2025 January(141) February(191) March(268) April(349) May(260) June(502) July(1) August(0) September(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 2.7.25 | Braodo infostealer hosts downloaded components on GitHub | A recently observed campaign involving Braodo stealer malware leveraged GitHub to house multiple components downloaded in the attack chain. | ALERTS | VIRUS |
| 2.7.25 | CVE-2025-4322: WordPress Motors theme privilege escalation vulnerability | CVE-2025-4322 is a critical unauthenticated privilege escalation vulnerability (CVSS 9.8) affecting the WordPress Motors theme in versions up to 5.6.67. | VULNEREBILITY | |
| 2.7.25 | EmailJS and HubSpot Abused in CCMA Phishing Scheme | A new phishing campaign is circulating under the guise of a legal summons from South Africa’s Commission for Conciliation, Mediation and Arbitration (CCMA), leveraging urgency and fear to pressure recipients into action. | PHISHING | |
| 2.7.25 | Nebulous Mantis | (a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is a Russian-speaking cyber espionage group that has actively deployed the RomCom remote access trojan (RAT) and Hancitor loader in targeted campaigns since mid-2019. | CAMPAIGN | CAMPAIGN |
| 2.7.25 | TransferLoader | Zscaler ThreatLabz has identified a new malware loader that we have named TransferLoader, which has been active since at least February 2025. | MALWARE | LOADER |
| 2.7.25 | DAMASCENED PEACOCK | A lightweight, staged downloader targeting Windows, delivered via spear-phishing. | MALWARE | DOWNLOADER |
| 2.7.25 | CVE-2025-49596 | The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio | VULNEREBILITY | VULNEREBILITY |
| 1.7.25 | CVE-2025-6554 | Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | VULNEREBILITY | VULNEREBILITY |
| 1.7.25 |
Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest |
The Cybersecurity and
Infrastructure Security Agency (CISA), Federal Bureau of Investigation
(FBI), the Department of Defense Cyber Crime Center (DC3), and the
National Security Agency (NSA) (hereafter referred to as the authoring agencies) strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors. |
REPORT | REPORT |
| 30.6.25 | CVE-2025-20702 | CVE-2025-20702 is a critical vulnerability with a CVSS score of 9.6/10, though its risk level is disputed between Airoha and the discoverer. | VULNEREBILITY | VULNEREBILITY |
| 30.6.25 | CVE-2025-20701 | CVE-2025-20701 is a high-risk vulnerability with a CVSS score of 8.8/10, characterized by missing authentication, which could allow unauthorized access. | VULNEREBILITY | VULNEREBILITY |
| 30.6.25 | CVE-2025-20700 | CVE-2025-20700 is a high-risk vulnerability with a CVSS score of 8.8/10, characterized by missing authentication, which could allow unauthorized access. | VULNEREBILITY | VULNEREBILITY |
| 29.6.25 | PrintScan Hacks: Identifying multiple vulnerabilities across multiple Brother devices | Identifying multiple vulnerabilities across multiple Brother devices | REPORT | REPORT |
| 29.6.25 | CVE-2024-51978 | An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request. | VULNEREBILITY | VULNEREBILITY |
| 29.6.25 | CVE-2024-51977 | An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. | VULNEREBILITY | VULNEREBILITY |
| 29.6.25 | CVE-2024-51979 | An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). | VULNEREBILITY | VULNEREBILITY |
| 29.6.25 | CVE-2024-51984 | An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. | VULNEREBILITY | VULNEREBILITY |
| 28.6.25 | UAC-0226 | UAC-0226 is a cyber-espionage group targeting Ukrainian military, law enforcement, and local government entities—particularly near the eastern border—since February 2025. | GROUP | GROUP |
| 28.6.25 | GIFTEDCROOK | GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations | MALWARE | STEALER |
| 28.6.25 | Lumma Stealer infection with follow-up malware | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. | MALWARE TRAFFIC | MALWARE TRAFFIC |
| 28.6.25 | CVE-2025-5349 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway | VULNEREBILITY | VULNEREBILITY |
| 28.6.25 | CVE-2025-5777 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | VULNEREBILITY | VULNEREBILITY |
| 28.6.25 | CVE-2025-6543 | A vulnerability has been discoSPRÁVNĚ TAKÉ TO MŮŽOU BÝT OVLÁDAČEvered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details. | VULNEREBILITY | VULNEREBILITY |
| 28.6.25 | CVE-2025-6218 | RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. | VULNEREBILITY | VULNEREBILITY |
| 28.6.25 | FileFix - A ClickFixAlternative | The update contains some modules related to ClickFix attack, which prompted me to dive deeper into the social engineering technique. | HACKING | HACKING |
| 28.6.25 | ZDI-25-466 | (0Day) Marvell QConvergeConsole readNICParametersFromFile Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-465 | (0Day) Marvell QConvergeConsole readObjectFromConfigFile Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-464 | (0Day) Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-463 | (0Day) Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-462 | (0Day) Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-461 | (0Day) Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-460 | (0Day) Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-459 | (0Day) Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-458 | (0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-457 | (0Day) Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-456 | (0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-455 | (0Day) Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-454 | (0Day) Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-453 | (0Day) Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-452 | (0Day) Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-451 | (0Day) Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-450 | (0Day) Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-449 | (0Day) Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 28.6.25 | ZDI-25-448 | (0Day) Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 28.6.25 | LapDogs, The New ORB in Town | SecurityScorecard’s STRIKE research team has identified a new suspected China-Nexus network of Operational Relay Boxes (ORB) called “LapDogs” targeting primarily Linux-based Small Office/Home Office (SOHO) devices around the globe. | REPORT | REPORT |
| 27.6.25 | ODYSSEY STEALER | The CYFIRMA research team has uncovered multiple websites employing Clickfix tactics to deliver malicious AppleScripts (osascripts). | MALWARE | STEALER |
| 27.6.25 | ToneShell | ToneShell Backdoor Used to Target Attendees of the IISS Defence Summit | MALWARE | BACKDOOR |
| 27.6.25 | Hive0154 | Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor | GROUP | GROUP |
| 27.6.25 | Harnessing Language Models for Detection of Evasive Malicious Email Attachments | Harnessing Language Models for Detection of Evasive Malicious Email Attachments | KONFERENCE | CanSecWest_newtype |
| 27.6.25 | Threat Modeling AI Systems – Understanding the Risks | Threat Modeling AI Systems – Understanding the Risks | CanSecWest_newtype | |
| 27.6.25 | SOAR Implementation Pain Points and How to Avoid Them | SOAR Implementation Pain Points and How to Avoid Them | KONFERENCE | CanSecWest_newtype |
| 27.6.25 | Deepfake Deception: Weaponizing AI-Generated Voice Clones in Social Engineering Attacks | Deepfake Deception: Weaponizing AI-Generated Voice Clones in Social Engineering Attacks | CanSecWest_newtype | |
| 27.6.25 | AI Security Landscape: Tales and Techniques from the Frontlines | AI Security Landscape: Tales and Techniques from the Frontlines | KONFERENCE | CanSecWest_newtype |
| 27.6.25 | Keys to Freedom: Analysis and Resolution of Arab Ransom Locker Infections | Keys to Freedom: Analysis and Resolution of Arab Ransom Locker Infections | CanSecWest_newtype | |
| 27.6.25 | Role Reversal: Exploiting AI Moderation Rules as Attack Vectors. | Role Reversal: Exploiting AI Moderation Rules as Attack Vectors. | KONFERENCE | CanSecWest_newtype |
| 27.6.25 | Blockchain's Biggest Heists - Bridging Gone Wrong | Blockchain's Biggest Heists - Bridging Gone Wrong | CanSecWest_newtype | |
| 27.6.25 | Cross-Medium Injection: Exploiting Laser Signals to Manipulate Voice-Controlled IoT Devices | Cross-Medium Injection: Exploiting Laser Signals to Manipulate Voice-Controlled IoT Devices | KONFERENCE | CanSecWest_newtype |
| 27.6.25 | Fresh Secrets From The Docks - Lessons Learnt From Analysing 15 Million Public DockerHub Images (With a twist of AI) | Fresh Secrets From The Docks - Lessons Learnt From Analysing 15 Million Public DockerHub Images (With a twist of AI) | CanSecWest_newtype | |
| 27.6.25 | Sainbox RAT | Netskope Threat Labs has discovered a campaign using fake installers to deliver the Sainbox RAT and Hidden rootkit. | MALWARE | RAT |
| 27.6.25 | CVE-2023-36934 | In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database | VULNEREBILITY | VULNEREBILITY |
| 27.6.25 | CVE-2023-34362 | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. | VULNEREBILITY | VULNEREBILITY |
| 27.6.25 | Dire Wolf Ransomware | Dire Wolf is a new ransomware threat group discovered in the wild. The attackers have been focusing their efforts mostly on manufacturing and technology sectors. | RANSOM | |
| 27.6.25 | Open-source tools leveraged in attacks targeting the financial sector in Africa | Researchers from Palo Alto have recently reported on an ongoing campaign targeting financial institutions across Africa. | CAMPAIGN | |
| 27.6.25 | Prometei Botnet evolves with Self-Updating Linux variants | As per the latest report by Palo Alto Networks’ Unit 42, the Prometei botnet has resurfaced with enhanced capabilities, particularly in its Linux variants (v3 and v4). | BOTNET | |
| 27.6.25 | NightSpire Ransomware | Between March and June 2025, NightSpire ransomware actors claimed responsibility for attacks affecting 64 entities across 33 countries, with a globally dispersed victim base. | RANSOM | |
| 26.6.25 | Phishing Campaigns Galore | The surge in ClickFix campaigns also coincides with the discovery of various phishing campaigns that | CAMPAIGN | CAMPAIGN |
| 26.6.25 | ESET Threat Report H1 2025 | A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | REPORT | REPORT |
| 26.6.25 | CVE-2025-20282 | An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC release 3.4 that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and execute those files on the underlying operating system as root | VULNEREBILITY | VULNEREBILITY |
| 26.6.25 | CVE-2025-20281 | An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later that could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root | VULNEREBILITY | VULNEREBILITY |
| 26.6.25 | Dire Wolf | Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors | GROUP | GROUP |
| 26.6.25 | ZDI-25-447 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-446 | PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-445 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-444 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-443 | PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-442 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-441 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-440 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-439 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-438 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-437 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-436 | PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-435 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-434 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-433 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-432 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-431 | PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-430 | PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-429 | PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-428 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-427 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-426 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-425 | PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-424 | Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-423 | Microsoft WinJS winjsdevelop Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-422 | Microsoft Azure Machine Learning Environments Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-421 | Microsoft Azure App Services Information Disclosure Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-420 | PaperCut NG web-print-hot-folder Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 26.6.25 | ZDI-25-419 | TeamViewer Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 26.6.25 | Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign organizations. T | REPORT | REPORT |
| 26.6.25 |
PRC cyber
actors target telecommunications companies as part of a global cyberespionage campaign |
People’s Republic of China cyber threat activity | REPORT | REPORT |
| 26.6.25 | SparkCat | SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play | MALWARE | MOBIL |
| 26.6.25 | CVE-2024-54085 | (CVSS score: 10.0) - An authentication bypass by spoofing vulnerability in the Redfish Host Interface of AMI MegaRAC SPx that could allow a remote attacker to take control | VULNEREBILITY | VULNEREBILITY |
| 26.6.25 | CVE-2024-0769 | (CVSS score: 5.3) - A path traversal vulnerability in D-Link DIR-859 routers that allows for privilege escalation and unauthorized control (Unpatched) | VULNEREBILITY | VULNEREBILITY |
| 26.6.25 | CVE-2019-6693 | (CVSS score: 4.2) - A hard-coded cryptographic key vulnerability in FortiOS, FortiManager and FortiAnalyzer that's used to encrypt password data in CLI configuration, potentially allowing an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data | VULNEREBILITY | VULNEREBILITY |
| 26.6.25 | CVE-2025-6543 | A vulnerability has been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details. | VULNEREBILITY | VULNEREBILITY |
| 26.6.25 | CVE-2025-5777 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | VULNEREBILITY | VULNEREBILITY |
| 26.6.25 | CVE-2025-0056 | SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victims user directory on the Operating System level would be able to read this data. | VULNEREBILITY | VULNEREBILITY |
| 26.6.25 | CVE-2025-0055 | SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victims user directory on the Operating System level would be able to read this data. | VULNEREBILITY | VULNEREBILITY |
| 25.6.25 | Wedding Invite scam deploys SpyMax RAT on Indian Android devices | An Android phishing campaign dubbed “Wedding Invitation” has been observed targeting mobile users across India by distributing spyware-laced APK files via WhatsApp and Telegram. | VIRUS | |
| 25.6.25 | Python-based ransomware variant spread in a recent campaign | As reported by researchers from Tinexta, a new campaign spreading a Python ransomware variant has been observed in the wild. The attackers make use of publicly accessible GitHub repositories to host the malicious .ISO binaries . | RANSOM | |
| 25.6.25 | PylangGhost - a new Python-based Remote Access Trojan | PylangGhost is a new RAT (Remote Access Trojan) variant discovered recently by the researchers from Cisco Talos. As the name suggests the malware is written in Python and shares some code similarities and functionalities with an older RAT strain known as GolangGhost. | VIRUS | |
| 25.6.25 | Shadow Vector: SVG Smuggling campaign targets Colombian users | A phishing malware campaign dubbed Shadow Vector has been reported, targeting users in Colombia through malicious SVG files disguised as urgent court notifications. | CAMPAIGN | |
| 25.6.25 | Drops 35 | Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages | CAMPAIGN | CAMPAIGN |
| 25.6.25 | Кібератаки UAC-0001 (APT28) у відношенні державних органів із застосуванням BEARDSHELL та COVENANT | У березні-квітні 2024 року під час проведення заходів з реагування на кіберінцидент в інформаційно-комунікаційній системі (ІКС) центрального органу виконавчої влади, національною командою реагування на кіберінциденти, кібератаки, кіберзагрози CERT-UA ідентифіковано технічний засіб під управлінням операційної системи Windows, що виконував роль серверу, на якому, серед іншого, було виявлено два програмні засоби реалізації кіберзагрози, а саме: BEARDSHELL та SLIMAGENT. | BATTLEFIELD UKRAINE | BATTLEFIELD UKRAINE |
| 25.6.25 | ZDI-25-418 | Apple macOS CoreGraphics PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 24.6.25 | ZDI-25-417 | Clam AntiVirus UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 24.6.25 | ZDI-25-416 | ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 24.6.25 | ZDI-25-415 | ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability |
ZERO-DAY |
|
| 24.6.25 | ZDI-25-414 | Ruby WEBrick read_header HTTP Request Smuggling Vulnerability |
ZERO-DAY |
|
| 24.6.25 | Koi Loader/Koi Stealer infection | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. | MALWARE TRAFFIC | MALWARE TRAFFIC |
| 24.6.25 | Malware disgused as cracked version of popular software | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. | MALWARE TRAFFIC | MALWARE TRAFFIC |
| 24.6.25 | LLMs unlock new paths to monetizing exploit | We argue that Large language models (LLMs) will soon alter the economics of cyberattacks. Instead of attacking the most commonly used software and monetizing exploits by targeting the lowest common denominator among victims, LLMs enable adversaries to launch tailored attacks on a user-by-user basis. | PAPERS | AI |
| 24.6.25 | Bypassing Prompt Injection and Jailbreak Detection in LLM Guardrai | Large Language Models (LLMs) guardrail systems are designed to protect against prompt injection and jailbreak attacks. | PAPERS | AI |
| 24.6.25 | CVE-2023-20198 | Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. | VULNEREBILITY | VULNEREBILITY |
| 24.6.25 | UMBRELLA STAND | Malware targeting Fortinet devices | MALWARE | RAT |
| 24.6.25 | SHOE RACK | A post-exploitation tool for remote shell access & TCP tunnelling through a victim device. | MALWARE | RAT |
| 24.6.25 | Context Poisoning Jailbreak | Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails | ATTACK | AI |
| 24.6.25 | XDigo | SadFuture: Mapping XDSpy latest evolution | MALWARE | GO |
| 23.6.25 | ZDI-25-413 | Fuji Electric Smart Editor TL5 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-412 | Fuji Electric Smart Editor X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-411 | Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-410 | Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-409 | RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-408 | PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-407 | SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-406 | SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-405 | Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-404 | Fuji Electric Smart Editor X1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-403 | Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-402 | Fuji Electric Smart Editor TL5 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-401 | Fuji Electric Smart Editor V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-400 | Fuji Electric Smart Editor TL5 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-399 | Fuji Electric Smart Editor V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-398 | Trend Micro Internet Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-397 | Delta Electronics COMMGR Insufficient Randomization Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-396 | Siemens TeleControl Server Basic UpdateOpcSettings SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-395 | Siemens TeleControl Server Basic UpdateGateways SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-394 | Siemens TeleControl Server Basic CreateProject SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-393 | Siemens TeleControl Server Basic UpdateBufferingSettings SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-392 | Siemens TeleControl Server Basic UpdateSmtpSettings SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-391 | Siemens TeleControl Server Basic UpdateTcmSettings SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-390 | Siemens TeleControl Server Basic UpdateDatabaseSettings SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-389 | Siemens TeleControl Server Basic UpdateUsers SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-388 | Siemens TeleControl Server Basic ImportDatabase SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-387 | Siemens TeleControl Server Basic UpdateProjectConnections SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-386 | Siemens TeleControl Server Basic UpdateConnectionVariables SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-385 | Siemens TeleControl Server Basic RestoreFromBackup SQL Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-384 | Siemens TeleControl Server Basic Authenticate SQL Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-383 | Siemens TeleControl Server Basic VerifyUser SQL Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-382 | Siemens TeleControl Server Basic UpdateProject SQL Injection Information Disclosure Vulnerability |
ZERO-DAY |
|
| 23.6.25 | ZDI-25-381 | Siemens TeleControl Server Basic CreateTrace SQL Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 23.6.25 | GodFather | GodFather Malware Returns Targeting Banking Users | MALWARE | BANKING |
| 23.6.25 | FjordPhantom | Promon discovers new Android banking malware, “FjordPhantom” | MALWARE | BANKING |
| 23.6.25 | CVE-2025-4322 | The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. | VULNEREBILITY | VULNEREBILITY |
| 23.6.25 | Anubis | Anubis: A New Ransomware Threat | RANSOMWARE | RANSOMWARE |
| 22.6.25 | CVE-2023-0386 | Linux Kernel Improper Ownership Management Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 22.6.25 | CVE-2025-5309 | The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution. | VULNEREBILITY | VULNEREBILITY |
| 21.6.25 | CVE-2025-3464 | A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. | VULNEREBILITY | VULNEREBILITY |
| 21.6.25 | Amatera Stealer | Amatera is a recently identified infostealer variant believed to be an evolution of the older ACR Stealer malware. It has been reported as being offered for sale via the malware-as-a-service (MaaS) model. | VIRUS | |
| 21.6.25 | CVE‑2025‑49113 – Post‑Auth Remote Code Execution vulnerability in Roundcube | CVE-2025-4123 is a recently disclosed critical (CVSS score 9.9) Post‑Auth Remote Code Execution (RCE) vulnerability affecting Roundcube, which is a free and open-source webmail application. | VULNEREBILITY | |
| 21.6.25 | Discord Vanity Link Flaw Exploited in New Malware Campaign Dropping AsyncRAT and Skuld Stealer | A new sophisticated malware campaign aimed at financial gain from cryptocurrency users is exploiting a subtle weakness in Discord's invitation system to distribute an information stealer called Skuld and the AsyncRAT. | EXPLOIT | |
| 21.6.25 | Stargazers malware campaign targets Minecraft players via fake mods | A large-scale malware campaign operated by the Stargazers Ghost Network is actively targeting Minecraft players, according to a recent report from Checkpoint. | CAMPAIGN | |
| 21.6.25 | Modified XWorm RAT distributed through trojanized MSI | A China-linked threat actor distributing a trojanized MSI installer posing as a WhatsApp setup to deliver a customized XWorm Remote Access Trojan (RAT) has been reported targeting users in East and Southeast Asia. | VIRUS | |
| 21.6.25 | New variant of the Godfather mobile malware employs virtualization techniques | A new variant of the Godfather Android banking malware has been discovered in the wild. | ||
| 21.6.25 | CVE-2023-0386 - Linux Kernel Improper Ownership Management vulnerability exploited in the wild | CVE-2023-0386 is a high severity (CVSS score 7.8) Improper Ownership Management vulnerability affecting the Linux Kernel. | VULNEREBILITY | |
| 21.6.25 | FIN7-linked GrayAlpha uses PowerShell loaders and TDS to spread NetSupport RAT | GrayAlpha, a cybercriminal group associated with FIN7, has been reported conducting a sophisticated malware campaign using multiple infection vectors to distribute NetSupport RAT via custom PowerShell loaders, PowerNet and MaskBat. | APT | |
| 21.6.25 | New Librarian Ghouls Campaign | A new cyber espionage campaign by APT group "Librarian Ghouls" (also known as Rare Werewolf and Rezet) was observed targeting organizations primarily in Russia, Belarus and Kazakhstan focusing on industrial organizations and engineering schools, along with sectors like rocket, aviation, space, defense, and petrochemical industries. | CAMPAIGN | |
| 21.6.25 | HijackLoader campaign delivers DeerStealer payload | A recent campaign leveraging the HijackLoader malware has been observed to distribute the DeerStealer malicious payload. | CAMPAIGN | |
| 21.6.25 | Threat Actors Abuse Paste.ee and use Unicode Deception to Deploy XWorm RAT | A sophisticated malware campaign initiated by a deceptively named JavaScript file designed to download a malicious payload was observed. | VIRUS | |
| 21.6.25 | XDSpy campaign employs whitespace-obfuscated LNK files | A new XDSpy malware campaign, attributed to the SadFuture threat actor, has been observed targeting Eastern European and Russian government entities. | VIRUS | |
| 21.6.25 | Financial communications lead to malware downloads for Taiwanese users | A threat actor has been targeting users in Taiwan through campaigns masquerading as communications from official financial entities. | VIRUS | |
| 21.6.25 | CVE-2025-48828 - a new vBulletin RCE vulnerability | CVE-2025-48828 is a recently disclosed critical (CVSS score 9.0) template engine vulnerability affecting vBulletin, which is a commercial forum software platform. | VULNEREBILITY | |
| 21.6.25 | MintsLoader Malware Campaign Hits Italian PEC Users | A new MintsLoader malware campaign has targeted Italy, showcasing the attacker's strategy of adapting to the local Italian work calendar. | VIRUS | |
| 21.6.25 | Pickai Backdoor | A new backdoor malware dubbed Pickai (AI Pickpocket) has been observed spreading through vulnerabilities in the popular ComfyUI framework. Written in C++, Pickai spreads through innocuous-looking configuration files like JSON and TMUX settings. | VIRUS | |
| 21.6.25 | Hackers Weaponize Legitimate 'Netbird' Tool in Phishing Campaign Targeting CFOs | A new fake recruiter spear-phishing campaign has been observed targeting high-level financial executives at banks, energy companies, insurers, and investment firms across Africa, Canada, Europe, the Middle East, and South Asia. | PHISHING | |
| 21.6.25 | CVE-2025-4123 - Grafana XSS and Full-Read SSRF vulnerability | CVE-2025-4123 is a recently discovered high severity (CVSS score 7.6) open redirect vulnerability affecting Grafana, which is an open-source data visualization platform. | VULNEREBILITY | |
| 21.6.25 | Masslogger | During our recent investigation at Seqrite Labs, we identified a sophisticated variant of Masslogger credential stealer malware spreading through .VBE (VBScript Encoded) files | MALWARE | VBE |
| 21.6.25 | Amatera Stealer | Proofpoint has been closely monitoring a stealer malware formerly known as ACR Stealer. In 2025, Proofpoint analysts identified a new, unnamed malware exhibiting significant code overlap, shared features, and capabilities with ACR Stealer. | MALWARE | STEALER |
| 21.6.25 | VMDetector | VMDetector-Based Loader Abuses Steganography to Deliver Infostealers | MALWARE | STEALER |
| 21.6.25 | Prometei | Resurgence of the Prometei Botnet | BOTNET | BOTNET |
| 21.6.25 | PylangGhost | Famous Chollima deploying Python version of GolangGhost RAT | MALWARE | RAT |
| 20.6.25 | Shadow Vector | Shadow Vector targets Colombian users via privilege escalation and court-themed SVG decoys | CAMPAIGN | CAMPAIGN |
| 20.6.25 | Stargazers Ghost Network Campaigns | Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader. | CAMPAIGN | CAMPAIGN |
| 20.6.25 | AntiDot | is an Android botnet malware that lets cybercriminals control their victim devices with high capability. LARVA-398 operates and sells this botnet as a Malware as a Service (MaaS) on underground forums. | BOTNET | BOTNET |
| 20.6.25 | Blue(Noroff) | Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion | GROUP | GROUP |
| 20.6.25 | APT29 | What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | APT | APT |
| 20.6.25 | CVE-2025-6018 | A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). | VULNEREBILITY | VULNEREBILITY |
| 20.6.25 | CVE-2025-6019 | A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. | VULNEREBILITY | VULNEREBILITY |
| 20.6.25 | SERPENTINE#CLOUD | Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware | CAMPAIGN | CAMPAIGN |
| 20.6.25 | KimJongRAT | Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation | MALWARE | STEALER |
| 18.6.25 | CVE-2023-0386 | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. | VULNEREBILITY | VULNEREBILITY |
| 18.6.25 | CVE-2025-23121 | A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. | VULNEREBILITY | VULNEREBILITY |
| 18.6.25 | CVE-2025-2783 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) | VULNEREBILITY | VULNEREBILITY |
| 18.6.25 | CVE-2025-3248 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | VULNEREBILITY | VULNEREBILITY |
| 18.6.25 | CVE-2023-33538 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | ZDI-25-380 | Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-379 | (Pwn2Own) Ubiquiti Networks AI Bullet Insufficient Firmware Update Validation Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-378 | (Pwn2Own) Ubiquiti Networks UniFi Console Missing Authentication for Critical Function Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-377 | (Pwn2Own) Ubiquiti Networks AI Bullet Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-376 | (Pwn2Own) Ubiquiti Networks AI Bullet Improper Certificate Validation Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-375 | Trend Micro Endpoint Encryption ProcessWhereClause SQL Injection Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-374 | Trend Micro Endpoint Encryption ValidateToken Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-373 | Trend Micro Endpoint Encryption DbAppDomain Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-372 | Trend Micro Endpoint Encryption GetGroupFilteredUsers SQL Injection Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-371 | Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-370 | Trend Micro Endpoint Encryption PolicyServerWindowsService Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-369 | Trend Micro Endpoint Encryption PolicyValueTableSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-368 | Trend Micro Endpoint Encryption BuildEnterpriseSearchString SQL Injection Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-367 | Trend Micro Apex Central ConvertFromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-366 | Trend Micro Apex Central GetReportDetailView Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-365 | Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-364 | Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-363 | Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-362 | Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-361 | Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-360 | Trend Micro Worry-Free Business Security Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-359 | Microsoft Visual Studio initializeCommand Insufficient UI Warning Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-358 | (Pwn2Own) Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-357 | (Pwn2Own) Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-356 | (Pwn2Own) Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-355 | (Pwn2Own) Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-354 | (Pwn2Own) Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-353 | (Pwn2Own) Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-352 | Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-351 | Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-350 | Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-349 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-348 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-347 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-346 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-345 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-344 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-343 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-342 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-341 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-340 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-339 | JupyterLab Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-338 | Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-337 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-336 | Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-335 | Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-334 | Microsoft Windows Remote Desktop Gateway Service Null Pointer Dereference Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-333 | Microsoft Windows Installer Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-332 | Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | SmartAttack: Air-Gap Attack via Smartwatches | Air-gapped systems are considered highly secure against data leaks due to their physical isolation from external networks. | PAPERS | PAPERS |
| 15.6.25 | CVE-2025-49220 | A pre-auth RCE in Apex Central in the ConvertFromJson method. Improper input validation during deserialization lets attackers execute arbitrary code remotely without authentication. (CVSS 9.8) | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49219 | A pre-authentication RCE flaw in the GetReportDetailView method of Apex Central caused by insecure deserialization. Exploiting this allows unauthenticated attackers to execute code in the context of NETWORK SERVICE. (CVSS 9.8) | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49217 | A pre-authentication RCE vulnerability in the ValidateToken method, triggered by unsafe deserialization. While slightly harder to exploit, it still allows unauthenticated attackers to run code as SYSTEM | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49216 | An authentication bypass flaw in the DbAppDomain service due to a broken auth implementation. Remote attackers can fully bypass login and perform admin-level actions without credentials | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49213 | A pre-authentication remote code execution vulnerability in the PolicyServerWindowsService class, stemming from deserialization of untrusted data. Attackers can run arbitrary code as SYSTEM with no authentication required | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49212 | A pre-authentication remote code execution flaw caused by insecure deserialization in the PolicyValueTableSerializationBinder class. Remote attackers can exploit it to execute arbitrary code as SYSTEM without requiring login | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-33073 | Windows SMB Client Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-33053 | External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | DanaBleed | DanaBleed: DanaBot C2 Server Memory Leak Bug | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-3052 | CVE-2025-3052 InsydeH2O Secure Boot Bypass | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable | UEFI firmware applications DTBios and BiosFlashShell from DTResearch contain a vulnerability that allows Secure Boot to be bypassed using a specially crafted NVRAM variable. | ALERT | ALERT |
| 14.6.25 | Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation | An out-of-bounds (OOB) read vulnerability has been identified in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.83 (March 2024). | ALERT | ALERT |
| 14.6.25 | A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable | A vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. | ALERT | ALERT |
| 14.6.25 | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-22455 | A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-5353 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | 2024 INTERNET CRIME REPORT | 2024 INTERNET CRIME REPORT | REPORT | REPORT |
| 14.6.25 | 2023 INTERNET CRIME REPORT | 2023 INTERNET CRIME REPORT | REPORT | REPORT |
| 14.6.25 | CVE-2025-49113 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2024-3721 | A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | JSFireTruck | JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique | CAMPAIGN | CyberCrime |
| 14.6.25 | Skuld | The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets. | MALWARE | STEALER |
| 14.6.25 | APT PROFILE – MISSION2025 | MISSION2025 is a Chinese state-sponsored advanced persistent threat (APT) group linked to APT41. Active since at least 2012, the group has conducted cyberespionage and | APT | APT |
| 13.6.25 | CyberEye RAT | CyberEye is a modular Remote Access Trojan that relies on Telegram for its C2 communications. Using a publicly available builder, its implants can be customized to include features like anti-analysis, cryptocurrency hijacking, and persistence. | VIRUS | |
| 13.6.25 | Spectra Ransomware | Spectra is a new ransomware variant found in the wild just this year. The malware belongs to the well known Chaos ransomware family. | RANSOM | |
| 13.6.25 | Stealth Falcon exploits Zero-Day Vulnerability CVE-2025-33053 | As reported by Check Point, the APT group Stealth Falcon has been observed exploiting a zero-day vulnerability (CVE-2025-33053) in a new malware campaign. | VULNEREBILITY | |
| 13.6.25 | Unusual Fog ransomware activity | In a recent report, the Symantec and Carbon Black Threat Hunter Team analyzed a Fog ransomware attack that targeted a financial institution in Asia. | RANSOM | |
| 13.6.25 | FIN6 abuses Job Portals and Cloud Infrastructure to evade detection | A malware campaign attributed to the threat actor FIN6, posing as job applicants on platforms like LinkedIn and Indeed, has been observed in the wild. Once a target is lured, the threat actor sends phishing emails containing non-clickable URLs that lead to cloud-hosted “resume” sites on AWS. | GROUP | |
| 13.6.25 | Chinese threat actor groups target cybersecurity vendor |
According to a recent report from SentinelLabs, China-backed
threat actors have deployed ShadowPad and PurpleHaze malware in global
campaigns.
|
GROUP | |
| 13.6.25 | Myth Stealer malware | Myth is a new Rust-based infostealing malware discovered recently in the wild. The malware has been previously advertised on various Telegram groups and lately reported as being distributed via fraudulent gaming websites and online portals offering software cracks, among others. | VIRUS | |
| 13.6.25 | CVE-2024-57727 | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. | VULNEREBILITY | VULNEREBILITY |
| 13.6.25 | CVE-2025-43200 | iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. | VULNEREBILITY | VULNEREBILITY |
| 13.6.25 | TokenBreak Attack | Manipulating tokens to get past the security guard | ATTACK | ATTACK |
| 13.6.25 | CVE-2025-32711 | M365 Copilot Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 11.6.25 | Exploitaiton of Wazuh CVE-2025-24016 vulnerability leads to Mirai botnet distribution | New campaigns distributing variants of the popular Mirai botnet have been reported in the wild. The attackers have been exploiting critical (CVSS score 9.9) CVE-2025-24016 deserialization vulnerability affecting Wazuh Server which might allow for a remote code execution on the vulnerable devices. | BOTNET | |
| 11.6.25 | Datarip - a new MedusaLocker ransomware variant | Datarip ransomware is a new malware strain from the MedusaLocker ransomware family recently seen in the wild. The malware encrypts sensitive data while appending ".datarip" extension to the locked files. | RANSOM | |
| 11.6.25 | DuplexSpy RAT | DuplexSpy is a new Remote Access Trojan (RAT) variant identified in the wild. The malware is written in C#, has modular architecture and uses DLL injection technique for in-memory payload execution. | VIRUS | |
| 11.6.25 | DragonClone malicious operation | DragonClone is a new malicious campaign identified in the wild. The attackers have been targeting the Chinese Telecom Industry and distributing Veletrix and VShell malware implants as payloads. | OPERATION | |
| 11.6.25 | Golden Piranha - a new banking threat | Golden Piranha is the name of an emerging banking trojan identified by the researchers from SCILabs. The malware is leveraging Google Chrome browser extensions in order to steal banking related inputs from miscellaneous banking website forms. | ||
| 11.6.25 | SinoTrack GPS Receiver | Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface. | VULNEREBILITY | VULNEREBILITY |
| 11.6.25 | Microsft June 2025 Security Updates | This release consists of the following 68 Microsoft CVEs: | VULNEREBILITY | VULNEREBILITY |
| 11.6.25 | Adobe Security Bulletin June | Security updates available for Adobe Experience Manager | VULNEREBILITY | VULNEREBILITY |
| 11.6.25 | Salesforce Industry Clouds: Low-Code, High Stakes |
Salesforce industry clouds are a suite of Salesforce
solutions, each of which enables organizations to build industry-specific applications and workflows in a simplified low-code manner. |
REPORT | REPORT |
| 11.6.25 | FIN6 | Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery | GROUP | GROUP |
| 11.6.25 | Rust Based InfoStealer | Demystifying Myth Stealer: A Rust Based InfoStealer | MALWARE | STEALER |
| 10.6.25 | Rare Werewolf | Sleep with one eye open: how Librarian Ghouls steal data by night | APT | APT |
| 10.6.25 | CVE-2025-32433 | (CVSS score: 10.0) - A missing authentication for a critical function vulnerability in the Erlang/OTP SSH server that could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution. |
VULNEREBILITY |
|
| 10.6.25 | CVE-2024-42009 | (CVSS score: 9.3) - A cross-site scripting (XSS) vulnerability in RoundCube Webmail that could allow a remote attacker to steal and send emails of a victim via a crafted email message by taking advantage of a desanitization issue in program/actions/mail/show.php. |
VULNEREBILITY |
|
| 10.6.25 | CVE-2025-24016 | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). |
VULNEREBILITY |
|
| 10.6.25 | Disrupting malicious uses of AI: June 2025 | Our mission is to ensure that artificial general intelligence benefits all of humanity. We advance this mission by deploying our innovations to build AI tools that help people solve really hard problems. | REPORT | REPORT |
| 8.6.25 | Sakura RAT | A simple customer query leads to a rabbit hole of backdoored malware and game cheats | MALWARE | RAT |
| 8.6.25 | AS-REP Roasting Attack Explained | In the MITRE ATT&CK Framework, the AS-REP Roasting attack is categorized as T1558.004 under the 'Steal or Forge Kerberos Tickets' attack technique. | ATTACK | ATTACK |
| 8.6.25 | StopRansomware: Play Ransomware update | The advisory was updated to reflect new TTPs employed by Play ransomware group, as well as provide current IOCs/remove outdated IOCs for effective threat hunting | RANSOMWARE | RANSOMWARE |
| 8.6.25 | ZDI-25-331 | Autodesk Revit RFA File Parsing Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-330 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-329 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-328 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-327 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-326 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-325 | Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | REVIEW OF THE ATTACKS ASSOCIATED WITH LAPSUS$ AND RELATED THREAT GROUPS | Beginning in late 2021 and continuing late into 2022, a globally active, extortion-focused cyber threat actor group attacked dozens of well-known companies and government agencies around the world. | REPORT | REPORT |
| 8.6.25 | Infostealer Pipeline | The Infostealer Pipeline: How Russian Market Fuels Credential-Based Attacks | REPORT | REPORT |
| 8.6.25 | CVE-2025-48828 | Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. |
VULNEREBILITY |
|
| 8.6.25 | CVE-2025-48827 | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025. |
VULNEREBILITY |
|
| 8.6.25 | Operation Phantom Enigma | A malicious campaign discovered by Positive Technologies specialists is primarily targeting residents of Brazil. Attacks have been detected since the beginning of 2025. | OPERATION | OPERATION |
| 7.6.25 | Interlock ransomware group deploys a new RAT named "NodeSnake" | Interlock ransomware group has been observed deploying a new RAT named "NodeSnake" and targeting educational institutions. | RANSOM | |
| 7.6.25 | APT41 using custom malware "TOUGHPROGRESS" to exploit Google Calendar | Threat Actor group APT41 has been observed using custom malware named TOUGHPROGRESS, which leverages Google Calendar events as its C2 channel, allowing it to hide malicious commands in seemingly benign public calendar entries. | APT | |
| 7.6.25 | Cheating in games might get you Blitz'ed | Blitz is a multi-stage malware composed of downloader and botnet components. A recent report by researchers at Palo Alto Networks provides details of campaigns attempting to proliferate this malware | VIRUS | |
| 7.6.25 | Android malware targets users in India by pretending to be a government app | In some recently observed malicious activity, a fake government application was found to be targeting Android users in India. | VIRUS | |
| 7.6.25 | Chaos RAT malware | A new Golang-based 5.0.3 variant of the Chaos RAT (Remote Access Trojan) has been recently discovered in the wild. | VIRUS | |
| 7.6.25 | Increased activity of DCRAT malware in Latin America | DCRAT (aka Dark Crystal RAT) is a modular RAT (Remote Access Trojan) offered for sale in form of Malware-as-a-Service (MaaS) model for last several years. | VIRUS | |
| 7.6.25 | AMOS malware for macOS spread via Clickfix social engineering techniques | A new campaign delivering the AMOS malware for macOS has been reported to leverage Clickfix social engineering techniques. | VIRUS | |
| 7.6.25 | Fake CAPTCHAs deliver multi-stage PowerShell downloaders | CAPTCHAs are used to determine whether a website visitor is human versus a bot. Malware campaigns have introduced fake CAPTCHAs into the attack chain to encourage interaction by the proposed victim. ClickFix is a name often given to such behavior. | VIRUS | |
| 7.6.25 | ViperSoftX activities continues via fake software | According to recent reports ViperSoftX continues to circulate widely across the globe, with a noticeable uptick in South Korea. | VIRUS | |
| 7.6.25 | CVE-2025-27920 - Srimax Output Messenger Directory Traversal vulnerability | CVE-2025-27920 is a recently discovered directory traversal vulnerability affecting Srimax Output Messenger software. | VULNEREBILITY | |
| 7.6.25 | AMOS update | AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers | MALWARE | Stealer |
| 6.6.25 | DuplexSpy | DuplexSpy RAT: Stealthy Windows Malware Enabling Full Remote Control and Surveillance | MALWARE | RAT |
| 6.6.25 | PathWiper | Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine | MALWARE | Wipper |
| 5.6.25 | ZDI-25-324 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-323 | Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-322 | 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-321 | GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-320 | SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-319 | Hewlett Packard Enterprise StoreOnce VSA getServerCertificate Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-318 | Hewlett Packard Enterprise StoreOnce VSA getServerPayload Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-317 | Hewlett Packard Enterprise StoreOnce VSA deletePackages Directory Traversal Arbitrary File Deletion Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-316 | Hewlett Packard Enterprise StoreOnce VSA Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-315 | Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-314 | Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-313 | Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-312 | Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 |
BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool |
In 2016, a sophisticated malware campaign targeting Pakistani nationals made headlines. Dubbed Bitter[4], the Advanced Persistent Threat group (also known as APT-C-08 [5]) has been active both in desktop and mobile malware campaigns for quite a long time, as their activity seems to date back to 2014. | REPORT | REPORT |
| 5.6.25 | Bitter Group | Bitter Group Distributes CHM Malware to Chinese Organizations | GROUP | GROUP |
| 5.6.25 | BladedFeline | ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig | APT | APT |
| 5.6.25 | Vishing Threats | Hello, Operator? A Technical Analysis of Vishing Threats | PHISHING | Vishing |
| 5.6.25 | UNC6040 | The Cost of a Call: From Voice Phishing to Data Extortion | GROUP | GROUP |
| 5.6.25 | CVE-2025-20286 | A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. |
VULNEREBILITY |
|
| 4.6.25 | New campaigns delivering Crocodilus mobile malware | A new variant of the Crocodilus mobile malware has been spread in recent campaigns targeting users in Europe and South America. | CAMPAIGN | |
| 4.6.25 | CVE-2023-38950 - ZKTeco BioTime Path Traversal vulnerability | CVE-2023-38950 is a path traversal vulnerability affecting ZKTeco BioTime which is a web-based time and attendance management software. | VULNEREBILITY | |
| 4.6.25 | Exploiting the hype around popular AI tools to distribute various malware via fraudulent installers | Threat Actors are exploiting the hype around AI to distribute various malware strains. By capitalizing on the public's eagerness to access popular AI tools (such as ChatGPT, Copilot, DALL-E, Gemini, Midjourney, and Sora) Threat Actors are creating convincing but fraudulent installers. | AI | |
| 4.6.25 | Telegram-Based Email Credential Theft – Fake FedEx Invoice Campaign | Shipping companies are frequently exploited in social engineering attacks due to their global recognition, trusted brand image, and association with package notifications, invoices, and delivery updates—topics that easily trigger urgency, curiosity, and user interaction. These characteristics make them prime targets for phishing and credential theft campaigns. | CAMPAIGN | |
| 4.6.25 | EddieStealer delivered through ClickFix | EddieStealer is a Rust-based information stealer malware which has recently been observed as the payload of ClickFix campaigns. | VIRUS | |
| 4.6.25 | Latest PureHVNC RAT deployment campaigns | New campaigns delivering the PureHVNC RAT have been reported in the wild. The threat actors conduct multi stage operations and make use of miscellaneous components in their attacks including malicious .lnk files, PowerShell code, JavaScript, AutoIt, etc. | CAMPAIGN | |
| 4.6.25 | Python-based Lyrix Ransomware | Lyrix ransomware is a new Python based ransomware discovered in underground forums. It behaves in a manner similar to most current ransomware families | RANSOM | |
| 4.6.25 | New Katz Stealer malware-as-a-service compromises Web browsers | Katz Stealer operates as a multi-feature credential-stealing Malware-as-a-Service, designed for extensive system reconnaissance and data theft. It targets a vast array of sensitive information, including saved passwords, cookies, and session tokens from popular web browsers (Chrome, Edge, Brave, Firefox), cryptocurrency wallet files, and private keys via keyword matching. | VIRUS | |
| 4.6.25 | Earth Lamia exploits various SQL injection vulnerabilities | APT threat actor Earth Lamia exploits vulnerabilities in web applications to gain access to organizations, using various SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations for data exfiltration. | APT | |
| 4.6.25 | Recent VenomRAT activity |
A recent activity attributed to the VenomRAT malware has
been spotted in the wild. Malware is spread from a phishing website
disguised as AV software download page.
|
VIRUS | |
| 4.6.25 | PumaBot - a new botnet on the rise | PumaBot is a new Go-based botnet strain identified recently in the wild. Unlike some more common botnet variants, PumaBot does not rely on scanning the Internet for vulnerable devices but instead targets very specific ones via a list of IP addresses retrieved from the attacker C2 servers. | BOTNET | |
| 4.6.25 | Zanubis mobile malware latest activity | Zanubis is an Android banking malware active in the threat landscape since at least 2022. The malware has been known to mostly target banks and financial entities in South America but also expanding over time and adding theft of virtual cards and cryptocurrency to its portfolio. | ||
| 4.6.25 | AsyncRAT malspam campaigns observed | We've recently observed some malspam campaigns leveraging multiple downloads, starting with box.com, to deliver an AsyncRAT payload. | VIRUS | |
| 4.6.25 | Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress | Fancy Bear (aka APT28, Sofacy, Pawn Storm, Sednit, STRONTIUM, Tsar Team, and Threat Group-4127) is a Russian Threat Actor group that uses spearphishing to deliver SpyPress, a malicious JavaScript payload, by exploiting cross-site scripting (XSS) vulnerabilities in webmail interfaces to exfiltrate sensitive email data from high-value webmail servers. | ALERTS | PHISHING |
| 4.6.25 | Bofamet Stealer malware | Bofamet is a new Python-based infostealer found in the wild. The malware collects miscellaneous information from the compromised endpoints including: credentials, system information, browser cookies, Telegram session data, Discord tokens, screenshots, Steam configuration files, etc. | VIRUS | |
| 4.6.25 | Chaos RAT | From open-source to open threat: Tracking Chaos RAT’s evolution | MALWARE | RAT |
| 4.6.25 | CVE-2025-37093 | An authentication bypass vulnerability exists in HPE StoreOnce Software. |
VULNEREBILITY |
|
| 3.6.25 | JINX-0132 | The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul. | GROUP | GROUP |
| 3.6.25 | CVE-2025-49113 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. |
VULNEREBILITY |
|
| 3.6.25 | Crocodilus | Crocodilus Mobile Malware: Evolving Fast, Going Global | MALWARE | Android |
| 3.6.25 | CVE-2025-5419 | Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
VULNEREBILITY |
|
| 3.6.25 | CVE-2024-13917 | (CVSS score: 8.3) - A pre-installed "com.pri.applock" application on Kruger&Matz smartphones exposed an "com.pri.applock.LockUI" activity that allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2024-13916 | (CVSS score: 6.9) - A pre-installed "com.pri.applock" application on Kruger&Matz smartphones allows a user to encrypt any application using user-provided PIN code or by using biometric data. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2024-13915 | (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone and Krüger&Matz smartphones exposes a "com.pri.factorytest.emmc.FactoryResetService" service that allows any installed application to perform a factory reset of the device. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2025-27038 | Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2025-21480 | Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2025-21479 | Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. |
VULNEREBILITY |
|
| 1.6.25 | Browser in the Middle (BiTM) | An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access. | HACKING | HACKING |
| 1.6.25 | Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites | Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular those tools which can be used to generate videos based on user prompts. | HACKING | HACKING |
| 1.6.25 | Infrastructure Used to Manage Domains Related to Cryptocurrency Investment Fraud Scams between October 2023 and April 2025 | The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull). | REPORT | REPORT |
| 1.6.25 | NodeSnake Malware Campaign | Threat Intelligence NodeSnake Malware Campaign | REPORT | REPORT |
| 1.6.25 | ASUS Routers campaign | GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers | CAMPAIGN | CAMPAIGN |
| 1.6.25 | Poseidon Stealer and Payday Loader | Dark Partners: The crypto heist adventure of Poseidon Stealer and Payday Loader | MALWARE | MALWARE |
| 1.6.25 | PumaBot | PumaBot: Novel Botnet Targeting IoT Surveillance Devices | BOTNET | BOTNET |
| 1.6.25 | CVE-2023-39780 | On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. |
VULNEREBILITY |
|
| 1.6.25 | CVE-2025-5054 | (CVSS score: 4.7) - A race condition in Canonical apport package up to and including 2.32.0 that allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces |
VULNEREBILITY |
|
| 1.6.25 | CVE-2025-4598 | (CVSS score: 4.7) - A race condition in systemd-coredump that allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process |
VULNEREBILITY |