Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

The Hacker News by The Hacker News
October 15, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Oct 15, 2025Ravie LakshmananVulnerability / Server Security

Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild.

The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center application unsafely passes session cookie data to shell processing.

This, in turn, allows an attacker to inject shell commands into a session cookie that can get executed in the vulnerable server. The security flaw affects ICTBroadcast versions 7.4 and below.

DFIR Retainer Services

“Attackers are leveraging the unauthenticated command injection in ICTBroadcast via the BROADCAST cookie to gain remote code execution,” VulnCheck’s Jacob Baines said in a Tuesday alert. “Approximately 200 online instances are exposed.”

The cybersecurity firm said that it detected in-the-wild exploitation on October 11, with the attacks occurring in two phases, starting with a time-based exploit check followed by attempts to set up reverse shells.

To that end, unknown threat actors have been observed injecting a Base64-encoded command that translates to “sleep 3” in the BROADCAST cookie in specially crafted HTTP requests to confirm command execution and then create reverse shells.

“The attacker used a localto[.]net URL in the mkfifo + nc payload, and also made connections to 143.47.53[.]106 in other payloads,” Baines noted.

CIS Build Kits

It’s worth noting that both the use of a localto.net link and the IP address were previously flagged by Fortinet in connection with an email campaign distributing a Java-based remote access trojan (RAT) named Ratty RAT targeting organizations in Spain, Italy, and Portugal.

These indicator overlaps suggest possible reuse or shared tooling, VulnCheck pointed out. There is currently no information available on the patch status of the flaw. The Hacker News has reached out to ICT Innovations for further comment, and we will update the story if we hear back.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Recommended.

Huawei’s 6th Global Installer Summit: Gathering the Best Installers to Embrace Renewable Energy Opportunities in the AI Era

Huawei’s 6th Global Installer Summit: Gathering the Best Installers to Embrace Renewable Energy Opportunities in the AI Era

March 27, 2026
Tesco VMware migration shows backup incompatibilities | Computer Weekly

Tesco VMware migration shows backup incompatibilities | Computer Weekly

July 7, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio