Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
A maximum severity security vulnerability has been disclosed in Apache Parquet’s Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances.
Apache Parquet is a free and open-source columnar data file format that’s designed for efficient data processing and retrieval, providing support for complex data, high-performance compression, and encoding schemes. It was first launched in 2013.
The vulnerability in question is tracked as CVE-2025-30065. It carries a CVSS score of 10.0.
“Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code,” the project maintainers said in an advisory.
According to Endor Labs, successful exploitation of the flaw requires tricking a vulnerable system into reading a specially crafted Parquet file to obtain code execution.
“This vulnerability can impact data pipelines and analytics systems that import Parquet files, particularly when those files come from external or untrusted sources,” the company said. “If attackers can tamper with the files, the vulnerability may be triggered.”
Source: The hacker news / Bleeping computer
Link: https://thehackernews.com/2025/04/critical-flaw-in-apache-parquet-allows.html
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials.
“These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection,” Microsoft said in a report shared with The Hacker News.
A notable aspect of these campaigns is that they lead to phishing pages that are delivered via a phishing-as-a-service (PhaaS) platform codenamed RaccoonO365, an e-crime platform that first came to light in early December 2024.
Also delivered are remote access trojans (RATs) like Remcos RAT, as well as other malware and post-exploitation frameworks such as Latrodectus, AHKBot, GuLoader, and BruteRatel C4 (BRc4).
One such campaign spotted by the tech giant on February 6, 2025, is estimated to have sent hundreds of emails targeting the United States ahead of the tax filing season that attempted to deliver BRc4 and Latrodectus. The activity has been attributed to Storm-0249, an initial access broker previously known for distributing BazaLoader, IcedID, Bumblebee, and Emotet.
Source: The hacker news / Microsoft security blog
Link: https://thehackernews.com/2025/04/microsoft-warns-of-tax-themed-email.html
Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers
As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices.
For service providers, adhering to NIST standards is a strategic business decision. Compliance not only protects client data but also enhances credibility, streamlines incident response, and provides a competitive edge.
The step-by-step guide is designed to help service providers understand and implement NIST compliance for their clients. By following the guide, you will:
- Understand the importance of NIST compliance and how it impacts service providers.
- Learn about key NIST frameworks, including NIST Cybersecurity Framework (CSF 2.0), NIST 800-53, and NIST 800-171.
- Follow a structured compliance roadmap—from conducting a gap analysis to implementing security controls and monitoring risks.
- Learn how to overcome common compliance challenges using best practices and automation tools.
- Ensure long-term compliance and security maturity, strengthening trust with clients and enhancing market competitiveness.
Source: The hacker news
Link: https://thehackernews.com/2025/04/helping-your-clients-achieve-nist.html
Oracle privately confirms Cloud breach to customers
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a “legacy environment” last used in 2017, Bloomberg reported.
However, while Oracle told clients this is old legacy data that is not sensitive, the threat actor behind the attack has shared data with BleepingComputer from the end of 2024 and posted newer records from 2025 on a hacking forum.
According to Bloomberg, the company also informed clients that cybersecurity firm CrowdStrike and the FBI are investigating the incident.
Cybersecurity firm CybelAngel first revealed that Oracle told clients that an attacker who gained access to the company’s Gen 1 (also known as Oracle Cloud Classic) servers as early as January 2025 used a 2020 Java exploit to deploy a web shell and additional malware.
During the breach, detected in late February, the attacker allegedly exfiltrated data from the Oracle Identity Manager (IDM) database, including user emails, hashed passwords, and usernames.
This comes after a threat actor (known as rose87168) put up for sale 6 million data records on BreachForums on March 20 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the data was legitimate, all of them allegedly stolen from Oracle Cloud’s federated SSO login servers.
Source: Bleeping computer / Dark reading
Link: https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/
Link: https://www.darkreading.com/application-security/oracle-cloud-users-urged-take-action
Cisco warns of CSLU backdoor admin account used in attacks
Cisco has warned admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks.
CSLU is a Windows app for managing licenses and linked products on-premises without connecting them to Cisco’s cloud-based Smart Software Manager solution.
Cisco patched this security flaw (CVE-2024-20439) in September, describing it as “an undocumented static user credential for an administrative account” that lets unauthenticated attackers log into unpatched systems remotely with admin privileges over the Cisco Smart Licensing Utility (CSLU) app’s API. CVE-2024-20439 only impacts systems running vulnerable Cisco Smart Licensing Utility releases, but it’s only exploitable if the user starts the CSLU app (which doesn’t run in the background by default).
Aruba threat researcher Nicholas Starke reverse-engineered the vulnerability two weeks after Cisco released security patches and published a write-up with technical details (including the decoded hardcoded static password).
“In March 2025, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild,” the company said in a Tuesday update to the original security advisory. “Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.”
Source: Bleeping computer