Italian and U.S. authorities both disclosed active exploitation of Samsung MagicINFO 9 flaws within 48 hours.
Italian CSIRT and CISA both disclosed active exploitation of Samsung MagicINFO 9 vulnerabilities within 48 hours. The paired advisories suggest coordinated threat actor activity targeting enterprise digital signage infrastructure.
Samsung MagicINFO Critical CVE Actively Exploited
Active exploitation of Samsung MagicINFO 9 Server vulnerability CVE-2025-4632 (CVSS v3 9.8) has been detected by Italian CSIRT. The vulnerability, described as a Path Traversal type and potentially a patch bypass for CVE-2024-7399, allows arbitrary file write on target systems and has been used to distribute Mirai botnet in some cases. A proof of concept is publicly available. Affected versions are MagicINFO 9 Server prior to version 21.1052. The vendor has released a patch.
CISA Flags Samsung MagicINFO 9 Path Traversal Vulnerability
CISA added CVE-2024-7399, a path traversal vulnerability in Samsung MagicINFO 9 Server versions before 21.1050, to its Known Exploited Vulnerabilities catalog. The flaw carries a CVSS 3.1 score of 8.8 (HIGH) and allows authenticated attackers with network access to write arbitrary files as system authority, potentially enabling full system compromise. The vulnerability was reported by an anonymous researcher working with Trend Micro Zero Day Initiative and has been confirmed as actively exploited in the wild since at least May 2025. Organizations running Samsung MagicINFO 9 Server should verify their version and apply the version 21.1050 patch immediately.
Sources
CISA Flags Samsung MagicINFO 9 Path Traversal Vulnerability
Samsung MagicINFO Critical CVE Actively Exploited
More from Data Privacy & Cybersecurity Browse all →
Czech DPA Fines Avast 351M CZK for Unlawful Data Transfers
The Czech data protection authority fined Avast 351 million CZK for transferring pseudonymized browsing histories tied to unique identifiers from approximately 100 million users to its Jumpshot subsidiary despite claims of anonymization. The decision, final and binding, marks one of the larger GDPR penalties issued against a major technology company.
April 27, 2026
CISA and CERT-Bund Issue Three Advisories on Actively Exploited Apache ActiveMQ Flaws
CISA added two Apache ActiveMQ CVEs to its Known Exploited Vulnerabilities catalog citing active exploitation, while CERT-Bund simultaneously disclosed additional flaws in the software. The vulnerabilities allow authenticated attackers to achieve remote code execution through the Jolokia JMX-HTTP bridge.
April 23, 2026
Adobe Acrobat Zero-Day Under Active Exploitation, Three Agencies Warn
CVE-2026-34621, a critical Adobe Acrobat vulnerability allowing arbitrary code execution, is under active exploitation according to advisories from CSA Singapore, CERT-FR, and CISA. The agencies added multiple Adobe CVEs to exploit catalogs, signaling a coordinated attack campaign targeting unpatched systems.
April 18, 2026
CISA Warns Critical ICS Flaws Expose SQL Credentials in Mitsubishi, ICONICS Products
Vulnerabilities in industrial control software used by water, energy, and manufacturing sectors could let hackers steal database passwords
April 13, 2026
Get the briefing in your inbox
The top regulatory stories, delivered daily. No noise.
Free. Unsubscribe anytime.