The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers compromised the Treasury’s BeyondTrust Remote Support SaaS instances via CVE-2024-12356, a previously unknown unauthenticated command injection vulnerability. But, as Rapid7 researchers discovered (and confirmed by testing), “a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order … More
The post A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) appeared first on Help Net Security.
