Access Control - Geek Feed

Akira ransomware exploiting critical SonicWall SSLVPN bug again

September 14, 2025September 14, 2025 geekfeed0Tagged Access Control, Actively Exploited, Akira, CVE-2024-40766, SonicWall, vulnerability

The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. The hackers are leverging the security issue to gain access to target networks via unpatched SonicWall SSL VPN endpoints. SonicWall released a patch for CVE-2024-40766 last year in August, marking it as actively exploited. The flaw allows unauthorized resource […]

2 mins read

New ServiceNow flaw lets attackers enumerate restricted data

July 12, 2025July 12, 2025 geekfeed0Tagged Access Control, ACL, CVE-2025-3648, Data Leak, Enumeration, ServiceNow, vulnerability

A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. ServiceNow is a cloud-based platform that enables organizations to manage digital workflows for their enterprise operations. It is widely adopted across various industries, including public sector organizations, healthcare, financial institutions, and large […]

4 mins read

Microsoft fixes Power Pages zero-day bug exploited in attacks

February 22, 2025February 22, 2025 geekfeed0Tagged Access Control, Actively Exploited, Cloud, CVE-2025-21355, CVE-2025-24989, Elevation of Privileges, microsoft, Power Pages, vulnerability

Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft says it […]

2 mins read