2025 January(141) February(191) March(268) April(349) May(260) June(2) July(0) August(0) September(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 30.5.25 | ZDI-25-311 | (Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 30.5.25 | ZDI-25-310 | Linux Kernel ksmbd Session Setup Null Pointer Dereference Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 30.5.25 | ZDI-25-309 | (Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 30.5.25 | XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | MALWARE | RAT |
| 30.5.25 | EDDIESTEALER | Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns | MALWARE | STEALER |
| 30.5.25 | CVE-2025-3935 | ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. |
VULNEREBILITY |
|
| 29.5.25 | PE File DOS Header | The MS-DOS Header is a 64-byte structure at the beginning of a PE file. Along with the DOS stub, the DOS header is responsible for MS-DOS backward compatibility. | MALWARE | RAT |
| 29.5.25 | DragonForce | DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers | RANSOMWARE | RANSOMWARE |
| 29.5.25 | APT41 Innovative Tactics | Mark Your Calendar: APT41 Innovative Tactics | APT | APT |
| 29.5.25 | CVE-2025-47577 | Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2. |
VULNEREBILITY |
|
| 28.5.25 | CVE-2024-58136 | (CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP framework used by Craft CMS that could be exploited to access restricted functionality or resources (A regression of CVE-2024-4990) |
VULNEREBILITY |
|
| 28.5.25 | CVE-2025-32432 | (CVSS score: 10.0) - A remote code execution (RCE) vulnerability in Craft CMS (Patched in versions 3.9.15, 4.14.15, and 5.6.17) |
VULNEREBILITY |
|
| 28.5.25 | AppleProcessHub infostealer for macOS | AppleProcessHub is the name of a new infostealer variant targeting the macOS platform and masquerading as a system process. | VIRUS | |
| 28.5.25 | Swan Vector APT campaign | A newly APT campaign, dubbed “Swan Vector” has been targeting East Asian nations, particularly Japan and Taiwan. | APT | |
| 28.5.25 | StarFire Ransomware Demands $3,000 in Bitcoin | A group or individual calling themselves "StarFire" has recently emerged in the threat landscape, targeting individual machines with ransomware. | RANSOM | |
| 28.5.25 | DoubleLoader malware | DoubleLoader is a new malware family recently identified in the wild. Its' main functionality, similarly to other loader variants, is to retrieve malicious payloads from attacker-controlled servers and to execute them on the compromised endpoints | VIRUS | |
| 28.5.25 | Another Fake CAPTCHA campaign leads a range of stealers and RATs | There have been reports of another campaign involving fake CAPTCHA pages to deceive users into executing malicious commands via the Windows Run dialog. | ALERTS | VIRUS |
| 28.5.25 | PumaBot | PumaBot: Novel Botnet Targeting IoT Surveillance Devices | BOTNET | BOTNET |
| 28.5.25 | CVE-2025-32432 | Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. |
VULNEREBILITY |
|
| 28.5.25 | Dero miner | Dero miner zombies biting through Docker APIs to build a cryptojacking horde | MALWARE | CRYPTOCURRENCY |
| 28.5.25 | VenomRAT | Inside a VenomRAT Malware Campaign | MALWARE | RAT |
| 27.5.25 | Void Blizzard | New Russia-affiliated actor Void Blizzard targets critical sectors for espionage | GROUP | GROUP |
| 27.5.25 | TAG-110 | Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents | GROUP | GROUP |
| 27.5.25 | Winos 4.0 | NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign | MALWARE | Loader |
| 25.5.25 | Silent Ransom Group Targeting Law Firm | The cyber threat actor Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, is targeting law firms using information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive data to extort the victims | REPORT | REPORT |
| 25.5.25 | Russian GRU Targeting Western Logistics Entities and Technology Companies |
This joint cybersecurity advisory (CSA) highlights a Russian
state-sponsored cyber campaign targeting Western logistics entities and technology companies |
REPORT | REPORT |
| 25.5.25 | CVE-2020-12641 | rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. |
VULNEREBILITY |
|
| 25.5.25 | CVE-2020-35730 | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php. |
VULNEREBILITY |
|
| 25.5.25 | CVE-2021-44026 | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. |
VULNEREBILITY |
|
| 25.5.25 | CVE-2023-38831 | Exploiting WinRAR vulnerability |
VULNEREBILITY |
|
| 25.5.25 | CVE-2023-23397 | Exploiting the Outlook NTLM vulnerability |
VULNEREBILITY |
|
| 25.5.25 | CVE-2025-47949 | samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue. |
VULNEREBILITY |
|
| 25.5.25 | CVE-2025-4322 | The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. |
VULNEREBILITY |
|
| 24.5.25 | Lactrodectus | Following the spiders: Investigating Lactrodectus malware | MALWARE | RAT |
| 23.5.25 | Operation Sindoor – Anatomy of a Digital Siege | Overview Seqrite Labs, India’s largest Malware Analysis lab, has identified multiple cyber events linked to Operation Sindoor, involving state-sponsored APT activity and coordinated hacktivist operations. Observed tactics included spear phishing, deployment of malicious scripts, website defacements, and unauthorized data.. | OPERATION | OPERATION |
| 23.5.25 | ZDI-25-308 | Adobe Dreamweaver V8 Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-307 | Linux Kernel OpenvSwitch Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-306 | Docker Desktop Helper Service Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-305 | Apple XNU kernel vm_map Race Condition Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-304 | Apple macOS JPEG Image Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-303 | Apple Safari SandboxBroker ZIP File Processing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-302 | Apple macOS CoreMedia Framework Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-301 | Apple Safari Scrollbar Animation Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-300 | Apple macOS PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-299 | Apple macOS acv2 Codec Converter Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-298 | Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-297 | Trend Micro Apex Central widget getBlock Local File Inclusion Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-296 | Trend Micro Apex Central modTMCM Unrestricted File Upload Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-295 | Trend Micro Apex Central widget getObjWGFServiceApiByApiName Local File Inclusion Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-294 | Microsoft PC Manager MSPCManagerService Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-293 | Microsoft Windows Installer Service Link Following Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-292 | (Pwn2Own) Mozilla Firefox SpiderMonkey Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.5.25 | ZDI-25-291 | (Pwn2Own) Mozilla Firefox IonMonkey JIT Compiler Integer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.5.25 | Vidar and StealC infostealers delivered via social engineering | A new campaign distributing Vidar and StealC infostealers variants has been reported by the researchers from Trend Micro. The attackers are leveraging social engineering techniques with the use of TikTok videos in an attempt to entice users into running arbitrary PowerShell commands. | VIRUS | |
| 23.5.25 | Dero cryptominer delivered to vulnerable Docker containers | A new campaign delivering a Dero cryptocurrency miner to vulnerable Docker containers has been reported in the wild. While abusing exposed Docker APIs the attackers inject two malware components called “nginx” and “cloud”. The deployed cryptominer is written in Golang and based off an open-source DeroHE CLI miner project. | CRYPTOCURRENCY | |
| 23.5.25 | TetraLoader distributed in the UAT-6382 campaign | According to recent report from Cisco Talos, a new malicious activity dubbed UAT-6382 has been delivering a new malware called TetraLoader to its victims. The attackers have been leveraging a Cityworks RCE vulnerability (CVE-2025-0994) to get access to the targeted environments and perform the initial reconnaissance. | VIRUS | |
| 23.5.25 | Rhadamanthys delivered via phishing campaign | In a recently observed phishing campaign, we saw attackers attempting to deliver a Rhadamanthys stealer payload by way of a legal lure. Under the guise of a copyright infringement notification, the victim is encouraged to access a PDF for further details. | CAMPAIGN | |
| 22.5.25 | SideWinder APT using old Office Vulnerabilities | A new cyber-espionage campaign by APT group SideWinder has been targeting high-profile government institutions in Bangladesh, Pakistan, and Sri Lanka. The attackers leverage spear-phishing lures paired with geofenced payloads to ensure that only victims in specific countries receives the malicious content. To activate the infection process and deploy the StealerBot malware a combined exploitation of old vulnerabilities (CVE-2017-0199 and CVE-2017-11882) takes place. | ALERTS | APT |
| 23.5.25 | GhostSpy Android malware | GhostSpy is a mobile malware variant recently seen being actively distributed in the wild. Similarly to other prevalent mobile malware strains, GhostSpy leverages Android Accessibility Services in order to sideload malicious .apk packages on the targeted devices. | VIRUS | |
| 23.5.25 | Fake KeePass installers distributed in attacks targeting ESXi environments |
KeePass is a popular open source password manager
application. Recently there have been reports about an ongoing campaign
distributing fake KeePass installers targeted at ESXi environments.
|
HACKING | |
| 23.5.25 | CVE-2024-7399 & CVE-2025-4632 - Samsung MagicINFO vulnerabilities | CVE-2024-7399 is an unauthenticated remote code execution (RCE) vulnerability affecting the Samsung MagicINFO 9 Server. The flaw enables attackers to upload malicious .jsp files via unauthenticated POST requests effectively allowing them to execute arbitrary OS commands as a result. | VULNEREBILITY | |
| 23.5.25 | Spoofed Japan's e-Tax email notifications appear in phish runs | E-Tax is the National Tax Agency's online tax website that helps to file tax returns and pay national corporation taxes. Recently, Symantec has observed phishing attempts mimicking e-Tax, enticing users to open fake notification emails. | PHISHING | |
| 23.5.25 | Malvertising lures victims to fake Kling AI website | Threat Actors use social media malvertising to lure victims to fake pages impersonating Kling AI platform. The campaign directs visitors to use the platform to create AI-generated images and videos. | AI | |
| 23.5.25 | Trojanized installer delivers Bumblebee loader | It was recently observed that the installer package for the RVTools application was trojanized with a Bumblebee loader dll. RVTools is free utility that collects and displays a multitude of information related to Virtual Machines in VMware environments. | VIRUS | |
| 23.5.25 | Russia-Ukraine conflict comes in picture in a new Binance phishing wave | Binance is one of the world's major cryptocurrency exchanges that allows users to buy, sell and trade various digital assets, including Bitcoin, Ethereum, and altcoins. Lately, Symantec has observed phish runs that impersonate Binance services and entices users to open fake notification emails. | PHISHING | |
| 23.5.25 | CVE-2023-20118 | A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. |
VULNEREBILITY |
|
| 23.5.25 | CVE-2025-3928 | Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells. |
VULNEREBILITY |
|
| 22.5.25 | CVE-2025-0994 | Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server. |
VULNEREBILITY |
|
| 22.5.25 | UAT-6382 | UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware | GROUP | GROUP |
| 22.5.25 | Russian GRU Targeting Western Logistics Entities and Technology Compani | This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. | REPORT | REPORT |
| 22.5.25 | CVE-2025-4428 | Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. |
VULNEREBILITY |
|
| 22.5.25 | Kerberoasting | Kerberoasting is a cyberattack that targets the Kerberos authentication protocol with the intent to steal AD credentials. | ATTACK | Windows |
| 22.5.25 | BadSuccessor | BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory |
VULNEREBILITY |
|
| 22.5.25 | CVE-2025-34027 | (CVSS score: 10.0) - An authentication bypass vulnerability in the Traefik reverse proxy configuration that allows an attacker to access administrative endpoints, which could then be exploited to achieve remote code execution by exploiting an endpoint related to package uploads ("/portalapi/v1/package/spack/upload") via arbitrary file writes |
VULNEREBILITY |
|
| 22.5.25 | CVE-2025-34026 | (CVSS score: 9.2) - An authentication bypass vulnerability in the Traefik reverse proxy configuration that allows an attacker to access administrative endpoints, which could then be exploited to access heap dumps and trace logs by exploiting an internal Spring Boot Actuator endpoint via |
VULNEREBILITY |
|
| 22.5.25 | CVE-2025-34025 | (CVSS score: 8.6) - A privilege escalation and Docker container escape vulnerability that's caused by unsafe default mounting of host binary paths and could be exploited to gain code execution on the underlying host machine |
VULNEREBILITY |
|
| 21.5.25 | Chinese Adult Content Scam Targets Mobile Users Through PWA Injection | We’ve identified a fresh injection campaign abusing third-party JavaScript to redirect mobile users to a Chinese adult-content PWA scam. | SPAM | SPAM |
| 21.5.25 | Pure Harm | Pure Harm: PureRAT Attacks Russian Organizations | MALWARE | RAT |
| 20.5.25 | Shadow Roles | Shadow Roles: AWS Defaults Can Open the Door to Service Takeover | HACKING | CLOUD |
| 20.5.25 | Hazy Hawk | From banks to battalions: SideWinder’s attacks on South Asia’s public sector | GROUP | APT |
| 20.5.25 | ESET APT Activity Report Q4 2024–Q1 2025 | An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025 | REPORT | REPORT |
| 20.5.25 | RedisRaider | RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale | MALWARE | CRYPTOCURRENCY |
| 20.5.25 | CVE-2025-4918 | An out-of-bounds access vulnerability when resolving Promise objects that could allow an attacker to perform read or write on a JavaScript Promise object |
VULNEREBILITY |
|
| 20.5.25 | CVE-2025-4919 | An out-of-bounds access vulnerability when optimizing linear sums that could allow an attacker to perform read or write on a JavaScript object by confusing array index sizes |
VULNEREBILITY |
|
| 18.5.25 | SnipVex | SnipVex—more than a Clipbanker | MALWARE | Stealer |
| 18.5.25 | XRed | XRed Backdoor: The Hidden Threat in Trojanized Programs | MALWARE | Backdoor |
| 18.5.25 | defendnot | New 'Defendnot' tool tricks Windows into disabling Microsoft Defender | TOOL | TOOL |
| 18.5.25 | Skitnet | Skitnet is a multi-stage malware that uses Rust and Nim to execute a stealthy reverse shell over DNS, leveraging encryption, manual mapping, and dynamic API resolution to evade detection | MALWARE | Loader |
| 18.5.25 | CVE-2025-4664 | Google Chromium Loader Insufficient Policy Enforcement Vulnerability |
VULNEREBILITY |
|
| 18.5.25 | CVE-2024-12987 | DrayTek Vigor Routers OS Command Injection Vulnerability |
VULNEREBILITY |
|
| 17.5.25 | CVE-2025-42999 | Insecure Deserialization in SAP NetWeaver (Visual Composer development server) |
VULNEREBILITY |
|
| 17.5.25 | CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. |
VULNEREBILITY |
|
| 17.5.25 | CVE-2025-32756 | Stack-based buffer overflow vulnerability in API |
VULNEREBILITY |
|
| 17.5.25 | CVE-2025-22462 | An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. |
VULNEREBILITY |
|
| 17.5.25 | CVE-2025-3462 | "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. |
VULNEREBILITY |
|
| 17.5.25 | CVE-2025-3463 | vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests |
VULNEREBILITY |
|
| 16.5.25 | Stealthy Shellcode loader executes Remcos RAT in Fileless Attack Chain | A sophisticated fileless malware campaign has been observed leveraging PowerShell to deploy the Remcos RAT. The attack begins with malicious LNK files embedded in ZIP archives, often masquerading as Office documents. These trigger obfuscated VBScript via mshta.exe leading to the in-memory execution of a PowerShell script. | ALERTS | VIRUS |
| 16.5.25 | Earth Ammit cyber espionage campaigns | The Threat Actor known as Earth Ammit launched two distinct cyber espionage campaigns (dubbed VENOM and TIDRONE) across Central Asia, Southeast Asia, and Eastern Europe. These campaigns strategically target government entities and critical infrastructure - such as software service providers and upstream vendors across several critical sectors, including heavy industry, media, technology, healthcare, and military. | CAMPAIGN | |
| 16.5.25 | TransferLoader malware | TransferLoader is a newly identified malware loader active since February 2025, consisting of three components: a downloader, a backdoor and a backdoor loader. It uses advanced evasion techniques such as anti-debugging, runtime string decryption and junk code insertion to avoid detection and complicate reverse engineering. | VIRUS | |
| 16.5.25 | New DarkCloud malware uses AutoIt obfuscation in targeted attacks | According to a report published by Palo Alto Networks Unit 42, a new variant of the DarkCloud Stealer malware has been observed primarily targeting government organizations worldwide. The attack typically begins with phishing emails containing either a RAR archive or a PDF which prompts victims to download a malicious archive disguised as a software update. | VIRUS | |
| 16.5.25 | Chihuahua Stealer malware | Chihuahua Stealer is a new .NET-based infostealer distributed via a multi-staged campaign. The attackers leverage malicious documents hosted on the Google Drive repository and malicious PowerShell scripts to initiate the infection chain. The final payload - Chihuahua Stealer is delivered from a OneDrive repository path and has the functionality to collect and exfiltrate various sensitive data from the compromised endpoints including system information, data stored in the system web browsers, cryptocurrency wallet information, etc. | VIRUS | |
| 16.5.25 | PupkinStealer: A .NET-based Malware | PupkinStealer, a .NET-based malware has been observed being distributed via phishing emails containing malicious attachments or links. Targeting Windows users, the malware is capable of stealing sensitive data from Chromium-based browsers, Telegram, Discord, email clients, clipboard contents and more. The stolen data is compressed into a ZIP archive and exfiltrated using the Telegram Bot API. | VIRUS | |
| 16.5.25 | Transparent Tribe aka APT36 | APT36, also known as Transparent Tribe, is a Pakistan-based advanced persistent threat (APT) group active since at least 2013 | GROUP | APT |
| 16.5.25 | APT GROUP123 | Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and ScarCruft by various cybersecurity firms. | GROUP | APT |
| 16.5.25 | Spectre-v2 Attacks UPDATE | On the Limitations of Domain Isolation Against Spectre-v2 Attacks | ATTACK | CPU |
| 16.5.25 | HTTPBot | High Risk Warning for Windows Ecosystem: New Botnet Family HTTPBot is Expanding | BOTNET | BOTNET |
| 16.5.25 | Remcos RAT | Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT | MALWARE | RAT |
| 16.5.25 | CVE-2024-43420 | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access. |
VULNEREBILITY |
|
| 16.5.25 | CVE-2025-20623 | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel® Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. |
VULNEREBILITY |
|
| 16.5.25 | CVE-2024-45332 | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
VULNEREBILITY |
|
| 16.5.25 | CVE-2024-28956 | (CVSS v4 score: 5.7) - Indirect Target Selection (ITS), which affects Intel Core 9th-11th, and Intel Xeon 2nd-3rd, among others. |
VULNEREBILITY |
|
| 16.5.25 | CVE-2025-24495 | (CVSS v4 score: 6.8) - Lion Cove BPU issue, which affects Intel CPUs with Lion Cove core |
VULNEREBILITY |
|
| 15.5.25 | ZDI-25-290 | Rockwell Automation ThinManager ThinServer Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.5.25 | ZDI-25-289 | Rockwell Automation ThinManager ThinServer Null Pointer Dereference Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 15.5.25 | ZDI-25-288 | Fortinet FortiWeb cgi_httpcontentrouting_post Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.5.25 | ZDI-25-287 | JetBrains TeamCity Diagnostics Data Directory Cross-Site Scripting Vulnerability |
ZERO-DAY |
|
| 15.5.25 | ZDI-25-286 | Dassault Systèmes eDrawings Viewer OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.5.25 | ZDI-25-285 | Dassault Systèmes eDrawings Viewer SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.5.25 | ZDI-25-254 | MATE Desktop Atril Document Viewer EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.5.25 | Xinbi | Xinbi: The $8 Billion Colorado-Incorporated Marketplace for Pig-Butchering Scammers and North Korean Hackers | CRYPTOCURRENCY | CRYPTOCURRENCY |
| 15.5.25 | CVE-2025-4664 | Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
VULNEREBILITY |
|
| 15.5.25 | RoundPress | ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities | OPERATION | OPERATION |
| 15.5.25 | CVE-2025-4632 | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. |
VULNEREBILITY |
|
| 15.5.25 | CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. |
VULNEREBILITY |
|
| 14.5.25 | CVE-2025-30397 | (CVSS score: 7.5) - Scripting Engine Memory Corruption Vulnerability |
VULNEREBILITY |
|
| 14.5.25 | CVE-2025-30400 | (CVSS score: 7.8) - Microsoft Desktop Window Manager (DWM) Core Library Elevation of Privilege Vulnerability |
VULNEREBILITY |
|
| 14.5.25 | CVE-2025-32701 | (CVSS score: 7.8) - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability |
VULNEREBILITY |
|
| 14.5.25 | CVE-2025-32706 | (CVSS score: 7.8) - Windows Common Log File System Driver Elevation of Privilege Vulnerability |
VULNEREBILITY |
|
| 14.5.25 | CVE-2025-32709 | (CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
VULNEREBILITY |
|
| 14.5.25 | Swan Vector | Unveiling Swan Vector APT Targeting Taiwan and Japan with varied DLL Implants | APT | Group |
| 14.5.25 | Horabot | Horabot Unleashed: A Stealthy Phishing Threat | PHISHING | PHISHING |
| 14.5.25 | CVE-2025-32756 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 |
VULNEREBILITY |
|
| 14.5.25 | CVE-2025-4428 | (CVSS score: 7.2) - A remote code execution vulnerability in Ivanti Endpoint Manager Mobile allowing attackers to execute arbitrary code on the target system |
VULNEREBILITY |
|
| 14.5.25 | CVE-2025-4427 | (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials |
VULNEREBILITY |
|
| 14.5.25 | CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. |
VULNEREBILITY |
|
| 13.5.25 | BTMOB RAT | According to recent reports, BTMOB RAT has resurfaced and now aims to steal Alipay PINs by mimicking the app’s interface. It spreads via phishing sites disguised as popular services and uses fake apps to lure victims. | VIRUS | |
| 13.5.25 | Noodlophile Stealer spread under the disguise of fake AI tools | An infostealing variant dubbed Noodlophile Stealer has been recently distributed in campaigns leveraging lures of AI video generators. The attackers have been advertising their fake AI platforms via social media platforms. The users are first asked to upload either photos or video for the AI to enhance and then are served with a download link for the supposedly edited content. | VIRUS | |
| 13.5.25 | Astryrean Stealer malware | Astryrean Stealer is a new Python-based infostealer recently identified in the wild. The malware targets collection and exfiltration of a wide variety of confidential or sensitive information including: compromised system information, data stored in system web browsers, Discord tokens or screenshots, among others. | VIRUS | |
| 13.5.25 | More_eggs served by Venom Spider | In a recent campaign threat actor known as "Venom Spider" has been targeting corporate hiring managers and recruiters with a complex spear-phishing scheme that capitalizes on the need for such users to open email attachments or click on links to review an applicants resume . | CAMPAIGN | |
| 13.5.25 | TA406 | TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these campaigns is likely to collect intelligence on the trajectory of the Russian invasion. | GROUP | CAMPAIGN |
| 13.5.25 | CVE-2025-27920 | Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access. |
VULNEREBILITY |
|
| 13.5.25 | CVE-2025-3462 | (CVSS score: 8.4) - An origin validation error vulnerability that may allow unauthorized sources to interact with the software's features via crafted HTTP requests |
VULNEREBILITY |
|
| 13.5.25 | CVE-2025-3463 | (CVSS score: 9.4) - An improper certificate validation vulnerability that may allow untrusted sources to affect system behavior via crafted HTTP requests |
VULNEREBILITY |
|
| 13.5.25 | Noodlophile | New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms | MALWARE | STEALER |
| 12.5.25 | CoGUI Phish Kit | CoGUI Phish Kit Targets Japan with Millions of Messages | PHISHING | Kit |
| 12.5.25 | CVE-2025-27007 | Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82. |
VULNEREBILITY |
|
| 12.5.25 | CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
VULNEREBILITY |
|
| 12.5.25 | CVE-2019-3568 | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. |
VULNEREBILITY |
|
| 12.5.25 | CVE-2025-26647 | Windows Kerberos Elevation of Privilege Vulnerability |
VULNEREBILITY |
|
| 12.5.25 | CVE-2025-30065 | Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. |
VULNEREBILITY |
|
| 12.5.25 | CVE-2024-7399 | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. |
VULNEREBILITY |
|
| 12.5.25 | CVE-2025-3248 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. |
VULNEREBILITY |
|
| 10.5.25 | OtterCookie v4 | Additional Features of OtterCookie Malware Used by WaterPlum | MALWARE | STEALER |
| 9.5.25 | PupkinStealer | PupkinStealer : A .NET-Based Info-Stealer | MALWARE | STEALER |
| 9.5.25 | Gunra Ransomware | At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and organizations. | GROUP | RANSOMWARE |
| 9.5.25 | HANNIBAL Stealer | HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage | MALWARE | STEALER |
| 9.5.25 | Earth Kasha threat actor targets Taiwan and Japan in a recent campaign | As recently reported by the researchers from Trend Micro, Earth Kasha threat group continues to target users in Taiwan and Japan. The attackers leverage a dropper malware dubbed RoamingMouse that comes in the form of a macro-enabled MS Excel file. | APT | |
| 9.5.25 | Deployment of RMM tools in malicious campaigns targeting Brazil | A new malicious campaign targeting users from Brazil has been reported by researchers from Cisco Talos. The attackers leverage a variety of commercial Remote Monitoring and Management (RMM) tools such as PDQ Connect and N-able remote access software. | VIRUS | |
| 9.5.25 | Mamona Ransomware |
Mamona Ransomware is a newly discovered threat in the
commodity ransomware landscape that operates entirely offline, with no
external communication or data exfiltration. The malware uses custom
encryption routines to encrypt user files, renaming them with the .HAes
extension.
|
RANSOM | |
| 9.5.25 | Mail campaign delivers Java-based RAT | A malicious email campaign was recently observed targeting organizations in Italy, Portugal, and Spain. The campaign leveraged a Spanish email service provider in an effort to legitimize the emails which contained a PDF attachment. | ||
| 9.5.25 | LZRD - the latest Mirai variant distributed in the wild | New campaigns distributing Mirai botnet have been reported in the wild. The malware exploits two command injection vulnerabilities affecting GeoVision IoT devices that have been disclosed last year - CVE-2024-6047 and CVE-2024-11120. | BOTNET | |
| 9.5.25 | CVE-2025-31324 - a critical SAP NetWeaver vulnerability | CVE-2025-31324 is a recently disclosed critical (CVSS score 10) unrestricted file upload vulnerability affecting the SAP NetWeaver Visual Composer. | VULNEREBILITY | |
| 9.5.25 | CVE-2025-32433 - Erlang/OTP SSH RCE vulnerability | CVE-2025-32433 is a recently disclosed Remote Code Execution (RCE) vulnerability affecting Erlang/OTP which is a set of libraries for the Erlang programming language. If successfully exploited, the flaw might allow unauthenticated attackers to gain access to affected Erlang/OTP SSH servers and execute arbitrary commands. | VULNEREBILITY | |
| 9.5.25 | Bert Ransomware | In April, a new ransomware actor known as "Bert" was observed operating in the wild and allegedly claimed several organizations as victims, including those in the Healthcare, Technology, and Event Services sectors across the US and Turkey. | RANSOM | |
| 9.5.25 | NETXLOADER - a new loader used by the Agenda ransomware group | In a recent report, details about a new malware loader named NETXLOADER have been shared. This loader, along with SmokeLoader, has been used in attacks perpetrated by the Agenda ransomware group. | VIRUS | |
| 9.5.25 | Threat Actors use Pahalgam attack in malicious campaign | In a strategic approach to exploiting current events threat actors target Indian government personnel using decoy documents referencing the recent Pahalgam attack in a malicious campaign. | VIRUS | |
| 9.5.25 | FormBook malware distributed via weaponized Word Docs | A recent attack beginning with phishing emails containing malicious MS Word documents as attachments has been observed. Social engineering plays a part in luring users to click on the weaponized attached document. | VIRUS | |
| 9.5.25 | Balloonfly ransomware group leveraged 0-day in attack | The Symantec Threat Hunter team recently observed activity which can be attributed to the Balloonfly attack group. This group is typically responsible for distributing Play ransomware. | VULNEREBILITY | |
| 9.5.25 | CVE-2025–34028: Commvault Command Center Path Traversal Vulnerability | CVE-2025-34028 is a critical vulnerability found in the Command Center installation, enabling remote attackers to execute arbitrary code without authentication. | VULNEREBILITY | |
| 9.5.25 | Notaires de France Impersonated in Telegram-based Phishing Campaign | Symantec has identified a credential phishing campaign leveraging malicious HTML that mimic official French notarial services – a professional body of state-appointed legal officers, known as notaires. It serves as a central information hub for legal matters in France involving notarized acts. | PHISHING | |
| 9.5.25 | StealC V2: Enhanced capabilities | An enhanced version of the popular information stealer, StealC, has been observed. It features an upgraded control panel, a streamlined JSON-based C2 communication protocol and expanded payload delivery options including MSI packages and PowerShell scripts. | VIRUS | |
| 9.5.25 | TerraStealerV2 and TerraLogger malware families | Two new malware families, TerraStealerV2 and TerraLogger, have been reported in the wild and are associated with the financially motivated threat group Golden Chickens. | VIRUS | |
| 9.5.25 | Tax season targeted by modified Stealerium Infostealer | As U.S. tax day approaches, threat actors have been observed exploiting the season by distributing a modified version of the Stealerium infostealer through phishing emails. Malicious LNK files, disguised as tax-related documents like tax forms lure users into executing a Base64-encoded PowerShell script. | ALERTS | VIRUS |
| 9.5.25 | Darcula PhaaS | Exposing Darcula: a rare look behind the scenes of a global Phishing-as-a-Service operation | PHISHING | PhaaS |
| 9.5.25 | libexpat library is vulnerable to DoS attacks through stack overflow | A stack overflow vulnerability has been discovered within the libexpat open source library. When parsing XML documents with deeply nested entity references, libexpat can recurse indefinitely. | ALERT | ALERT |
| 9.5.25 | Radware Cloud Web Application Firewall Vulnerable to Filter Bypass | The Radware Cloud Web Application Firewall is vulnerable to filter bypass by multiple means. The first is via specially crafted HTTP request and the second being insufficient validation of user-supplied input when processing a special character | ALERT | ALERT |
| 9.5.25 | (RMM) tools | Spam campaign targeting Brazil abuses Remote Monitoring and Management tools | CAMPAIGN | PHISHING |
| 9.5.25 | CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. |
VULNEREBILITY |
|
| 9.5.25 | FreeDrain | FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network | CAMPAIGN | PHISHING |
| 8.5.25 | CVE-2025-27363 | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. |
VULNEREBILITY |
|
| 8.5.25 | StealC | I StealC You: Tracking the Rapid Changes To StealC | MALWARE | Steal |
| 8.5.25 | CVE-2025-32819 | (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. |
VULNEREBILITY |
|
| 8.5.25 | CVE-2025-32820 | (CVSS score: 8.3) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable |
VULNEREBILITY |
|
| 8.5.25 | CVE-2025-32821 | (CVSS score: 6.7) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance |
VULNEREBILITY |
|
| 8.5.25 | ZDI-25-284 | MATE Desktop Atril Document Viewer EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.5.25 | ZDI-25-283 | MATE Desktop Atril Document Viewer CBT File Parsing Argument Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.5.25 | COLDRIVER | COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | MALWARE | Steal |
| 8.5.25 | CVE-2025-20188 | Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability |
VULNEREBILITY |
|
| 7.5.25 | CVE-2025-29824 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
VULNEREBILITY |
|
| 7.5.25 | CVE-2025-3102 | The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. |
VULNEREBILITY |
|
| 7.5.25 | CVE-2025-27007 | Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82. |
VULNEREBILITY |
|
| 7.5.25 | CVE-2025-2777 | SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives. |
VULNEREBILITY |
|
| 7.5.25 | CVE-2025-2776 | SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives. |
VULNEREBILITY |
|
| 7.5.25 | CVE-2025-2775 | SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. |
VULNEREBILITY |
|
| 7.5.25 | CVE-2019-3568 | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. |
VULNEREBILITY |
|
| 7.5.25 | CVE-2024-11120 | Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. |
VULNEREBILITY |
|
| 7.5.25 | CVE-2024-6047 | Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. |
VULNEREBILITY |
|
| 6.5.25 | CVE-2025-27363 | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. |
VULNEREBILITY |
|
| 6.5.25 | CVE-2025-3248 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. |
VULNEREBILITY |
|
| 6.5.25 | CVE-2025-34028 | Commvault Command Center Path Traversal Vulnerability |
VULNEREBILITY |
|
| 6.5.25 | CVE-2024-58136 | Yiiframework Yii Improper Protection of Alternate Path Vulnerability |
VULNEREBILITY |
|
| 6.5.25 | TerraStealerV2 and TerraLogger | TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered | MALWARE | Loader |
| 6.5.25 | CVE-2025-23242 | NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. |
VULNEREBILITY |
|
| 4.5.25 | CVE-2025-23243 | NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service. |
VULNEREBILITY |
|
| 4.5.25 | CVE-2025-31191 | Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape |
VULNEREBILITY |
|
|
4.5.25 |
Hello 0-Days My Old Frien : A 2024 Zero-Day |
This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. |
REPORT |
|
|
4.5.25 |
Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government |
APT |
||
|
4.5.25 |
TARGETING AND COMPROMISE OF FRENCH ENTITIES USING THE APT28 INTRUSION S |
ACTIVITIES ASSOCIATED WITH APT28 SINCE 2021 |
REPORT |
|
|
4.5.25 |
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. |
VULNEREBILITY |
||
|
4.5.25 |
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. |
VULNEREBILITY |
||
| 4.5.25 | AirBorne | Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk | HACKING | Apple |
| 4.5.25 | CVE-2025-3928 | Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells. |
VULNEREBILITY |
|
| 3.5.25 | CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. |
VULNEREBILITY |
|
| 3.5.25 | FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure | The FortiGuard Incident Response (FGIR) team recently investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. The attack involved extensive espionage operations and suspected network prepositioning—a tactic often used to maintain persistent access for future strategic advantage. | REPORT | REPORT |
| 2.5.25 | Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default | Digigrams PYKO-OUT audio-over-IP (AoIP) product is used for audio decoding and intended for various uses such as paging, background music, live announcements and others. It has hardware compatibility with two analog mono outputs and a USB port for storing local playlists. | ALERT | ALERT |
| 2.5.25 | MintsLoader: The loader powering TAG-124’s targeted campaigns | MintsLoader, a sophisticated loader first observed in 2024, is extensively used by TAG-124, more than by any other threat actor to deploy malicious payloads such as GhostWeaver, StealC and a modified BOINC client. These attacks primarily target sectors including industrial, legal and energy. | VIRUS | |
| 2.5.25 | Discovery Bank Impersonated in FICA-Themed Smishing Scam | Discovery Bank, a well-known digital bank in South Africa, has had its brand abused by a group or individual in a recent smishing campaign aimed at harvesting mobile users' banking credentials. The attack begins with a malicious SMS that leverages FICA (Financial Intelligence Centre Act in South Africa) compliance as a lure. | PHISHING | |
| 2.5.25 | ClickFix social engineering tactic being used by various APT groups | ClickFix has gained traction in targeted espionage operations across multiple APT groups from North Korea, Iran, and Russia. This is a social engineering tactic where malicious websites impersonate legitimate software or document sharing platforms. | APT | |
| 2.5.25 | Iranian threat actor targeted critical Middle Eastern infrastructure | Researchers at Fortinet have recently published their investigation into an Iranian threat actor's attack against critical infrastructure in the Middle East. | APT | |
| 2.5.25 | Spear phishing campaign targets WUC with trojanized Uyghur Text Editor | A spear phishing campaign delivering surveillance malware targeting high profile members of the World Uyghur Congress (WUC) has been reported. As part of the attack a trojanized version of a legitimate Uyghur language text editor to gain remote access, collect system information, and manipulate files. | PHISHING | |
| 2.5.25 | Pentagon Stealer | Pentagon Stealer is a recently identified malware strain built using both Python and Golang, engineered to exfiltrate a broad array of sensitive information. It primarily targets browser credentials, cookies, cryptocurrency wallet data and authentication tokens from apps like Discord and Telegram. | VIRUS | |
| 2.5.25 | Hannibal Infostealer | Hannibal Infostealer is a sophisticated malware observed in the wild, rebranded from the Sharp and TX stealer families. Developed in C#, it targets both Chromium and Gecko-based browsers, extracting sensitive data while bypassing browser protection. | VIRUS | |
| 2.5.25 | TypeLib hijacking via Teams | A Microsoft Teams phishing campaign was found to spread a unique PowerShell backdoor in recent attacks. The Threat Actor known as Storm-1811 initiates the attack by employing social engineering tricks on a targeted employee via Microsoft Teams chat, posing as internal IT support staff. | PHISHING | |
| 2.5.25 | Gremlin Stealer | Gremlin Stealer is a new C#-based malware variant recently discovered by the researchers from Palo Alto. Gremlin Stealer is currently advertised for sale via Telegram channels. | VIRUS | |
| 2.5.25 | CVE-2025-24054 - NTLM vulnerability exploited in the wild | CVE-2025-24054 is a recently disclosed vulnerability related to NTLM (New Technology LAN Manager) hash disclosure via spoofing. With help of crafted .library-ms files, an unauthorized attacker might be able to perform spoofing over the network. | ALERTS | VULNEREBILITY |
| 2.5.25 | ZDI-25-282 | Webmin CRLF Injection Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-281 | Cisco IOS XE SNMP SET cewProxyClass Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-280 | Cisco IOS XE SNMP GET-NEXT ciscoFlashChipCode Unexpected Sign Extension Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-279 | Cisco IOS XE SNMP GET-NEXT cContextMappingBridgeDomainIdentifier Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-278 | Cisco IOS XE SNMP GET-NEXT ctspIpSgtValue Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-277 | Cisco IOS XE SNMP SET cewEventTime Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-276 | Cisco IOS XE SNMP GET-NEXT cilmCurrentImageLevel Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-275 | Cisco IOS XE SNMP GET-NEXT callHomeUserDefCmdName Unexpected Sign Extension Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-274 | Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-273 | Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-272 | Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-271 | Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-270 | Cisco IOS XE SNMP GET-NEXT ciscoFlashFileSize Unexpected Sign Extension Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 2.5.25 | ZDI-25-269 | (Pwn2Own) Synology BeeStation BST150-4T Unnecessary Privileges Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 2.5.25 | MintsLoader | Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting | MALWARE | Loader |
| 1.5.25 | ZDI-25-268 | GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-267 | GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-266 | Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-265 | (Pwn2Own) Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-264 | (Pwn2Own) Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-263 | (Pwn2Own) Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-262 | (Pwn2Own) Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-261 | (Pwn2Own) Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-260 | (Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-259 | (Pwn2Own) Adobe Acrobat Reader DC Collab Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-258 | (Pwn2Own) Adobe Acrobat Reader DC distributionURL JavaScript API Restrictions Bypass Vulnerability |
ZERO-DAY |
|
| 1.5.25 | ZDI-25-257 | (Pwn2Own) Oracle VirtualBox OHCI USB Controller Race Condition Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 1.5.25 | MCP Prompt Injection | MCP Prompt Injection: Not Just For Evil | ATTACK | AI |
| 1.5.25 | Hive0117 | New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware | CAMPAIGN | PHISHING |
| 1.5.25 | Sheriff | IBM X-Force discovers new Sheriff Backdoor used to target Ukraine | MALWARE | Backdoor |
| 1.5.25 | CVE-2025-3928 | Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells. |
VULNEREBILITY |
|
| 1.5.25 | CVE-2023-44221 | (CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability |
VULNEREBILITY |
|
| 1.5.25 | CVE-2024-38475 | (CVSS score: 9.8) - Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to file system locations that are permitted to be served by the server |
VULNEREBILITY |
|
|
|
|