2024 January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(316) September(186) October(24) November(114) December(126) | 2025 January(141) February(191) March(268) April(184) May(0) June(0) July(0) August(0) September(0)
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
|
20.4.25 |
WINELOADER | MALWARE | Loader | European diplomats targeted by APT29 (Cozy Bear) with WINELOADER |
|
20.4.25 |
KB5059091 | KB DATABAZE | KB DATABAZE | 16. dubna 2025 – KB5059091 (build operačního systému 17763.7249) mimo pásmo |
|
20.4.25 |
KB5059092 | KB DATABAZE | KB DATABAZE | 16. dubna 2025 – KB5059092 (build operačního systému 20348.3566) mimo pásmo |
|
20.4.25 |
KB5059087 | KB DATABAZE | KB DATABAZE | 16. dubna 2025 – KB5059087 (build operačního systému 26100.3781) Mimo pásmo |
|
20.4.25 |
KB5058922 | KB DATABAZE | KB DATABAZE | 11. dubna 2025 – KB5058920 (build operačního systému 20348.3561) Mimo pásmo |
|
20.4.25 |
KB5058921 | KB DATABAZE | KB DATABAZE | 11. dubna 2025 – KB5058921 (build operačního systému 14393.7973) Mimo pásmo |
|
20.4.25 |
KB5058920 | KB DATABAZE | KB DATABAZE | 11. dubna 2025 – KB5058922 (build operačního systému 17763.7240) Mimo pásmo |
|
20.4.25 |
KB5058920 | KB DATABAZE | KB DATABAZE | 11. dubna 2025 – KB5058920 (build operačního systému 20348.3561) Mimo pásmo |
|
20.4.25 |
KB5058919 | KB DATABAZE | KB DATABAZE | 11. dubna 2025 – KB5058919 (buildy operačního systému 22621.5192 a 22631.5192) Mimo pásmo |
|
20.4.25 |
KB DATABAZE | KB DATABAZE |
KB5057589: Aktualizace prostředí Windows Recovery Environment pro Windows 10 verze 21H2 a 22H2: 8. dubna 2025 |
|
|
20.4.25 |
KB DATABAZE | KB DATABAZE |
KB5057588: Aktualizace prostředí Windows Recovery Environment pro Windows Server 2022: 8. dubna 2025 |
|
| 19.4.25 | Earth Estries | APT | PROFILE | Earth Estries is a Chinese Advanced Persistent Threat (APT) group that has gained prominence for its sophisticated cyber espionage activities targeting critical infrastructure and government entities globally. |
| 19.4.25 | Smishing Triad | CAMPAIGN | SPAM | Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit |
| 19.4.25 | CVE-2025-2492 |
VULNEREBILITY |
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | |
| 18.4.25 | MysterySnail RAT | MALWARE | RAT | IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia |
| 18.4.25 | PteroLNK malware | VIRUS | PteroLNK is a new Pterodo malware variant recently distributed in the wild and attributed to the Shuckworm APT (aka Gamaredon). The malware comes in form of an obfuscated VBScript with a downloader and a LNK dropper components. | |
| 18.4.25 | A recent campaign attributed to the Fritillary APT group | APT | A new malicious campaign targeting diplomatic entities in Europe has been attributed to the cyberespionage group called Fritillary (aka Midnight Blizzard, APT29). According to a recent research by Checkpoint, the attackers have been leveraging a new custom malware loader dubbed GrapeLoader as well as an updated variant of the WineLoader backdoor. | |
| 18.4.25 | New fileless malware campaign drops XWorm & Rhadamanthys | VIRUS | A new malware campaign has been observed using JScript and obfuscated PowerShell commands to deploy highly evasive malware variants such as XWorm and Rhadamanthys. The campaign targets Windows systems employing scheduled tasks or deceptive ClickFix CAPTCHA screens to trick users into executing malicious payloads. | |
| 18.4.25 | DragonForce Ransomware's Campaign Intensifies in 2025 | RANSOM | In 2024, DragonForce ransomware actors were highly active, claiming around 93 victims on their leak website, with likely more that were not disclosed. We're still in early 2025, and the group has already "allegedly" claimed over 40 organizations as potential victims across multiple countries and sectors. | |
| 18.4.25 | Multi-stage attacks delivering Agent Tesla variants | VIRUS | Malspam email campaigns are the rule rather than the exception these days. Delivering multi-stage attacks through malicious attachments is the norm. Researchers at Palo Alto Networks have published a report sharing details about such campaigns using variants of Agent Tesla as the final payload. | |
| 18.4.25 | Malicious VSCode extensions infecing users with cryptominer | CRYPTOCURRENCY | A set of VSCode extensions posing as legitimate development tools has been observed infecting users with the XMRig cryptominer for Monero in a new cryptojacking campaign. | |
| 18.4.25 | DOGE BIG BALLS Ransomware | RANSOM | A new ransomware campaign has been reported exploiting the name of a prominent figure within the Department of Government Efficiency (DOGE) to trick victims. The attack delivers a modified variant of Fog ransomware dubbed "DOGE BIG BALLS Ransomware." | |
| 18.4.25 | Linux based BPFDoor observed in Asia and Middle East | VIRUS | BPFDoor is a Linux based backdoor that has been observed in attacks against various industries in Asia and the Middle East. Named for its use of Berkeley Packet Filtering, the malware implements a filter that activates functionality based on specific sequences found during network packet inspection. | |
| 18.4.25 | CVE-2025-30208 - Vite Arbitrary File Read vulnerability | VULNEREBILITY | CVE-2025-30208 is a recently disclosed Arbitrary File Read vulnerability affecting Vite, which is a frontend build and development tool for web applications. | |
| 18.4.25 | PAKLOG, CorKLOG, and SplatCloak | P2 | MALWARE | APT | Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 |
| 18.4.25 | ToneShell and StarProxy | P1 | MALWARE | APT | Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 |
| 18.4.25 | XorDDoS controller | MALWARE | DDoS | Unmasking the new XorDDoS controller and infrastructure |
| 18.4.25 | CVE-2025-24054 |
VULNEREBILITY |
NTLM Hash Disclosure Spoofing Vulnerability | |
| 17.4.25 | Sponsored Actors Try ClickFix | CAMPAIGN | CAMPAIGN | Around the World in 90 Days: State-Sponsored Actors Try ClickFix |
| 17.4.25 | CVE-2025-32433 |
VULNEREBILITY |
Unauthenticated Remote Code Execution in Erlang/OTP SSH | |
| 17.4.25 | CVE-2021-20035 |
VULNEREBILITY |
SonicWall SMA100 Appliances OS Command Injection Vulnerability | |
| 17.4.25 | CVE-2025-24201 |
VULNEREBILITY |
(CVSS score: 7.1) - An out-of-bounds write issue in the WebKit component that could be exploited to break out of the Web Content sandbox using maliciously crafted web content | |
| 17.4.25 | CVE-2025-24200 |
VULNEREBILITY |
(CVSS score: 4.6) - An authorization issue in the Accessibility component that could enable an attacker to disable USB Restricted Mode on a locked device as part of a cyber-physical attack | |
| 17.4.25 | CVE-2025-24085 |
VULNEREBILITY |
(CVSS score: 7.8) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges | |
| 17.4.25 | CVE-2025-31201 |
VULNEREBILITY |
(CVSS score: 6.8) - A vulnerability in the RPAC component that could be used by an attacker with arbitrary read and write capability to bypass Pointer Authentication | |
| 17.4.25 | CVE-2025-31200 |
VULNEREBILITY |
(CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio stream in a maliciously crafted media file | |
| 17.4.25 | New Vulnerabilities for schtasks.exe |
VULNEREBILITY |
Task Scheduler– New Vulnerabilities for schtasks.exe | |
| 16.4.25 | Android.Clipper | MALWARE | Android | Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft? |
| 16.4.25 | Multi-Stage Phishing Attack Exploits Gamma | ATTACK | AI | Attackers exploit Gamma in a multi-stage phishing attack using Cloudflare Turnstile and AiTM tactics to evade detection and steal Microsoft credentials. |
| 16.4.25 | BPFDoor | MALWARE | Backdoor | BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets |
| 16.4.25 | SNOWLIGHT | MALWARE | Linux | According to sysdig, SNOWLIGHT is used as a dropper for its fileless payload (vshell). |
| 16.4.25 | UNC5174 | GROUP | GROUP | UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell |
| 16.4.25 | CVE-2025-24859 |
VULNEREBILITY |
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. | |
| 15.4.25 | SpyNote Campaign Masquerades as a MissAV mobile app | CAMPAIGN | Porn remains one of the most effective social engineering vectors due to high curiosity-driven engagement, the stigma that discourages victims from reporting, and the ease with which it can be weaponized through mobile-based attacks such as fake APKs. | |
| 15.4.25 | Turkish Employment Agency Impersonated in a Snake Keylogger campaign | CAMPAIGN | Symantec has recently observed a Snake Keylogger campaign targeting organizations in Turkey, including those in the Aerospace & Defense and Financial Services sectors. | |
| 15.4.25 | ZeroTrace Stealer | VIRUS | ZeroTrace Stealer is a new infostealing malware that recently emerged on the threat landscape. The malware builder has been distributed via various underground forums and file-sharing platforms while advertised as being created for educational and research purposes ony. | |
| 15.4.25 | Pulsar RAT malware | VIRUS | Pulsar is a new remote access trojan (RAT) variant recently identified in the wild. This C#-based malware is based on the Quasar RAT strain and has miscellaneous functionality including keylogging, cryptocurrency wallet clipping, infostealing, file management, remote shell and command execution, among others. | |
| 15.4.25 | PelDox Ransomware | RANSOM | Unlike typical ransomware, PelDox does not inform victims about the encryption of their files or demand payment for decryption. After encrypting the files and appending the ".lczx" extension, the ransomware displays a full-screen message. | |
| 15.4.25 | HijackLoader new modular enhancements for stealth and evasion | HijackLoader (also known as GHOSTPULSE or IDAT Loader) is a malware loader capable of delivering second-stage payloads and offers a variety of modules mainly used for configuration information, evasion of security software, and injection/execution of code. | ||
| 15.4.25 | Slow Pisces | GROUP | GROUP | Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware |
| 15.4.25 | Precision-Validated Phishing | PHISHING | PHISHING | The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders |
| 15.4.25 | Double-Edged Email Attack | HACKING | SPAM | Pick your Poison - A Double-Edged Email Attack |
| 15.4.25 | CVE-2025-30406 |
VULNEREBILITY |
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. | |
| 15.4.25 | ResolverRAT | MALWARE | RAT | New Malware Variant Identified: ResolverRAT Enters the Maze |
| 15.4.25 | CurlBack RAT | MALWARE | RAT | Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks |
| 13.4.25 | Tycoon2FA | PHISHING | Kit | Tycoon2FA New Evasion Technique for 2025 |
| 13.4.25 |
We Have a Package for You! A Comprehensive Analysis of
Package Hallucinations by Code Generating LL |
PAPERS | AI | The reliance of popular programming languages such as Python and JavaScript on centralized package repositories and open-source software, combined with the emergence of code-generating Large Language Models (LLMs), has created a new type of threat to the software supply chain: package hallucinations. T |
| 12.4.25 | NanoCrypt Ransomware | RANSOM | NanoCrypt is another "run-of-the-mill" ransomware variant discovered in the wild. The malware encrypts user data and appends .ncrypt to the name of locked files. The ransom note dropped in the form of a text file called README.txt indicates that this malware has been created "for fun" and not intended for any harmful activity. | |
| 12.4.25 | Chaos Ransomware Variant Targets IT Staff via Fake Security Tool | RANSOM | Chaos ransomware variants continue to emerge, mostly used by actors targeting individual machines through drive-by-download social engineering. These attacks typically demand a smaller ransom compared to double-extortion ransomware actors who target larger organizations through more complex attack chains. | |
| 12.4.25 | New Amethyst Stealer variant distributed by Sapphire Werewolf group | VIRUS | Distribution of a new and updated Amethyst Stealer variant has been observed in the wild. The campaign is attributed to the threat actor known as Sapphire Werewolf. | |
| 12.4.25 | CVE-2025-31161 - CrushFTP authentication bypass vulnerability exploited in the wild | VULNEREBILITY | CVE-2025-31161 is a recently disclosed critical (CVSS score 9.8) authentication bypass vulnerability affecting CrushFTP file transfer solution. If successfully exploited, the flaw could grant unauthenticated attackers admin level access to the underlying server via crafted HTTP requests. | |
| 12.4.25 | Neptune RAT | VIRUS | Neptune RAT is a highly modular, multi-functional remote access Trojan. The malware contains numerous DLL plugins which provide functionality. Available features include, but are not limited to, the following: | |
| 12.4.25 | Salary Adjustment PDF Lure Redirects to AWS-Hosted Outlook Credential Phish | PHISHING | Symantec has observed a new phishing campaign in which threat actors are leveraging PDFs to redirect users to a phishing page hosted on AWS S3. | |
| 12.4.25 | CVE-2025-1094 - PostgreSQL SQL injection vulnerability | ALERTS | VULNEREBILITY | CVE-2025-1094 is a recently disclosed high severity (CVSS score 8.1) SQL injection vulnerability affecting PostgreSQL, which is an open-source relational database management system (RDBMS). If successfully exploited, the flaw might lead up to a remote code execution due to improperly sanitized SQL inputs. |
| 12.4.25 | CVE-2025-30401 |
VULNEREBILITY |
A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. | |
| 12.4.25 | TsarBot | MALWARE | Bot | TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications |
| 12.4.25 | CVE-2024-21762 |
VULNEREBILITY |
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests | |
| 12.4.25 | CVE-2023-27997 |
VULNEREBILITY |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. | |
| 12.4.25 | CVE-2022-42475 |
VULNEREBILITY |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | |
| 11.4.25 | Core Werewolf | GROUP | GROUP | Core Werewolf hones its arsenal against Russia’s government organizations |
| 11.4.25 | Venture Wolf | GROUP | GROUP | Venture Wolf attempts to disrupt Russian businesses with MetaStealer |
| 11.4.25 | NOVA | GROUP | GROUP | Attackers use a fork of a popular stealer to target Russian companies |
| 11.4.25 | Bloody Wolf | GROUP | GROUP | Bloody Wolf evolution: new targets, new tools |
| 11.4.25 | Sapphire Werewolf | GROUP | GROUP | Sapphire Werewolf refines Amethyst stealer to attack energy companies |
| 11.4.25 | ZDI-25-246 |
ZERO-DAY |
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability | |
| 11.4.25 | ZDI-25-245 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-244 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-243 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-242 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-241 |
ZERO-DAY |
Trend Micro Deep Security Agent Link Following Denial-of-Service Vulnerability | |
| 11.4.25 | ZDI-25-240 |
ZERO-DAY |
Trend Micro Deep Security Anti-Malware Solution Platform Link Following Local Privilege Escalation Vulnerability | |
| 11.4.25 | ZDI-25-239 | ZERO-DAY |
ZERO-DAY |
Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability |
| 11.4.25 | ZDI-25-238 | ZERO-DAY |
ZERO-DAY |
Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-237 | ZERO-DAY |
ZERO-DAY |
Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-236 | ZERO-DAY |
ZERO-DAY |
Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-235 | ZERO-DAY |
ZERO-DAY |
Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-234 | ZERO-DAY |
ZERO-DAY |
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability |
| 11.4.25 | ZDI-25-233 | ZERO-DAY |
ZERO-DAY |
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-232 | ZERO-DAY |
ZERO-DAY |
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-231 | ZERO-DAY |
ZERO-DAY |
Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-230 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-229 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability |
| 11.4.25 | ZDI-25-228 |
ZERO-DAY |
(Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability | |
| 11.4.25 | ZDI-25-227 |
ZERO-DAY |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability | |
| 11.4.25 | ZDI-25-226 |
ZERO-DAY |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Improper Input Validation Privilege Escalation Vulnerability | |
| 11.4.25 | ZDI-25-225 |
ZERO-DAY |
(Pwn2Own) Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-224 |
ZERO-DAY |
(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-223 |
ZERO-DAY |
(Pwn2Own) Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-222 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe concatstrings Type Confusion Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-221 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability |
| 11.4.25 | ZDI-25-220 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-219 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-218 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-217 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-216 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-215 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology DiskStation DS1823xs+ LDAP Client Improper Certificate Validation Authentication Bypass Vulnerability |
| 11.4.25 | ZDI-25-214 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-213 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability |
| 11.4.25 | ZDI-25-212 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability |
| 11.4.25 | ZDI-25-211 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-210 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-209 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability |
| 11.4.25 | ZDI-25-208 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology DiskStation DS1823xs+ Replication Service Out-Of-Bounds Write Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-207 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Synology BeeStation BST150-4T Command Injection Remote Code Execution Vulnerability |
| 11.4.25 | GOFFEE | GROUP | GROUP | GOFFEE continues to attack organizations in Russia |
| 11.4.25 | SpyNote | MALWARE | Android RAT | Newly Registered Domains Distributing SpyNote Malware |
| 11.4.25 | CVE-2025-3102 |
VULNEREBILITY |
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. | |
| 10.4.25 | Everest Ransomware Group | GROUP | Ransomware | Threat Actor Profile |
| 10.4.25 | GammaSteel | MALWARE | PowerShell | Shuckworm Targets Foreign Military Mission Based in Ukraine |
| 10.4.25 | CVE-2024-0132 |
VULNEREBILITY |
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. | |
| 10.4.25 | AkiraBot | BOTNET | AI | AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale |
| 9.4.25 | GiftedCrook infostealer deployed in UAC-0226 campaign | VIRUS | According to a recent security alert released by Ukraine's Computer Emergency Response Team (CERT-UA), a new wave of targeted attacks against various military and governmental entities in Ukraine has been detected. The campaign dubbed as UAC-0226 distributes phishing emails containing .xlsm attachments with malicious macros. | |
| 9.4.25 | CVE-2025-29927 - Next.js middleware authorization bypass vulnerability | VULNEREBILITY | CVE-2025-29927 is a recently disclosed vulnerability (CVSS score 9.1) affecting Next.js, which is an open-source web development javascript framework. If successfully exploited, the flaw might allow the attackers for an authorization bypass attack via specially crafted HTTP requests potentially leading to protected content exposure. | |
| 9.4.25 | This Vidar stealer is not your Sysinternals tool | VIRUS | Vidar is an information stealing malware that has been active since 2018. It is a Malware-as-a-Service offering which has been used by attackers to steal sensitive data, such as credentials stored in browsers, applications, and cloud storage services. | |
| 9.4.25 | EncryptHub attackers leverage MSC files for payload delivery | VIRUS | A recent campaign attributed to EncryptHub (Water Gamayun) group has seen the threat actors to leverage Microsoft Management Console vulnerability (tracked as CVE-2025-26633) files for malicious payload execution. | |
| 9.4.25 | HollowQuill campaign luring users with disguised malicious PDFs | CAMPAIGN | HollowQuill campaign has been targeting academic institutions and government agencies worldwide through weaponized PDF documents. The attack employs social engineering tactics, disguising malicious PDFs as research papers, grant applications, decoy research invitations, or government communiques to entice unsuspecting users. | |
| 9.4.25 | Springtail APT group targets South Korean government entities | APT | The Springtail (aka Kimsuky) APT group recently engaged in campaigns targeting South Korean government entities. The campaigns leveraged government-themed messaging (one being tax related and another regarding a policy on the topic of sex offenders) to distribute malicious LNK files as malspam attachments. | |
| 9.4.25 | From Phishing to LINE Scams: Rakuten Securities users at risk | PHISHING | Over the past few weeks, a phishing actor has been launching campaign after campaign targeting Rakuten Securities users in an attempt to steal their credentials | |
| 9.4.25 | ModiLoader deployed via .SCR in Taiwanese Freight Impersonation | VIRUS | Malware actors have been abusing Windows screensavers file format (.scr) for some time now. While they might appear harmless, they are essentially executable programs with a different file extension. | |
| 9.4.25 | CVE-2025-27491 |
VULNEREBILITY |
Windows Hyper-V Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-26686 |
VULNEREBILITY |
Windows TCP/IP Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27752 |
VULNEREBILITY |
Microsoft Excel Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27745 |
VULNEREBILITY |
Microsoft Office Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27748 |
VULNEREBILITY |
Microsoft Office Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27749 |
VULNEREBILITY |
Microsoft Office Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-29791 |
VULNEREBILITY |
Microsoft Excel Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-26670 |
VULNEREBILITY |
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-26663 |
VULNEREBILITY |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27482 |
VULNEREBILITY |
Windows Remote Desktop Services Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27480 |
VULNEREBILITY |
Windows Remote Desktop Services Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-29809 |
VULNEREBILITY |
Windows Kerberos Security Feature Bypass Vulnerability | |
| 9.4.25 | CVE-2025-29824 |
VULNEREBILITY |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| 9.4.25 | CVE-2025-30406 |
VULNEREBILITY |
Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability | |
| 9.4.25 | CVE-2025-29824 |
VULNEREBILITY |
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability | |
| 9.4.25 | CVE-2025-29824 |
VULNEREBILITY |
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |
| 9.4.25 | VibeScamming | PHISHING | AI | VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side |
| 9.4.25 | TCESB | MALWARE | Rootkit | How ToddyCat tried to hide behind AV software |
| 9.4.25 | CVE-2024-48887 |
VULNEREBILITY |
Unverified password change via set_password endpoint | |
| 9.4.25 | AWS SSM Agent's Plugin ID Validation |
VULNEREBILITY |
Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation | |
| 9.4.25 | ClipBanker | MALWARE | Trojan | Attackers distributing a miner and the ClipBanker Trojan via SourceForge |
| 8.4.25 | ZDI-25-206 |
ZERO-DAY |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability | |
| 8.4.25 | ZDI-25-205 |
ZERO-DAY |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability | |
| 8.4.25 | ZDI-25-204 |
ZERO-DAY |
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | |
| 8.4.25 | ZDI-25-203 |
ZERO-DAY |
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability | |
| 8.4.25 | ZDI-25-202 |
ZERO-DAY |
Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability | |
| 8.4.25 | ZDI-25-201 |
ZERO-DAY |
Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability | |
| 8.4.25 | ZDI-25-200 |
ZERO-DAY |
Exim Use-After-Free Local Privilege Escalation Vulnerability | |
| 8.4.25 | Цільова шпигунська активність UAC-0226 у відношенні осередків інновацій, державних і правоохоронних органів з використанням стілеру GIFTEDCROOK (CERT-UA#14303) | BATTLEFIELD UKRAINE | BATTLEFIELD UKRAINE | Урядовою командою реагування на комп'ютерні надзвичайні події України CERT-UA, починаючи з лютого 2025 року, відстежується цільова активність, яка здійснюється з метою шпигунства у відношенні осередків розвитку інновацій у військовій сфері, військових формувань, правоохоронних органів України та органів місцевого самоврядування, особливо тих, що розташовані вздовж східного кордону країни. |
| 8.4.25 | CVE-2025-31161 |
VULNEREBILITY |
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." | |
| 8.4.25 | CVE-2024-53150 |
VULNEREBILITY |
(CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure | |
| 8.4.25 | CVE-2024-53197 |
VULNEREBILITY |
(CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel | |
|
6.4.25 |
PoisonSeed Campaign | CAMPAIGN | SPAM | PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation |
|
6.4.25 |
VULNEREBILITY |
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. |
||
|
6.4.25 |
MALWARE |
Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.” |
||
|
6.4.25 |
VULNEREBILITY |
(CVSS score: 7.8) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability |
||
|
6.4.25 |
VULNEREBILITY |
(CVSS score: 6.5) - Microsoft Windows File Explorer Spoofing Vulnerability |
||
|
5.4.25 |
VULNEREBILITY |
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18 |
||
|
5.4.25 |
Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions |
ALERT |
PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. |
|
|
4.4.25 |
CVE-2024-54085 - AMI MegaRAC BMC authentication bypass vulnerability |
CVE-2024-54085 is a critical (CVSS score 10.0) authentication bypass vulnerability affecting AMI MegaRAC Baseboard Management Controller (BMC) which is a remote server management platform. |
||
|
4.4.25 |
Lockbit 4.0 is the most recent iteration of the infamous ransomware attributed to the threat actor called Syrphid. The ransomware is operated based on a Ransomware-as-a-Service (RaaS) model with various affiliates carrying out the attacks and often employing different tactics, techniques, and procedures (TTPs). |
|||
|
4.4.25 |
A new credit card skimming campaign dubbed RolandSkimmer has been reported by the researchers from Fortinet. The attack starts with .zip archives containing malicious .lnk files being delivered to the intended victims. |
|||
|
4.4.25 |
A high severity CVE (CVSS: 9.8), CVE-2024-4577, has recently been disclosed to be in use in an active malware campaign targeting companies within the APJ region. |
|||
|
4.4.25 |
Latest Gootloader variant has been observed to abuse Google Ads platform for distribution. The malware has been leveraging malvertisements directed at users searching for various legal templates such as NDA agreements, etc. |
|||
|
4.4.25 |
CrazyHunter is a new Go-based ransomware variant based on the open-source Prince encryptor malware family. The malware encrypts user data and drops ransom note in form of a text file called "Decryption Instructions.txt". This note is written in identical format as the one observed from older Prince ransomware variant deployments. |
|||
|
4.4.25 |
ZERO-DAY |
Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability |
||
|
4.4.25 |
ZERO-DAY |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
||
|
4.4.25 |
ZERO-DAY |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
||
|
4.4.25 |
GROUP |
Bulletproof Hosting Networks and Proton66 |
||
|
4.4.25 |
UAC-0219: кібершпигунство з використанням PowerShell-стілеру WRECKSTEEL (CERT-UA#14283) |
BATTLEFIELD UKRAINE |
Урядовою командою реагування на комп'ютерні надзвичайні події України CERT-UA вживаються системні заходи щодо накопичення та проведення аналізу даних про кіберінциденти з метою надання актуальної інформації про кіберзагрози. |
|
|
4.4.25 |
CRYPTOCURRENCY |
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic |
||
|
4.4.25 |
VULNEREBILITY |
April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457) |
||
|
4.4.25 |
VULNEREBILITY |
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. |
||
|
4.4.25 |
PHaaS |
During our investigation into the RaccoonO365 Phishing-as-a-Service operation, we uncovered a sandbox report revealing a script embedded in an HTML page associated with a RaccoonO365 phishing link. |
||
|
3.4.25 |
Lately, Symantec has observed phish runs targeting users of Monex Securities (マネックス証券), one of the Japan's leading online securities company through the merger of Monex, Inc. and Nikko Beans, Inc. The company offers individual investors with different financial services. |
|||
|
3.4.25 |
DarkCloud Stealer via TAR archives in Multi-Sector Spanish Campaign |
A company in Spain that specializes in mountain and skiing equipment is being spoofed in an email campaign. The actors behind this attack are targeting Spanish companies and local offices of international organizations. |
||
|
3.4.25 |
CVE-2024-20439 - Cisco Smart Licensing Utility static credential vulnerability |
CVE-2024-20439 is a static credential vulnerability (CVSS score 9.8) affecting Cisco Smart Licensing Utility. If successfully exploited, the flaw could allow attackers to gain administrative privileges for the application's API. |
||
|
3.4.25 |
A new campaign distributing cryptomining malware dubbed CPU_HU has been reported in the wild. |
|||
|
3.4.25 |
Salvador Stealer is a newly discovered Android malware variant. The infostealer is spread under the disguise of legitimate mobile banking apps. |
|||
|
3.4.25 |
Konni RAT is a well known remote access trojan (RAT) variant active on the threat landscape for several years. The malware has the functionality to exfiltrate sensitive data from compromised machines, achieve persistence on the infected endpoints and execute remote commands received from attackers. |
|||
|
3.4.25 |
CVE-2024-48248 - NAKIVO Backup and Replication absolute path traversal vulnerability |
CVE-2024-48248 is a recently identified absolute path traversal vulnerability (CVSS score 8.6) affecting NAKIVO Backup and Replication solution. If successfully exploited, the flaw might enable unauthenticated attackers to read arbitrary files on the target hosts leading to sensitive information exposure. |
||
|
3.4.25 |
VULNEREBILITY |
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. |
||
|
3.4.25 |
Skimming |
Stripe API Skimming Campaign: Additional Victims and Insights |
||
|
3.4.25 |
VULNEREBILITY |
ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run |
||
|
2.4.25 |
Masslogger Bank-Themed Phishing Primarily Targets Romania, With Broader European Reach |
Symantec has observed a Masslogger campaign primarily targeting organizations in Romania, where attackers are impersonating a Romanian bank. In addition to Romanian entities, the campaign has also impacted organizations in several other countries across Europe and beyond. |
||
|
2.4.25 |
TsarBot is a new Android banking trojan reported to be targeting over 750 different banking, financial and cryptocurrency-related applications. |
|||
|
2.4.25 |
ZERO-DAY |
Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
||
|
2.4.25 |
ZERO-DAY |
Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
||
|
2.4.25 |
ZERO-DAY |
Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability |
||
|
2.4.25 |
ZERO-DAY |
Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
||
|
2.4.25 |
ZERO-DAY |
Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
||
|
2.4.25 |
ZERO-DAY |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
||
|
2.4.25 |
ZERO-DAY |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
||
|
2.4.25 |
ZERO-DAY |
Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability |
||
|
2.4.25 |
ZERO-DAY |
Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
||
|
2.4.25 |
CRYPTOCURRENCY |
CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims |
||
|
2.4.25 |
Linux |
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective |
||
|
2.4.25 |
Loader |
Analyzing New HijackLoader Evasion Tactics |
||
|
2.4.25 |
Backdoor |
The Savage Ladybug , also known as FIN7, has developed a new, mildly obfuscated Python-based backdoor called Anubis Backdoor . This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine. |
||
|
2.4.25 |
Platform |
Lucid is a sophisticated Phishing-as-a-Service (PhAAS) platform operated by Chinese-speaking threat actors, targeting 169 entities across 88 countries globally. With 129 active instances and 1000+ registered domains, Lucid ranks among prominent PhAAS platforms, alongside Darcula and Lighthouse |
||
|
1.4.25 |
Backdoor |
To achieve persistence on infected systems, Water Gamayun employs two distinct backdoors in their campaigns. In earlier campaigns with encrypthub[.]net/org, they utilized the SilentPrism backdoor, a tool designed for stealthy access and control. In their latest campaign, we identified a new backdoor, which we have named DarkWisp. |
||
|
1.4.25 |
Loader |
The MSC EvilTwin loader represents a novel approach (CVE-2025-26633) to malware deployment by leveraging specially crafted Microsoft Saved Console (.msc) files. The MSC EvilTwin loader creates two directories: C:\Windows \System32<space>\ and C:\Windows<space>\System32\en-US. |
||
|
1.4.25 |
Backdoor |
SilentPrism is a backdoor malware designed to achieve persistence, dynamically execute shell commands, and maintain unauthorized remote control of compromised systems. |
||
|
1.4.25 |
Stealer |
On July 26, 2024, security researcher Germán Fernández tweeted about a fake WinRAR website distributing various types of malwares, including stealers, miners, hidden virtual network computing (hVNC), and ransomware, as shown. These malicious tools were hosted on a GitHub repository named "encrypthub," managed by a user called "sap3r-encrypthub" |
||
|
1.4.25 |
SnakeKeylogger is an info-stealer malware that harvests credentials and other sensitive data. It targets a wide range of applications such as web browsers like Google Chrome, Mozilla Firefox, and email clients such as Microsoft Outlook and Thunderbird. |
|||
|
1.4.25 |
Crocodilus is a new mobile banking trojan variant identified recently on the threat landscape. The malware has extensive remote control and infostealing functionalities, allowing the attackers for application overlay attacks, remote access to the compromised devices, theft of credentials/data stored on the mobile device, keylogging and execution of commands received from C2 servers, among others. |
|||
|
1.4.25 |
CoffeeLoader is a new sophisticated malware loader designed to implement secondary payloads while evading detection. This loader leverages a packer that executes code on a system’s GPU. CoffeeLoader can establish persistence via the Windows Task Schedule and can maintain persistence via a scheduled task with a hard-coded name. |
|||
|
1.4.25 |
MassLogger Targets Businesses Worldwide via Procurement-themed Phishing |
MassLogger, an information-stealing malware designed to capture credentials, keystrokes, and clipboard data from victims, has been gaining prevalence in the threat landscape, with campaigns of various sizes and victimology observed worldwide. |
||
|
1.4.25 |
CyberSpionage |
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques |
||
|
1.4.25 |
VULNEREBILITY |
(CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges |
||
|
1.4.25 |
VULNEREBILITY |
(CVSS score: 4.6) - An authorization issue in the Accessibility component that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack |
||
|
1.4.25 |
VULNEREBILITY |
(CVSS score: 8.8) - An out-of-bounds write issue in the WebKit component that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox |