New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits - Related to execution, enables, cacti, simplehelp, (cve-2025-22604)
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.
The flaw, tracked as CVE-2025-22604, carries a CVSS score of [website] out of a maximum of [website].
"Due to a flaw in the multi-line SNMP result parser, authenticated people can inject malformed OIDs in the response," the project maintainers mentioned in an advisory released this week.
"When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability."
Successful exploitation of the vulnerability could permit an authenticated user with device management permissions to execute arbitrary code in the server, and steal, edit, or delete sensitive data.
CVE-2025-22604 affects all versions of the software prior to and including [website] It has been addressed in version [website] A security researcher who goes by the online alias u32i has been credited with discovering and reporting the flaw.
Also addressed in the latest version is CVE-2025-24367 (CVSS score: [website], which could permit an authenticated attacker to create arbitrary PHP scripts in the web root of the application by abusing the graph creation and graph template functionality, leading to remote code execution.
With security vulnerabilities in Cacti having come under active exploitation in the past, organizations relying on the software for network monitoring should prioritize applying the necessary patches to mitigate the risk of compromise.
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information steal......
Ransomware attacks netted cybercrime groups a total of $[website] million in 2024, a decline from $[website] billion in 2023.
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT.
Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
Threat actors have been observed exploiting lately disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack.
The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity enterprise Field Effect mentioned in a study shared with The Hacker News.
"The attack involved the quick and deliberate execution of several post-compromise tactics, techniques and procedures (TTPs) including network and system discovery, administrator account creation, and the establishment of persistence mechanisms, which could have led to the deployment of ransomware," security researchers Ryan Slaney and Daniel Albrecht unveiled.
The vulnerabilities in question, CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were disclosed by [website] last month. Successful exploitation of the security holes could allow for information disclosure, privilege escalation, and remote code execution.
They have since been addressed in SimpleHelp versions [website], [website], and [website] released on January 8 and 13, 2025.
Merely weeks later, Arctic Wolf mentioned it observed a campaign that involved obtaining unauthorized access to devices running SimpleHelp remote desktop software as an initial access vector.
While it was unclear at that time if these vulnerabilities were put to use, the latest findings from Field Effect all but confirm that they are being actively weaponized as part of ransomware attack chains.
In the incident analyzed by the Canadian cybersecurity corporation, the initial access was gained to a targeted endpoint via a vulnerable SimpleHelp RMM instance ("[website][.]171") located in Estonia.
Upon establishing a remote connection, the threat actor has been observed performing a series of post-exploitation actions, including reconnaissance and discovery operations, as well as creating an administrator account named "sqladmin" to facilitate the deployment of the open-source Sliver framework.
The persistence offered by Sliver was subsequently abused to move laterally across the network, establishing a connection between the domain controller (DC) and the vulnerable SimpleHelp RMM client and ultimately installing a Cloudflare tunnel to stealthily route traffic to servers under the attacker's control through the web infrastructure organization's infrastructure.
Field Effect stated the attack was detected at this stage, preventing the attempted tunnel execution from taking place and isolating the system from the network to ensure further compromise.
In the event the event was not flagged, the Cloudflare tunnel could have served as a conduit for retrieving additional payloads, including ransomware. The firm presented the tactics overlap with that of Akira ransomware attacks previously reported in May 2023, although it's also possible other threat actors have adopted the tradecraft.
"This campaign demonstrates just one example of how threat actors are actively exploiting SimpleHelp RMM vulnerabilities to gain unauthorized persistent access to networks of interest," the researchers noted. "Organizations with exposure to these vulnerabilities must revision their RMM clients as soon as possible and consider adopting a cybersecurity solution to defend against threats."
The development comes as Silent Push revealed that it's seeing a rise in the use of the ScreenConnect RMM software on bulletproof hosts as a way for threat actors to gain access and control victim endpoints.
"Potential attackers have been using social engineering to lure victims into installing legitimate software copies configured to operate under the threat actor's control," the organization revealed. "Once installed, the attackers use the altered installer to quickly gain access to the victim's files."
The [website] Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset managem......
Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Micros......
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed [website] machine keys from publicly acces......
New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.
The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the Apple M3 CPU via False Load Output Predictions (FLOP). Apple was notified of the issues in May and September 2024, respectively.
The vulnerabilities, like the previously disclosed iLeakage attack, build on Spectre, arising when speculative execution "backfires," leaving traces of mispredictions in the CPU's microarchitectural state and the cache.
Speculative execution refers to a performance optimization mechanism in modern processors that are aimed at predicting the control flow the CPU should take and execute instructions along the branch beforehand.
In the event of a misprediction, the results of the transient instructions are discarded and revert all changes made to the state following the prediction.
These attacks leverage the fact that speculative execution leaves traces to force a CPU to make a misprediction and execute a series of transient instructions, whose value could then be inferred through a side-channel even after the CPU rolls back all the changes to the state due to the misprediction.
"In SLAP and FLOP, we demonstrate that recent Apple CPUs go beyond this, not only predicting the control flow the CPU should take, but also the data flow the CPU should operate on if data are not readily available from the memory subsystem," the researchers mentioned.
"Unlike Spectre, mispredictions on data flow do not directly result in the CPU speculatively executing the wrong instructions. Instead, they result in the CPU executing arbitrary instructions on the wrong data. However, we show this can be combined with indirection techniques to execute wrong instructions."
SLAP, which affects M2, A15, and newer chips, targets what's called a Load Address Predictor (LAP) that Apple chips use to guess the next memory address the CPU will retrieve data from based on prior memory access patterns.
However, if the LAP predicts a wrong memory address, it can cause the processor to perform arbitrary computations on out-of-bounds data under speculative execution, thereby opening the door to an attack scenario where an adversary can recover email content from a logged-in user and browsing behavior from the Safari browser.
On the other hand, FLOP impacts M3, M4, and A17 chips, and takes aim at another feature called Load Value Predictor (LVP) that's designed to improve data dependency performance by "guessing the data value that will be returned by the memory subsystem on the next access by the CPU core."
FLOP causes "critical checks in program logic for memory safety to be bypassed, opening attack surfaces for leaking secrets stored in memory," the researchers noted, adding it could be weaponized against both Safari and Chrome browsers to pull off various arbitrary memory read primitives, such as recovering location history, calendar events, and credit card information.
The disclosure comes nearly two months after researchers from Korea University detailed SysBumps, which they described as the first kernel address space layout randomization (KASLR) break attack on macOS for Apple silicon.
"By using Spectre-type gadgets in system calls, an unprivileged attacker can cause translations of the attacker's chosen kernel addresses, causing the TLB to change ," Hyerean Jang, Taehun Kim, and Youngjoo Shin noted. "This allows the construction of an attack primitive that breaks KASLR bypassing kernel isolation."
Separately, new academic research has also uncovered an approach to "combine multiple side-channels to overcome limitations when attacking the kernel," finding that address space tagging, "the very same feature that makes mitigation of side-channels efficient, opens up a new attack surface."
This includes a practical attack dubbed TagBleed, which abuses tagged translation lookaside buffers (TLBs), which makes separating kernel and user address spaces efficient, and residual translation information to break KASLR even in the face of state-of-the-art mitigations" on modern architectures.
"This leakage is enough to fully derandomize KASLR when used in combination with a secondary side-channel attack that uses the kernel as a confused deputy to leak additional information about its address space," VUSec researcher Jakob Koschel introduced.
British-based engineering firm IMI plc has disclosed a security breach after unknown attackers hacked into the firm's systems.
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information steal......
A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels......
Market Impact Analysis
Market Growth Trend
| 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 |
|---|---|---|---|---|---|---|
| 8.7% | 10.5% | 11.0% | 12.2% | 12.9% | 13.3% | 13.4% |
Quarterly Growth Rate
| Q1 2024 | Q2 2024 | Q3 2024 | Q4 2024 |
|---|---|---|---|
| 12.5% | 12.9% | 13.2% | 13.4% |
Market Segments and Growth Drivers
| Segment | Market Share | Growth Rate |
|---|---|---|
| Network Security | 26% | 10.8% |
| Cloud Security | 23% | 17.6% |
| Identity Management | 19% | 15.3% |
| Endpoint Security | 17% | 13.9% |
| Other Security Solutions | 15% | 12.4% |
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity:
Competitive Landscape Analysis
| Company | Market Share |
|---|---|
| Palo Alto Networks | 14.2% |
| Cisco Security | 12.8% |
| Crowdstrike | 9.3% |
| Fortinet | 7.6% |
| Microsoft Security | 7.1% |
Future Outlook and Predictions
The Execution Critical Cacti landscape is evolving rapidly, driven by technological advancements, changing threat vectors, and shifting business requirements. Based on current trends and expert analyses, we can anticipate several significant developments across different time horizons:
Year-by-Year Technology Evolution
Based on current trajectory and expert analyses, we can project the following development timeline:
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity, influencing adoption timelines and investment priorities:
Innovation Trigger
- Generative AI for specialized domains
- Blockchain for supply chain verification
Peak of Inflated Expectations
- Digital twins for business processes
- Quantum-resistant cryptography
Trough of Disillusionment
- Consumer AR/VR applications
- General-purpose blockchain
Slope of Enlightenment
- AI-driven analytics
- Edge computing
Plateau of Productivity
- Cloud infrastructure
- Mobile applications
Technology Evolution Timeline
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
Expert Perspectives
Leading experts in the cyber security sector provide diverse perspectives on how the landscape will evolve over the coming years:
"Technology transformation will continue to accelerate, creating both challenges and opportunities."
— Industry Expert
"Organizations must balance innovation with practical implementation to achieve meaningful results."
— Technology Analyst
"The most successful adopters will focus on business outcomes rather than technology for its own sake."
— Research Director
Areas of Expert Consensus
- Acceleration of Innovation: The pace of technological evolution will continue to increase
- Practical Integration: Focus will shift from proof-of-concept to operational deployment
- Human-Technology Partnership: Most effective implementations will optimize human-machine collaboration
- Regulatory Influence: Regulatory frameworks will increasingly shape technology development
Short-Term Outlook (1-2 Years)
In the immediate future, organizations will focus on implementing and optimizing currently available technologies to address pressing cyber security challenges:
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
These developments will be characterized by incremental improvements to existing frameworks rather than revolutionary changes, with emphasis on practical deployment and measurable outcomes.
Mid-Term Outlook (3-5 Years)
As technologies mature and organizations adapt, more substantial transformations will emerge in how security is approached and implemented:
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
This period will see significant changes in security architecture and operational models, with increasing automation and integration between previously siloed security functions. Organizations will shift from reactive to proactive security postures.
Long-Term Outlook (5+ Years)
Looking further ahead, more fundamental shifts will reshape how cybersecurity is conceptualized and implemented across digital ecosystems:
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
These long-term developments will likely require significant technical breakthroughs, new regulatory frameworks, and evolution in how organizations approach security as a fundamental business function rather than a technical discipline.
Key Risk Factors and Uncertainties
Several critical factors could significantly impact the trajectory of cyber security evolution:
Organizations should monitor these factors closely and develop contingency strategies to mitigate potential negative impacts on technology implementation timelines.
Alternative Future Scenarios
The evolution of technology can follow different paths depending on various factors including regulatory developments, investment trends, technological breakthroughs, and market adoption. We analyze three potential scenarios:
Optimistic Scenario
Rapid adoption of advanced technologies with significant business impact
Key Drivers: Supportive regulatory environment, significant research breakthroughs, strong market incentives, and rapid user adoption.
Probability: 25-30%
Base Case Scenario
Measured implementation with incremental improvements
Key Drivers: Balanced regulatory approach, steady technological progress, and selective implementation based on clear ROI.
Probability: 50-60%
Conservative Scenario
Technical and organizational barriers limiting effective adoption
Key Drivers: Restrictive regulations, technical limitations, implementation challenges, and risk-averse organizational cultures.
Probability: 15-20%
Scenario Comparison Matrix
| Factor | Optimistic | Base Case | Conservative |
|---|---|---|---|
| Implementation Timeline | Accelerated | Steady | Delayed |
| Market Adoption | Widespread | Selective | Limited |
| Technology Evolution | Rapid | Progressive | Incremental |
| Regulatory Environment | Supportive | Balanced | Restrictive |
| Business Impact | Transformative | Significant | Modest |
Transformational Impact
Technology becoming increasingly embedded in all aspects of business operations. This evolution will necessitate significant changes in organizational structures, talent development, and strategic planning processes.
The convergence of multiple technological trends—including artificial intelligence, quantum computing, and ubiquitous connectivity—will create both unprecedented security challenges and innovative defensive capabilities.
Implementation Challenges
Technical complexity and organizational readiness remain key challenges. Organizations will need to develop comprehensive change management strategies to successfully navigate these transitions.
Regulatory uncertainty, particularly around emerging technologies like AI in security applications, will require flexible security architectures that can adapt to evolving compliance requirements.
Key Innovations to Watch
Artificial intelligence, distributed systems, and automation technologies leading innovation. Organizations should monitor these developments closely to maintain competitive advantages and effective security postures.
Strategic investments in research partnerships, technology pilots, and talent development will position forward-thinking organizations to leverage these innovations early in their development cycle.
Technical Glossary
Key technical terms and definitions to help understand the technologies discussed in this article.
Understanding the following technical concepts is essential for grasping the full implications of the security threats and defensive measures discussed in this article. These definitions provide context for both technical and non-technical readers.
ransomware beginner
SOC intermediate
malware beginner
Common malware types and their characteristicsplatform intermediate
phishing beginner
Anatomy of a typical phishing attackRelated Articles
