in February. The vulnerability also affects Pulse Connect Secure 9.x, which reached end-of-life at the end of 2024; users are urged to migrate to a secure platform. Updates to address the vulnerability in Ivanti Policy Secure and Ivanti ZTA Gateways are expected to be available on April 19 and 21, respectively.

Open course genetic data repository openSNP will cease operations and delete all data it holds. openSNP started in 2011, providing a platform for people to upload genetic and phenotype data to use in research and education. The site's co-founder, Bastian Greshake Tzovaras, writes that "sunsetting openSNP - along with deleting the data stored within it - feels like it is the most responsible act of stewardship for these data today." Tzovaras cites 23andMe's bankruptcy filing as the 'proximate reason' for the dissolution of the project and notes that "there's also the aspect that more and more people worry about how their data will be used now, compared to 14 years ago, which is the ultimate reason."

Last year, more than 39 million secrets were found by GitHub's secret scanning service. In response GitHub is adding features to the newest version of GitHub Advanced Security Platform to bolster protection for secrets, including standalone secret protection and code security; free organization-wide secret risk assessment; push protection with delegated bypass controls; copilot-powered secret detection; and improved detection via cloud provider partnerships.

Cybersecurity agencies in Australia, Canada, New Zealand, and the US have published a joint cybersecurity advisory "to warn about how cyber actors are using a technique called fast flux to conceal their activities by rapidly changing the IP address associated with a domain name." The advisory incudes technical details about Fast Flux operations, detection techniques, and suggested mitigations.

The UK's Secretary of State for Science, Innovation and Technology Peter Kyle has published a Policy Statement detailing elements of the Cyber Security and Resilience Bill that will be introduced in Parliament later this year. The bill as currently envisioned rests on three pillars: increasing the types of entities the bill will cover; giving regulators increased powers of enforcement; and allowing the government to make changes to regulations quickly to "ensure the regulatory framework is adaptable to emerging threats."

The EU's European Commission (EC) has announced their presentation of a new European Internal Security Strategy dubbed "ProtectEU," including an increased focus on cyber and hybrid threats. Among many listed objectives are a number of cybersecurity goals including: "[Creating] a Roadmap on lawful and effective access to data for law enforcement ... [creating] a Technology Roadmap on encryption, and an impact assessment with a view to updating the EU's data retention rules ... implement[ing] the CER and NIS2 Directives ... [and introducing] a new Cybersecurity Act, and new measures to secure cloud and telecom services and developing technological sovereignty," as well as prioritizing intelligence and information exchange within the EU and with trusted countries. The EC's goals echo recent efforts by the UK and Sweden to legislate government access to encrypted data.

Canon has published a security advisory disclosing a critical vulnerability in drivers for "production printers, office/small office multifunction printers and laser printers." CVE-2025-1268, CVSS score 9.4, would allow an attacker to prevent printing and possibly execute arbitrary code when the print is processed by a malicious application, due to an out-of-bounds vulnerability in the EMF Recode processing of Generic Plus PCL6, UFR II, LIPS4, LIPSLX, and PS Printer Drivers V3.12 and earlier. Canon advises customers to install the latest drivers from "websites of your local Canon sales representatives."