2025 January(141)  February(191) March(268) April(349) May(260) June(502) July(272) August(0) September(0)  THREATS YEARS

DATE

NAME

INFO

CATEGORY

SUBCATE

20.7.25 CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2025-53770 Microsoft SharePoint Server Remote Code Execution Vulnerability VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2025-54309 CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. VULNEREBILITY VULNEREBILITY
20.7.25 RedMike (Salt Typhoon) Exploits
Vulnerable Cisco Devices of Global
Telecommunications Provide
Between December 2024 and January 2025, Recorded Future’s Insikt Group identified a campaign
exploiting unpatched internet-facing Cisco network devices primarily associated with global
telecommunications providers.
REPORT REPORT
20.7.25 AUTHENTIC ANTI Highly targeted credential and OAuth 2.0 tokenstealing malware targeting Outlook. MALWARE STEALING
20.7.25 CVE-2025-54309 CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. VULNEREBILITY VULNEREBILITY
20.7.25 PHOBOS ANTI-RANSOM TOOL Phobos Decryptor is designed to decrypt files encrypted by Phobos Ransom. Anti-Ransom Tool  Anti-Ransom Tool 
20.7.25 CVE-2025-48927 The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2025-41236 VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. Nguyen Hoang Thach of STARLabs SG used this flaw at Pwn2Own. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2025-41237 VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. This flaw was used by Corentin BAYET of REverse Tactics at Pwn2Own. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2025-41238 VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write VULNEREBILITY VULNEREBILITY
20.7.25 Matanbuchus 3.0 From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up PAPERS PAPERS
20.7.25 Matanbuchus Matanbuchus: Malware-as-a-Service with Demonic Intentions MALWARE MaaS
20.7.25 CVE-2023-20273 A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2023-20198  Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2018-0171 A critical flaw in Cisco IOS and IOS XE Smart Install that allows remote code execution via specially crafted TCP packets. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2023-20198 A zero-day affecting Cisco IOS XE web UI that permits unauthenticated remote access to devices. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2023-20273 A privilege escalation flaw also targeting IOS XE that allows hackers to execute commands as root. This flaw has been seen chained with CVE-2023-20198 to maintain persistence. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2024-3400 A command injection vulnerability in Palo Alto Networks' PAN-OS GlobalProtect, which allows unauthenticated attackers to execute commands on devices. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2021-20038 A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2024-38475 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2021-20035 Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2021-20039 Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. VULNEREBILITY VULNEREBILITY
20.7.25 CVE-2025-32819 A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. VULNEREBILITY VULNEREBILITY
19.7.25 Lumma Stealer infection with SecTop RAT Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. MALWARE TRAFFIC MALWARE TRAFFIC
19.7.25 Koi Loader/Koi Stealer infection Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. MALWARE TRAFFIC MALWARE TRAFFIC
19.7.25 Lumma Stealer infection with follow-up Rsockstun malware Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. MALWARE TRAFFIC MALWARE TRAFFIC
19.7.25 APT PROFILE – FANCY BEAR Fancy Bear, also known as APT28, is a notorious Russian cyberespionage group with a long history of targeting governments, military entities, and other high-value GROUP APT
19.7.25 CVE‑2025‑5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server VULNEREBILITY VULNEREBILITY
19.7.25 MFSocket Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico MALWARE TOOL
19.7.25 UNG0002 UNG0002: Regional Threat Operations Tracked Across Multiple Asian Jurisdictions GROUP APT
19.7.25 DslogdRAT DslogdRAT Malware Installed in Ivanti Connect Secure MALWARE RAT
19.7.25 SPAWNCHIMERA SPAWNCHIMERA Malware: The Chimera Spawning from Ivanti Connect Secure Vulnerability MALWARE  
19.7.25 CVE-2025-0282 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. VULNEREBILITY VULNEREBILITY
19.7.25 CVE-2025-22457 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. VULNEREBILITY VULNEREBILITY
19.7.25 MDifyLoader Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities MALWARE LOADER

18.7.25

CVE-2025-7029 bug in an SMI handler (OverClockSmiHandler) that can lead to SMM privilege escalation VULNEREBILITY VULNEREBILITY

18.7.25

CVE-2025-7028 bug in an SMI handler (SmiFlash) gives read/write access to the System Management RAM (SMRAM), which can lead to malware installation VULNEREBILITY VULNEREBILITY

18.7.25

CVE-2025-7027 can lead to SMM privilege escalation and modifying the firmware by writing arbitrary content to SMRAM VULNEREBILITY VULNEREBILITY

18.7.25

CVE-2025-7026 allows arbitrary writes to SMRAM and can lead to privilege escalation to SMM and persistent firmware compromise VULNEREBILITY VULNEREBILITY

18.7.25

ZDI-25-620

Dassault Systèmes eDrawings Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-619

Dassault Systèmes eDrawings Viewer JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-618

Dassault Systèmes eDrawings Viewer JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-617

Dassault Systèmes eDrawings Viewer CATPRODUCT File Parsing Use-After-Free Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-616

Dassault Systèmes eDrawings Viewer CATPRODUCT File Parsing Use-After-Free Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-615

Dassault Systèmes eDrawings Viewer IPT File Parsing Use-After-Free Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-614

Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-613

Hewlett Packard Enterprise AutoPass License Server Hard-coded Credentials Authentication Bypass Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-612

Hewlett Packard Enterprise AutoPass License Server Hard-coded Credentials Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-611

VMware ESXi VMCI Uninitialized Memory Information Disclosure Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-610

Linux Kernel ksmbd destroy_previous_session Null Pointer Dereference Denial-of-Service Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-609

Cisco Identity Services Engine invokeStrongSwanShellScript Command Injection Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-608

Cisco Identity Services Engine handleFilesUpload Unrestricted File Upload Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-607

Cisco Identity Services Engine enableStrongSwanTunnel Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-606

Cisco Identity Services Engine handleStrongSwanTunnelStatus Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-605

Cisco Identity Services Engine IpAccessFilter Direct Request Authentication Bypass Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-604

Cisco Identity Services Engine disableStrongSwanTunnel Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-603

Autodesk Revit RTE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-602

(Pwn2Own) Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-601

(Pwn2Own) Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-600

(Pwn2Own) Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-599

Oracle VirtualBox LSILogic Uninitialized Memory Information Disclosure Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-598

Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-597

Autodesk Revit RFA File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-596

Autodesk Revit RTE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-595

Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-594

Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25

ZDI-25-593

Autodesk Revit RVT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

18.7.25 SMM callout vulnerabilities identified in Gigabyte UEFI firmware modules System Management Mode (SMM) callout vulnerabilities have been identified in UEFI modules present in Gigabyte firmware. An attacker could exploit one or more of these vulnerabilities to elevate privileges and execute arbitrary code in the SMM environment of a UEFI-supported processor. ALERT ALERT
18.7.25 Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain multiple vulnerabilities Multiple vulnerabilities have been identified in Ruckus Wireless management products, specifically Virtual SmartZone (vSZ) and Network Director (RND), including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution. ALERT ALERT
18.7.25 CVE-2025-23266 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. VULNEREBILITY VULNEREBILITY
18.7.25 Кібератаки UAC-0001 на сектор безпеки та оборони із застосуванням програмного засобу LAMEHUG, що використовує LLM (велику мовну модель) (CERT-UA#16039) Національною командою реагування на кіберінциденти, кібератаки, кіберзагрози CERT-UA 10.07.2025 отримано інформацію щодо розповсюдження серед органів виконавчої влади, начебто від імені представника профільного міністерства, електронних листів із вкладенням у вигляді файлу "Додаток.pdf.zip". BATTLEFIELD UKRAINE BATTLEFIELD UKRAINE
18.7.25 BadBox 2.0 Recently, our researchers partnered with HUMAN Security and Trend Micro to uncover BadBox 2.0, the largest known botnet of internet-connected TVs. Building on our previous actions to stop these cybercriminals, we filed a lawsuit in New York federal court against the botnet’s perpetrators. BOTNET BOTNET
18.7.25 H2miner The identified samples are associated with prior H2miner campaigns that we documented in 2020 and have since been updated with new configurations. H2Miner is a Crypto mining botnet that has been active since late 2019. MALWARE CRYPTOCURRENCY
18.7.25 SquidLoader Threat Analysis: SquidLoader - Still Swimming Under the Radar MALWARE Loader
18.7.25 CVE-2021-41773 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. VULNEREBILITY VULNEREBILITY
18.7.25 Emmenhtal MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities MALWARE Loader
18.7.25 Linuxsys VulnCheck observed exploitation of CVE-2021-41773 in the wild. This, in itself, is hardly noteworthy. The vulnerability was an inaugural member of both the CISA KEV and VulnCheck KEV. MALWARE CRYPTOCURRENCY
17.7.25 Emmenhtal leveraged by MaaS operators in recent campaigns In a recent report published by Cisco Talos, researchers highlighted recent campaigns that used Emmenhtal to deliver various payloads. One campaign included the Emmenhtal loader contained within a phishing mail archive attachment, while another hosted Emmenhtal on various GitHub repositories to deliver the Amadey payload. 

ALERTS

CAMPAIGN
17.7.25 New wave of Tech Support Scams exploits legitimate chat platforms and uses brand impersonation Tech/Fund Support scam techniques are continuously evolving to appear more legitimate. Previously, scammers included phone numbers in phishing emails, relying on victims to initiate contact.

ALERTS

SPAM
17.7.25 DeadLock Ransomware Another ransomware actor known as "DeadLock" has been observed making the rounds. Upon successful compromise, encrypted files are appended with a .dlock extension. At this time, it is unconfirmed whether the actor engages in double-extortion tactics (i.e., threatening to sell data if the ransom is not paid).

ALERTS

RANSOM
17.7.25 XWorm disguised as Epstein Files Amid renewed public interest in the Epstein case and debates around the release of related files, cybercriminals are leveraging this topical news for social engineering lures. One actor has been observed spreading XWorm, a known commodity malware often sold on Telegram channels and underground forums, disguised as fake Epstein files (Epstein files2.exe). ALERTS VIRUS
17.7.25 Many branches in the AsyncRAT tree A recently published report highlights the extensive branching of derivative RATs traceable to AsyncRAT. AsyncRAT is a highly modular Remote Access Trojan that fundamentally allows an attacker to control a compromised system.

ALERTS

VIRUS
17.7.25 Octalyn Stealer Targets Crypto, VPNs, and Browser Data via Deceptive Forensic Toolkit Octalyn Stealer is a sophisticated new malware masquerading as a legitimate forensic toolkit on GitHub. Designed for large-scale data theft and exfiltration, it illicitly targets sensitive user data, including VPN configurations, browser credentials (passwords, cookies, auto-fill, browsing history), and critical cryptocurrency wallet information for Bitcoin, Ethereum, Litecoin, and Monero.

ALERTS

VIRUS
17.7.25 Konfety mobile malware Konfety is a mobile malware variant identified in a recent distribution campaign. The malware employs an unique technique of malforming the file ZIP structure in an effort to avoid detection and forensic analysis. ALERTS VIRUS
17.7.25 CVE-2025-52488 - DNN platform vulnerability CVE-2025-52488 is a recently disclosed vulnerability affecting DNN Platform, which is an open-source web content management system (CMS) based on the .NET Framework.

ALERTS

VULNEREBILITY
17.7.25 New mobile crypto-stealing malware SparkKitty A new mobile crypto-stealing malware, SparkKitty, has infiltrated Android and iOS devices via Google Play and the Apple App Store.

ALERTS

VIRUS
17.7.25 WeevilProxy malware targets cryptocurrency users WeevilProxy is a new malware variant observed to be targeting prevalently cryptocurrency users. The campaigns' main propagation relies on arbitrary advertising campaigns via Google ads or miscellaneous social networks.

ALERTS

CRYPTOCURRENCY
17.7.25 Global - a new BlackLock ransomware variant Global is a new ransomware variant believed to be a rebrand of the BlackLock ransomware strain. According to the report published by the EclecticIQ researchers, the malware is sold as part of a Ransomware-as-a-Service (RaaS) offering by the threat actors previously associated with an older ransomware family known as Mamona. ALERTS RANSOM
17.7.25 Interlock RAT via FileFix scheme A newly observed Interlock RAT variant is being delivered through PHP scripts, marking a shift from previous JavaScript-based methods.

ALERTS

VIRUS
17.7.25 New variant of macOS malware ZuRu observed in the wild Researchers have observed a new macOS-based ZuRu malware variant being spread in the wild. The malware is distributed via trojanized macOS application bundles and it is leveraging the open-source Khepri framework for performing post-infection activities.

ALERTS

VIRUS
17.7.25 Web Injection Campaign: JSFireTruck Palo Alto Networks Unit 42 has uncovered a large-scale campaign, dubbed JSFireTruck, that injects heavily obfuscated JavaScript into legitimate websites.

ALERTS

HACKING
17.7.25 Amos Stealer Adds Backdoor In a significant shift, researchers have observed that Atomic macOS Stealer (AMOS) has added a persistent backdoor to its payload, enabling long-term remote access to infected Macs.

ALERTS

VIRUS
17.7.25 Sainbox RAT delivered via fake software installers A new campaign delivering a variant of Gh0stRAT dubbed Sainbox RAT via fake software installers have been reported in the wild. The attackers masquerade the malware binaries as apps well known in China such as DeepSeek, Sogou or WPS Office.

ALERTS

CAMPAIGN
17.7.25 Cloudflare temporary tunnels used to serve up payloads A recently observed campaign leverages legitimate cloud services like TryCloudflare to host and deliver highly evasive RATs such as AsyncRAT, XWorm, VenomRAT, and Remcos.

ALERTS

CAMPAIGN
17.7.25 SafePay ransomware SafePay is a ransomware variant initially discovered back last year. Over the time the attackers behind this strain have been reported to compromise over 200 victims across various sectors.

ALERTS

RANSOM
17.7.25 Mobile Threat: Qwizzserial In mid-2025, researchers observed a sharp rise in Qwizzserial, a newly discovered Android malware designed to steal banking credentials and intercept SMS-based two-factor authentication codes.

ALERTS

VIRUS
17.7.25 CVE-2025-20337 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. VULNEREBILITY VULNEREBILITY
17.7.25 CVE-2025-20281 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root VULNEREBILITY VULNEREBILITY
17.7.25 CVE-2025-6558 Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) VULNEREBILITY VULNEREBILITY
17.7.25 CVE-2025-6965 There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. VULNEREBILITY VULNEREBILITY
16.7.25 GLOBAL GROUP GLOBAL GROUP: Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates GROUP RANSOMWARE
16.7.25 Hyper-Volumetric DDoS Attacks Hyper-volumetric DDoS attacks skyrocket: Cloudflare’s 2025 Q2 DDoS threat report ATTACK ATTACK
16.7.25 HazyBeacon Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication MALWARE BACKDOOR
16.7.25 KongTuke Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). MALWARE RAT
13.7.25

CVE-2025-5777

Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability VULNEREBILITY VULNEREBILITY
12.7.25 CVE-2025-5959 (high-severity, 8.8 score) – type confusion bug in the V8 JavaScript and WebAssembly engine allows remote code execution inside a sandbox via a crafted HTML page VULNEREBILITY VULNEREBILITY
12.7.25 CVE-2025-6554 (high-severity, 8.1 score) – type confusion in V8 enables attackers to perform arbitrary memory read/write through a malicious HTML page VULNEREBILITY VULNEREBILITY
12.7.25 CVE-2025-6191 (high-severity, 8.8 score) – integer overflow in V8 allows out-of-bounds memory access, potentially leading to code execution VULNEREBILITY VULNEREBILITY
12.7.25 CVE-2025-6192 (high-severity, 8.8 score) – use-after-free vulnerability in Chrome's Metrics component could cause heap corruption exploitable via crafted HTML VULNEREBILITY VULNEREBILITY
12.7.25 GPUHammer: Rowhammer Attacks on GPU Memories are Practic Rowhammer is a read disturbance vulnerability in modernDRAM that causes bit-flips, compromising security and reliability. While extensively studied on Intel and AMD CPUs with DDR and LPDDR memories, its impact on GPUs using GDDR memories, critical for emerging machine learning applications, remains unexplored PAPERS PAPERS
12.7.25 GPUHammer GPUHammer: Rowhammer Attacks on GPU Memories are Practical# ATTACK GPU
12.7.25 CVE-2025-47812 – Wing FTP Server vulnerability exploited in the wild CVE-2025-47812 is a recently disclosed Remote Code Execution (RCE) vulnerability affecting Wing FTP Server, which is a cross-platform file transfer software. ALERTS VULNEREBILITY
12.7.25 New Pay2Key ransomware campaign leverages I2P network A ransomware-as-a-service (RaaS) operation distributing a new variant of the Pay2Key malware has been reported in the wild. Dubbed as Pay2Key.I2P the campaign has been linked to the activities of the Fox Kitten APT group.

ALERTS

RANSOM
12.7.25 Malicious scripts lead to XWorm RAT Campaigns distributing the XWorm remote access trojan often leverage various scripting languages. The most frequently observed malicious scripts include batch files, and those written in Visual Basic, JavaScript, and PowerShell.

ALERTS

VIRUS
12.7.25 Phishing Campaign Masquerades as "Ordre des Experts-Comptables" Document Symantec has observed a  phishing campaign leveraging a deceptive HTML attachment disguised as an official document from l’Ordre des Experts-Comptables, the French national order of chartered accountants.

ALERTS

CAMPAIGN
12.7.25 ZDI-25-592 Delta Electronics DTM Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

12.7.25 ZDI-25-591 G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

12.7.25 ZDI-25-590 Trend Micro Worry-Free Business Security Missing Authentication Vulnerability

ZERO-DAY

ZERO-DAY

12.7.25 ZDI-25-589 Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

12.7.25 ZDI-25-588 Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

12.7.25 TapTrap: Animation-Driven Tapjacking on Android Users interact with mobile devices under the assumption that the graphical user interface (GUI) accurately reflects their actions, a trust fundamental to the user experience. PAPERS PAPERS
11.7.25 CVE-2025-25257 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2024-45434 Use-After-Free in AVRCP service VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2024-45431 Improper validation of an L2CAP channel's remote CID VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2024-45433 Incorrect function termination in RFCOMM VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2024-45432 Function call with incorrect parameter in RFCOMM VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2025-47812 In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2025-5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2025-6514 Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients VULNEREBILITY VULNEREBILITY
11.7.25 PerfektBlue PerfektBlue is the industry-wide critical over-the-air attack chain affecting millions of devices in automotive and other industries. ATTACK bluetooth
10.7.25 macOS.ZuRu macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App MALWARE MacOS
10.7.25 CVE-2024-36349 (CVSS score: 3.8) - A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage VULNEREBILITY VULNEREBILITY
10.7.25 CVE-2024-36348 (CVSS score: 3.8) - A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP[3] feature is enabled, potentially resulting in information leakage VULNEREBILITY VULNEREBILITY
10.7.25 CVE-2024-36357 (CVSS score: 5.6) - A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries VULNEREBILITY VULNEREBILITY
10.7.25 CVE-2024-36350 (CVSS score: 5.6) - A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information VULNEREBILITY VULNEREBILITY
10.7.25 AMD Transient Scheduler Attacks AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft® report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks”. ATTACK CPU
10.7.25 CVE-2025-3648 CVE-2025-3648 - Data Inference in Now Platform via Conditional ACLs VULNEREBILITY VULNEREBILITY
9.7.25 ZDI-25-587 Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-586 Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-585 Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-584 Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-583 Microsoft Windows Startup Folder SmartScreen Bypass Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-582 (Pwn2Own) Microsoft SharePoint DataSetSurrogateSelector Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-581 (Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-580 Microsoft PC Manager Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-579 Microsoft Windows win32kfull Integer Overflow Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-578 Microsoft Windows AppX Deployment Service Link Following Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-577 Siemens SINEC NMS uploadFWBinary Directory Traversal Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-576 Siemens SINEC NMS unZipJarFilestoLocation Directory Traversal Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-575 Siemens SINEC NMS reqToChangePassword Authentication Bypass Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-574 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-573 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-572 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-571 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-570 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-569 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-568 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-567 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-566 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-565 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-564 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-563 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-562 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-561 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-560 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-559 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-558 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-557 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-556 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-555 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-554 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-553 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-552 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-551 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-550 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-549 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-548 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-547 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-546 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-545 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-543 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-542 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-541 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-540 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-539 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-538 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-537 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-536 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-535 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-534 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-533 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-532 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-531 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-530 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-529 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-528 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-527 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-526 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-525 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-524 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-523 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-522 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-521 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-520 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-519 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-518 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-517 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-516 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-515 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-514 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-513 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-512 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-511 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-510 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-509 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-508 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-507 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-506 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-505 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-504 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-503 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-502 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-501 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-500 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-499 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-498 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-497 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-496 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-495 IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-494 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-493 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-492 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-491 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-490 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-489 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-488 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-487 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-486 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-485 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-484 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-483 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-482 (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-481 (0Day) INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-480 (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-479 (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-478 (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-477 (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-476 (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-475 (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-474 (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 ZDI-25-473 Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY

9.7.25 NordDragonScan infostealer NordDragonScan is a new Windows-based infostealing malware variant identified by the researchers from Fortinet. Recently observed campaigns leverage malicious .HTA files in order to deliver infostealing payload to the intended victims. ALERTS VIRUS
9.7.25 RondoDox botnet RondoDox is new botnet identified recently by the researchers from Fortinet. RondoDox has been reported to leverage two high severity vulnerabilities for spreading: CVE-2024-3721 and CVE-2024-12856.

ALERTS

BOTNET
9.7.25 Datebug APT attacks against BOSS Linux systems Datebug threat group (also known as APT36 or Transparent Tribe) has been reported to conduct a new campaign targeting the BOSS Linux systems.

ALERTS

APT
9.7.25 NimDoor - a Nim-based malware for macOS NimDoor is a newly identified macOS malware variant for the macOS platform. Compiled in the Nim programming language, the malware targets Web3 and Cryptocurrency-related platforms. The attackers leverage social engineering tactics to approach their victims.

ALERTS

VIRUS
9.7.25 SHELLTER Taking SHELLTER: a commercial evasion framework abused in- the- wild MALWARE INFOSTEALER
9.7.25 Anatsa Anatsa Targets North America; Uses Proven Mobile Campaign Process MALWARE Mobil
8.7.25 NordDragonScan NordDragonScan: Quiet Data-Harvester on Windows MALWARE INFOSTEALER
8.7.25 CVE-2024-12856 The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. VULNEREBILITY VULNEREBILITY
8.7.25 CVE-2024-3721 A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. VULNEREBILITY VULNEREBILITY
8.7.25 RondoDox RondoDox Unveiled: Breaking Down a New Botnet Threat BOTNET BOTNET
8.7.25 Batavia Batavia spyware steals data from Russian organizations MALWARE SPYWARE
8.7.25 CVE-2019-9621 (CVSS score: 7.5) - A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could result in unauthorized access to internal resources and remote code execution VULNEREBILITY VULNEREBILITY
8.7.25 CVE-2019-5418 (CVSS score: 7.5) - A path traversal vulnerability in Ruby on Rails' Action View that could cause contents of arbitrary files on the target system's file system to be exposed VULNEREBILITY VULNEREBILITY
8.7.25 CVE-2016-10033 (CVSS score: 9.8) - A command injection vulnerability in PHPMailer that could allow an attacker to execute arbitrary code within the context of the application or result in a denial-of-service (DoS) condition VULNEREBILITY VULNEREBILITY
8.7.25 CVE-2014-3931 (CVSS score: 9.8) - A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory write and memory corruption VULNEREBILITY VULNEREBILITY
8.7.25 DRAT V2 DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal MALWARE RAT
6.7.25 Malicious Abuse of ConnectWise (ScreenConnect) Over the past several months, we have observed a sharp increase in the malicious use of the popular Remote Monitoring and Management (RMM) tool ConnectWise by ransomware operators, Initial Access Brokers, APTs, and other eCrime actors. ALERTS APT
6.7.25 Remcos malspam campaign starts with a tar archive A recently observed Remcos campaign began with a malicious email containing a .tar archive attachment. The archive contains a .lnk file which launches PowerShell to download the Remcos payload.

ALERTS

CAMPAIGN
6.7.25 Janela RAT delivered in a recent campaign Janela RAT (Remote Access Trojan) is a modified variant of a malware known as BX RAT. Janela RAT has been previously seen spread in campaigns targeting banking users from the LATAM region.

ALERTS

VIRUS
6.7.25 Blackmoon’s expanding arsenal The Blackmoon banking trojan, known for targeting users of online financial services, particularly in South Korea, has evolved into a more deceptive and multi-functional threat.

ALERTS

VIRUS
6.7.25 DEVMAN - a new DragonForce ransomware variant DEVMAN is a new customized ransomware variant from the DragonForce malware family. The malware encrypts data and appends .DEVMAN extension to locked files.

ALERTS

RANSOM
6.7.25 GIFTEDCROOK malware upgraded for document theft via Telegram An enhanced version of the GIFTEDCROOK malware, operated by the UAC-0226 threat group has been reported, marking a significant upgrade from its earlier capabilities first observed in February 2025.

ALERTS

VIRUS
5.7.25 ZDI-25-472 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-471 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-470 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-469 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-468 GFI Archiver Telerik Web UI Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-467 GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 CVE-2025-20309 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, VULNEREBILITY VULNEREBILITY
5.7.25 CVE-2025-6463 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including, 1.44.2. VULNEREBILITY VULNEREBILITY
5.7.25 FileFix (Part 2) Last week I released the FileFix attack blog post which is an alternative to the traditional ClickFix attack. This blog post explores another variation to the original FileFix attack. ATTACK ATTACK
5.7.25 Chisel Chisel is an open-source project by Jaime Pillora (jpillora) that allows tunneling TCP and UDP connections via HTTP. It is available across platforms and written in Go. While benign in itself, Chisel has been utilized by multiple threat actors. It was for example observed by SentinelOne during a PYSA ransomware campaign to achieve persistence and used as backdoor. MALWARE Backdoor
5.7.25 CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines VULNEREBILITY VULNEREBILITY
5.7.25 CVE-2025-32463 (CVSS score: 9.3) - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option VULNEREBILITY VULNEREBILITY
4.7.25 The Continuous Evolution of Ad Fraud Exploiting App Stores as a Front  The IAS Threat Lab has uncovered "Kaleidoscope," an insidiously adaptive Android ad fraud operation that employs legitimate-looking apps hosted on Google Play as a deceptive façade, while its malicious duplicate counterparts, distributed predominantly through third-party app stores, drive fraudulent ad supply. REPORT REPORT
3.7.25 HOUKEN SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS REPORT REPORT
3.7.25 CVE-2025-20309 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. VULNEREBILITY VULNEREBILITY
3.7.25 NimDoor macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware MALWARE macOS
2.7.25 Braodo infostealer hosts downloaded components on GitHub A recently observed campaign involving Braodo stealer malware leveraged GitHub to house multiple components downloaded in the attack chain. ALERTS VIRUS
2.7.25 CVE-2025-4322: WordPress Motors theme privilege escalation vulnerability CVE-2025-4322 is a critical unauthenticated privilege escalation vulnerability (CVSS 9.8) affecting the WordPress Motors theme in versions up to 5.6.67.

ALERTS

VULNEREBILITY
2.7.25 EmailJS and HubSpot Abused in CCMA Phishing Scheme A new phishing campaign is circulating under the guise of a legal summons from South Africa’s Commission for Conciliation, Mediation and Arbitration (CCMA), leveraging urgency and fear to pressure recipients into action.

ALERTS

PHISHING
2.7.25 Nebulous Mantis (a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is a Russian-speaking cyber espionage group that has actively deployed the RomCom remote access trojan (RAT) and Hancitor loader in targeted campaigns since mid-2019. CAMPAIGN CAMPAIGN
2.7.25 TransferLoader Zscaler ThreatLabz has identified a new malware loader that we have named TransferLoader, which has been active since at least February 2025. MALWARE LOADER
2.7.25 DAMASCENED PEACOCK A lightweight, staged downloader targeting Windows, delivered via spear-phishing. MALWARE DOWNLOADER
2.7.25 CVE-2025-49596 The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio VULNEREBILITY VULNEREBILITY
1.7.25 CVE-2025-6554 Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) VULNEREBILITY VULNEREBILITY
1.7.25 Iranian Cyber Actors May Target Vulnerable
US Networks and Entities of Interest
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) (hereafter referred to as the authoring agencies) strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors. REPORT REPORT