Ransomware Groups Exploit RMM Vulnerabilities for Attacks

Cyber Security News by CyberSum.net

Published on November 10, 2025 at 03:00 PM

3 sources

Cybersecurity researchers at Zensec uncovered a sophisticated supply-chain attack campaign in early 2025. Two prominent ransomware-as-a-service groups exploited critical vulnerabilities in SimpleHelp RMM software to breach downstream customers through managed service providers. The attacks leveraged three severe vulnerabilities, allowing attackers to bypass traditional security controls and move laterally with minimal friction. Despite available patches, numerous organisations fell victim to exploitation throughout Q1 and Q2 2025.

Also Read

APT Group Exploits Zero-Day Vulnerabilities in Cisco and Citrix Systems

Amazon’s threat intelligence division uncovered a cyber-espionage campaign where an advanced persistent threat (APT) group exploited zero-day vulnerabilities in Cisco and Citrix systems. The attackers targeted critical identity and network access control infrastructure, using undisclosed flaws before vendors released patches. Amazon’s MadPot honeypot service detected the exploitation attempts, leading to the identification of CVE-2025-5777 and CVE-2025-20337. The threat actor deployed a custom web shell disguised as a legitimate component, operating in-memory and using advanced encryption techniques. Security teams are advised to implement defense-in-depth strategies and closely monitor for anomalous activity.

By Cyber Security News by CyberSum.netNovember 13, 2025 at 12:00 PM