At a glance.
- Law enforcement shutters AVCheck.
- Technical details for maximum-severity Cisco flaw have been released.
- Cyber Command's network defense wing is designated as a sub-unified command.
Law enforcement shutters AVCheck.
An international law enforcement operation led by the Dutch Politie has shuttered AVCheck, a service used by cybercriminals to see if their malware strains will be detected by antivirus products, Infosecurity Magazine reports. Authorities also seized AVCheck's user database containing "usernames, email addresses, payment information and more," which will be used for further investigations.
Matthijs Jaspers, team leader at the Dutch National High Tech Crime Unit, stated, "This will disrupt cybercriminals as early as possible in their operations and prevent victims. In recent years, the investigation has also collected important evidence about the administrators and users of the AVCheck service and the associated services Cryptor[.]biz and Crypt[.]guru."
Technical details for maximum-severity Cisco flaw have been released.
Researchers at Horizon3 have released technical details about a recently patched maximum-severity vulnerability (CVE-2025-20188) affecting Cisco's IOS XE Software for Wireless LAN Controllers. Horizon3 hasn't published a proof-of-concept (PoC) exploit, but BleepingComputer warns that threat actors will likely attempt to craft one now that the information is public. Users are urged to patch to version 17.12.04 or newer before a PoC is released.
Cisco explained in an advisory on May 7th, "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges."
Cyber Command's network defense wing is designated as a sub-unified command.
The US Congress has officially designated Cyber Command's network defense arm as a sub-unified command, DefenseScoop reports. The Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN) will now be known as the "Department of Defense Cyber Defense Command (DCDC)."
DefenseScoop explains, "The move doesn’t necessarily provide additional authorities or funding streams, but does offer opportunities to pursue certain resources, processes, and authorities as needed for more effective approaches to protect the DODIN."
