Critical Apache HTTP Server Remote Code Execution Flaw
A critical vulnerability in the Apache HTTP Server is putting millions of web servers at risk of remote code execution attacks. The flaw allows attackers to execute arbitrary commands on affected servers without authentication, potentially enabling full system compromise. While a specific CVE has not been published yet, administrators are advised to immediately apply available patches and monitor for updates on cve.org. The vulnerability impacts a broad swath of internet-facing infrastructure, making it a top priority for security teams.
Microsoft Edge Stored Passwords in Cleartext Memory
Separately, researchers have discovered that Microsoft Edge stores all saved passwords in cleartext within its process memory at launch. This means any user or malware with access to the browser’s memory dump can extract every credential stored in the password manager. The issue affects both current and earlier versions of Edge, and Microsoft has not yet released a fix. Users are urged to use dedicated password managers rather than relying on the built-in browser feature until a patch is deployed.
New MicroStealer Malware Targets Telecom and Education
A new information-stealing malware named MicroStealer is actively attacking telecom and education sectors. The malware specializes in exfiltrating browser credentials, cryptocurrency wallets, and sensitive documents using lightweight, modular payloads that evade traditional antivirus detection. Its small size and low resource footprint make it difficult to spot, and it often spreads through phishing emails and compromised software downloads. Organizations in targeted sectors should enhance endpoint monitoring and user awareness training.
Sources: – https://cybersecuritynews.com/apache-http-server-rce/ – https://cybersecuritynews.com/microsoft-edge-passwords-cleartext/ – https://cybersecuritynews.com/new-microstealer-malware-actively-attacking/
Source: Cyber Security News
