NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked

May 8, 2025

The UK’s National Cyber Security Centre (NCSC) has warned the IT helpdesks of retailers to be on their guard against bogus support calls they might receive from hackers pretending to be staff locked out of their accounts.

Read more in my article on the Exponential-e blog.

Source: Read More

Previous ArticleEuropol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

Next Article Beware of phone scams demanding money for ‘missed jury duty’

Highlights

CVE-2025-20188 – Cisco IOS XE Software Wireless LAN Controllers Unauthenticated Remote File Upload and Command Execution Vulnerability

May 7, 2025

CVE ID : CVE-2025-20188

Published : May 7, 2025, 6:15 p.m. | 1 hour, 29 minutes ago

Description : A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.

This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked

GPT-5 is Coming: Revolutionizing Software Testing

Win the Accessibility Game: Combining AI with Human Judgment

CVE-2025-6701 – Xuxueli xxl-sso Open Redirect Vulnerability

CVE-2025-52782 – King Rayhan Scroll UP Cross-site Scripting Vulnerability

How to lock in your Xfinity rate for 5 years, get unlimited data, and score a free mobile line

34 Excellent Free Books to Learn all about R

CVE-2025-20188 – Cisco IOS XE Software Wireless LAN Controllers Unauthenticated Remote File Upload and Command Execution Vulnerability

CVE-2024-13860 – Buddyboss WordPress Stored Cross-Site Scripting

CVE-2023-53131 – SunRPC Thread Shutdown Leak

CVE-2025-4812 – PHPGurukul Human Metapneumovirus Testing Management System SQL Injection Vulnerability

NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked

Related Posts