2025 January(141) February(191) March(268) April(349) May(260) June(502) July(272) August(0) September(0) THREATS YEARS
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
20.7.25 | CVE-2025-49706 | Microsoft SharePoint Server Spoofing Vulnerability | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2025-53770 | Microsoft SharePoint Server Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2025-54309 | CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. | VULNEREBILITY | VULNEREBILITY |
20.7.25 |
RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Provide |
Between December 2024 and January 2025, Recorded Future’s
Insikt Group identified a campaign exploiting unpatched internet-facing Cisco network devices primarily associated with global telecommunications providers. |
REPORT | REPORT |
20.7.25 | AUTHENTIC ANTI | Highly targeted credential and OAuth 2.0 tokenstealing malware targeting Outlook. | MALWARE | STEALING |
20.7.25 | CVE-2025-54309 | CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | PHOBOS ANTI-RANSOM TOOL | Phobos Decryptor is designed to decrypt files encrypted by Phobos Ransom. | Anti-Ransom Tool | Anti-Ransom Tool |
20.7.25 | CVE-2025-48927 | The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2025-41236 | VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. Nguyen Hoang Thach of STARLabs SG used this flaw at Pwn2Own. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2025-41237 | VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. This flaw was used by Corentin BAYET of REverse Tactics at Pwn2Own. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2025-41238 | VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write | VULNEREBILITY | VULNEREBILITY |
20.7.25 | Matanbuchus 3.0 | From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up | PAPERS | PAPERS |
20.7.25 | Matanbuchus | Matanbuchus: Malware-as-a-Service with Demonic Intentions | MALWARE | MaaS |
20.7.25 | CVE-2023-20273 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2023-20198 | Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2018-0171 | A critical flaw in Cisco IOS and IOS XE Smart Install that allows remote code execution via specially crafted TCP packets. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2023-20198 | A zero-day affecting Cisco IOS XE web UI that permits unauthenticated remote access to devices. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2023-20273 | A privilege escalation flaw also targeting IOS XE that allows hackers to execute commands as root. This flaw has been seen chained with CVE-2023-20198 to maintain persistence. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2024-3400 | A command injection vulnerability in Palo Alto Networks' PAN-OS GlobalProtect, which allows unauthenticated attackers to execute commands on devices. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2021-20038 | A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2024-38475 | Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2021-20035 | Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2021-20039 | Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | VULNEREBILITY | VULNEREBILITY |
20.7.25 | CVE-2025-32819 | A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | VULNEREBILITY | VULNEREBILITY |
19.7.25 | Lumma Stealer infection with SecTop RAT | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. | MALWARE TRAFFIC | MALWARE TRAFFIC |
19.7.25 | Koi Loader/Koi Stealer infection | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. | MALWARE TRAFFIC | MALWARE TRAFFIC |
19.7.25 | Lumma Stealer infection with follow-up Rsockstun malware | Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. | MALWARE TRAFFIC | MALWARE TRAFFIC |
19.7.25 | APT PROFILE – FANCY BEAR | Fancy Bear, also known as APT28, is a notorious Russian cyberespionage group with a long history of targeting governments, military entities, and other high-value | GROUP | APT |
19.7.25 | CVE‑2025‑5777 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | VULNEREBILITY | VULNEREBILITY |
19.7.25 | MFSocket | Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico | MALWARE | TOOL |
19.7.25 | UNG0002 | UNG0002: Regional Threat Operations Tracked Across Multiple Asian Jurisdictions | GROUP | APT |
19.7.25 | DslogdRAT | DslogdRAT Malware Installed in Ivanti Connect Secure | MALWARE | RAT |
19.7.25 | SPAWNCHIMERA | SPAWNCHIMERA Malware: The Chimera Spawning from Ivanti Connect Secure Vulnerability | MALWARE | |
19.7.25 | CVE-2025-0282 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | VULNEREBILITY | VULNEREBILITY |
19.7.25 | CVE-2025-22457 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. | VULNEREBILITY | VULNEREBILITY |
19.7.25 | MDifyLoader | Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities | MALWARE | LOADER |
18.7.25 |
CVE-2025-7029 | bug in an SMI handler (OverClockSmiHandler) that can lead to SMM privilege escalation | VULNEREBILITY | VULNEREBILITY |
18.7.25 |
CVE-2025-7028 | bug in an SMI handler (SmiFlash) gives read/write access to the System Management RAM (SMRAM), which can lead to malware installation | VULNEREBILITY | VULNEREBILITY |
18.7.25 |
CVE-2025-7027 | can lead to SMM privilege escalation and modifying the firmware by writing arbitrary content to SMRAM | VULNEREBILITY | VULNEREBILITY |
18.7.25 |
CVE-2025-7026 | allows arbitrary writes to SMRAM and can lead to privilege escalation to SMM and persistent firmware compromise | VULNEREBILITY | VULNEREBILITY |
18.7.25 |
ZDI-25-620 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-619 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-618 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-617 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-616 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-615 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-614 |
Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-613 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-612 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-611 |
VMware ESXi VMCI Uninitialized Memory Information Disclosure Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-610 |
Linux Kernel ksmbd destroy_previous_session Null Pointer Dereference Denial-of-Service Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-609 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-608 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-607 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-606 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-605 |
Cisco Identity Services Engine IpAccessFilter Direct Request Authentication Bypass Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-604 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-603 |
Autodesk Revit RTE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-602 |
ZERO-DAY |
||
18.7.25 |
ZDI-25-601 |
(Pwn2Own) Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-600 |
(Pwn2Own) Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-599 |
Oracle VirtualBox LSILogic Uninitialized Memory Information Disclosure Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-598 |
Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-597 |
Autodesk Revit RFA File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-596 |
Autodesk Revit RTE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-595 |
Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-594 |
Autodesk Revit RFA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
18.7.25 |
ZDI-25-593 |
Autodesk Revit RVT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
18.7.25 | SMM callout vulnerabilities identified in Gigabyte UEFI firmware modules | System Management Mode (SMM) callout vulnerabilities have been identified in UEFI modules present in Gigabyte firmware. An attacker could exploit one or more of these vulnerabilities to elevate privileges and execute arbitrary code in the SMM environment of a UEFI-supported processor. | ALERT | ALERT |
18.7.25 | Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain multiple vulnerabilities | Multiple vulnerabilities have been identified in Ruckus Wireless management products, specifically Virtual SmartZone (vSZ) and Network Director (RND), including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution. | ALERT | ALERT |
18.7.25 | CVE-2025-23266 | NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. | VULNEREBILITY | VULNEREBILITY |
18.7.25 | Кібератаки UAC-0001 на сектор безпеки та оборони із застосуванням програмного засобу LAMEHUG, що використовує LLM (велику мовну модель) (CERT-UA#16039) | Національною командою реагування на кіберінциденти, кібератаки, кіберзагрози CERT-UA 10.07.2025 отримано інформацію щодо розповсюдження серед органів виконавчої влади, начебто від імені представника профільного міністерства, електронних листів із вкладенням у вигляді файлу "Додаток.pdf.zip". | BATTLEFIELD UKRAINE | BATTLEFIELD UKRAINE |
18.7.25 | BadBox 2.0 | Recently, our researchers partnered with HUMAN Security and Trend Micro to uncover BadBox 2.0, the largest known botnet of internet-connected TVs. Building on our previous actions to stop these cybercriminals, we filed a lawsuit in New York federal court against the botnet’s perpetrators. | BOTNET | BOTNET |
18.7.25 | H2miner | The identified samples are associated with prior H2miner campaigns that we documented in 2020 and have since been updated with new configurations. H2Miner is a Crypto mining botnet that has been active since late 2019. | MALWARE | CRYPTOCURRENCY |
18.7.25 | SquidLoader | Threat Analysis: SquidLoader - Still Swimming Under the Radar | MALWARE | Loader |
18.7.25 | CVE-2021-41773 | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. | VULNEREBILITY | VULNEREBILITY |
18.7.25 | Emmenhtal | MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities | MALWARE | Loader |
18.7.25 | Linuxsys | VulnCheck observed exploitation of CVE-2021-41773 in the wild. This, in itself, is hardly noteworthy. The vulnerability was an inaugural member of both the CISA KEV and VulnCheck KEV. | MALWARE | CRYPTOCURRENCY |
17.7.25 | Emmenhtal leveraged by MaaS operators in recent campaigns | In a recent report published by Cisco Talos, researchers highlighted recent campaigns that used Emmenhtal to deliver various payloads. One campaign included the Emmenhtal loader contained within a phishing mail archive attachment, while another hosted Emmenhtal on various GitHub repositories to deliver the Amadey payload. | CAMPAIGN | |
17.7.25 | New wave of Tech Support Scams exploits legitimate chat platforms and uses brand impersonation | Tech/Fund Support scam techniques are continuously evolving to appear more legitimate. Previously, scammers included phone numbers in phishing emails, relying on victims to initiate contact. | SPAM | |
17.7.25 | DeadLock Ransomware | Another ransomware actor known as "DeadLock" has been observed making the rounds. Upon successful compromise, encrypted files are appended with a .dlock extension. At this time, it is unconfirmed whether the actor engages in double-extortion tactics (i.e., threatening to sell data if the ransom is not paid). | RANSOM | |
17.7.25 | XWorm disguised as Epstein Files | Amid renewed public interest in the Epstein case and debates around the release of related files, cybercriminals are leveraging this topical news for social engineering lures. One actor has been observed spreading XWorm, a known commodity malware often sold on Telegram channels and underground forums, disguised as fake Epstein files (Epstein files2.exe). | ALERTS | VIRUS |
17.7.25 | Many branches in the AsyncRAT tree | A recently published report highlights the extensive branching of derivative RATs traceable to AsyncRAT. AsyncRAT is a highly modular Remote Access Trojan that fundamentally allows an attacker to control a compromised system. | VIRUS | |
17.7.25 | Octalyn Stealer Targets Crypto, VPNs, and Browser Data via Deceptive Forensic Toolkit | Octalyn Stealer is a sophisticated new malware masquerading as a legitimate forensic toolkit on GitHub. Designed for large-scale data theft and exfiltration, it illicitly targets sensitive user data, including VPN configurations, browser credentials (passwords, cookies, auto-fill, browsing history), and critical cryptocurrency wallet information for Bitcoin, Ethereum, Litecoin, and Monero. | VIRUS | |
17.7.25 | Konfety mobile malware | Konfety is a mobile malware variant identified in a recent distribution campaign. The malware employs an unique technique of malforming the file ZIP structure in an effort to avoid detection and forensic analysis. | ALERTS | VIRUS |
17.7.25 | CVE-2025-52488 - DNN platform vulnerability | CVE-2025-52488 is a recently disclosed vulnerability affecting DNN Platform, which is an open-source web content management system (CMS) based on the .NET Framework. | VULNEREBILITY | |
17.7.25 | New mobile crypto-stealing malware SparkKitty | A new mobile crypto-stealing malware, SparkKitty, has infiltrated Android and iOS devices via Google Play and the Apple App Store. | VIRUS | |
17.7.25 | WeevilProxy malware targets cryptocurrency users | WeevilProxy is a new malware variant observed to be targeting prevalently cryptocurrency users. The campaigns' main propagation relies on arbitrary advertising campaigns via Google ads or miscellaneous social networks. | CRYPTOCURRENCY | |
17.7.25 | Global - a new BlackLock ransomware variant | Global is a new ransomware variant believed to be a rebrand of the BlackLock ransomware strain. According to the report published by the EclecticIQ researchers, the malware is sold as part of a Ransomware-as-a-Service (RaaS) offering by the threat actors previously associated with an older ransomware family known as Mamona. | ALERTS | RANSOM |
17.7.25 | Interlock RAT via FileFix scheme | A newly observed Interlock RAT variant is being delivered through PHP scripts, marking a shift from previous JavaScript-based methods. | VIRUS | |
17.7.25 | New variant of macOS malware ZuRu observed in the wild | Researchers have observed a new macOS-based ZuRu malware variant being spread in the wild. The malware is distributed via trojanized macOS application bundles and it is leveraging the open-source Khepri framework for performing post-infection activities. | VIRUS | |
17.7.25 | Web Injection Campaign: JSFireTruck | Palo Alto Networks Unit 42 has uncovered a large-scale campaign, dubbed JSFireTruck, that injects heavily obfuscated JavaScript into legitimate websites. | HACKING | |
17.7.25 | Amos Stealer Adds Backdoor | In a significant shift, researchers have observed that Atomic macOS Stealer (AMOS) has added a persistent backdoor to its payload, enabling long-term remote access to infected Macs. | VIRUS | |
17.7.25 | Sainbox RAT delivered via fake software installers | A new campaign delivering a variant of Gh0stRAT dubbed Sainbox RAT via fake software installers have been reported in the wild. The attackers masquerade the malware binaries as apps well known in China such as DeepSeek, Sogou or WPS Office. | CAMPAIGN | |
17.7.25 | Cloudflare temporary tunnels used to serve up payloads | A recently observed campaign leverages legitimate cloud services like TryCloudflare to host and deliver highly evasive RATs such as AsyncRAT, XWorm, VenomRAT, and Remcos. | CAMPAIGN | |
17.7.25 | SafePay ransomware | SafePay is a ransomware variant initially discovered back last year. Over the time the attackers behind this strain have been reported to compromise over 200 victims across various sectors. | RANSOM | |
17.7.25 | Mobile Threat: Qwizzserial | In mid-2025, researchers observed a sharp rise in Qwizzserial, a newly discovered Android malware designed to steal banking credentials and intercept SMS-based two-factor authentication codes. | VIRUS | |
17.7.25 | CVE-2025-20337 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. | VULNEREBILITY | VULNEREBILITY |
17.7.25 | CVE-2025-20281 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root | VULNEREBILITY | VULNEREBILITY |
17.7.25 | CVE-2025-6558 | Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | VULNEREBILITY | VULNEREBILITY |
17.7.25 | CVE-2025-6965 | There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. | VULNEREBILITY | VULNEREBILITY |
16.7.25 | GLOBAL GROUP | GLOBAL GROUP: Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates | GROUP | RANSOMWARE |
16.7.25 | Hyper-Volumetric DDoS Attacks | Hyper-volumetric DDoS attacks skyrocket: Cloudflare’s 2025 Q2 DDoS threat report | ATTACK | ATTACK |
16.7.25 | HazyBeacon | Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication | MALWARE | BACKDOOR |
16.7.25 | KongTuke | Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). | MALWARE | RAT |
13.7.25 | Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability | VULNEREBILITY | VULNEREBILITY | |
12.7.25 | CVE-2025-5959 | (high-severity, 8.8 score) – type confusion bug in the V8 JavaScript and WebAssembly engine allows remote code execution inside a sandbox via a crafted HTML page | VULNEREBILITY | VULNEREBILITY |
12.7.25 | CVE-2025-6554 | (high-severity, 8.1 score) – type confusion in V8 enables attackers to perform arbitrary memory read/write through a malicious HTML page | VULNEREBILITY | VULNEREBILITY |
12.7.25 | CVE-2025-6191 | (high-severity, 8.8 score) – integer overflow in V8 allows out-of-bounds memory access, potentially leading to code execution | VULNEREBILITY | VULNEREBILITY |
12.7.25 | CVE-2025-6192 | (high-severity, 8.8 score) – use-after-free vulnerability in Chrome's Metrics component could cause heap corruption exploitable via crafted HTML | VULNEREBILITY | VULNEREBILITY |
12.7.25 | GPUHammer: Rowhammer Attacks on GPU Memories are Practic | Rowhammer is a read disturbance vulnerability in modernDRAM that causes bit-flips, compromising security and reliability. While extensively studied on Intel and AMD CPUs with DDR and LPDDR memories, its impact on GPUs using GDDR memories, critical for emerging machine learning applications, remains unexplored | PAPERS | PAPERS |
12.7.25 | GPUHammer | GPUHammer: Rowhammer Attacks on GPU Memories are Practical# | ATTACK | GPU |
12.7.25 | CVE-2025-47812 – Wing FTP Server vulnerability exploited in the wild | CVE-2025-47812 is a recently disclosed Remote Code Execution (RCE) vulnerability affecting Wing FTP Server, which is a cross-platform file transfer software. | ALERTS | VULNEREBILITY |
12.7.25 | New Pay2Key ransomware campaign leverages I2P network | A ransomware-as-a-service (RaaS) operation distributing a new variant of the Pay2Key malware has been reported in the wild. Dubbed as Pay2Key.I2P the campaign has been linked to the activities of the Fox Kitten APT group. | RANSOM | |
12.7.25 | Malicious scripts lead to XWorm RAT | Campaigns distributing the XWorm remote access trojan often leverage various scripting languages. The most frequently observed malicious scripts include batch files, and those written in Visual Basic, JavaScript, and PowerShell. | VIRUS | |
12.7.25 | Phishing Campaign Masquerades as "Ordre des Experts-Comptables" Document | Symantec has observed a phishing campaign leveraging a deceptive HTML attachment disguised as an official document from l’Ordre des Experts-Comptables, the French national order of chartered accountants. | CAMPAIGN | |
12.7.25 | ZDI-25-592 | Delta Electronics DTM Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
12.7.25 | ZDI-25-591 | G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
12.7.25 | ZDI-25-590 | Trend Micro Worry-Free Business Security Missing Authentication Vulnerability |
ZERO-DAY |
|
12.7.25 | ZDI-25-589 | Trend Micro Cleaner One Pro Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
12.7.25 | ZDI-25-588 | Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
12.7.25 | TapTrap: Animation-Driven Tapjacking on Android | Users interact with mobile devices under the assumption that the graphical user interface (GUI) accurately reflects their actions, a trust fundamental to the user experience. | PAPERS | PAPERS |
11.7.25 | CVE-2025-25257 | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. | VULNEREBILITY | VULNEREBILITY |
11.7.25 | CVE-2024-45434 | Use-After-Free in AVRCP service | VULNEREBILITY | VULNEREBILITY |
11.7.25 | CVE-2024-45431 | Improper validation of an L2CAP channel's remote CID | VULNEREBILITY | VULNEREBILITY |
11.7.25 | CVE-2024-45433 | Incorrect function termination in RFCOMM | VULNEREBILITY | VULNEREBILITY |
11.7.25 | CVE-2024-45432 | Function call with incorrect parameter in RFCOMM | VULNEREBILITY | VULNEREBILITY |
11.7.25 | CVE-2025-47812 | In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. | VULNEREBILITY | VULNEREBILITY |
11.7.25 | CVE-2025-5777 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | VULNEREBILITY | VULNEREBILITY |
11.7.25 | CVE-2025-6514 | Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients | VULNEREBILITY | VULNEREBILITY |
11.7.25 | PerfektBlue | PerfektBlue is the industry-wide critical over-the-air attack chain affecting millions of devices in automotive and other industries. | ATTACK | bluetooth |
10.7.25 | macOS.ZuRu | macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App | MALWARE | MacOS |
10.7.25 | CVE-2024-36349 | (CVSS score: 3.8) - A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage | VULNEREBILITY | VULNEREBILITY |
10.7.25 | CVE-2024-36348 | (CVSS score: 3.8) - A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP[3] feature is enabled, potentially resulting in information leakage | VULNEREBILITY | VULNEREBILITY |
10.7.25 | CVE-2024-36357 | (CVSS score: 5.6) - A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries | VULNEREBILITY | VULNEREBILITY |
10.7.25 | CVE-2024-36350 | (CVSS score: 5.6) - A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information | VULNEREBILITY | VULNEREBILITY |
10.7.25 | AMD Transient Scheduler Attacks | AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft® report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks”. | ATTACK | CPU |
10.7.25 | CVE-2025-3648 | CVE-2025-3648 - Data Inference in Now Platform via Conditional ACLs | VULNEREBILITY | VULNEREBILITY |
9.7.25 | ZDI-25-587 | Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-586 | Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-585 | Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-584 | Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-583 | Microsoft Windows Startup Folder SmartScreen Bypass Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-582 | (Pwn2Own) Microsoft SharePoint DataSetSurrogateSelector Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-581 | (Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-580 | Microsoft PC Manager Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-579 | Microsoft Windows win32kfull Integer Overflow Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-578 | Microsoft Windows AppX Deployment Service Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-577 | Siemens SINEC NMS uploadFWBinary Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-576 | Siemens SINEC NMS unZipJarFilestoLocation Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-575 | Siemens SINEC NMS reqToChangePassword Authentication Bypass Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-574 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-573 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-572 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-571 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-570 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-569 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-568 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-567 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-566 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-565 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-564 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-563 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-562 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-561 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-560 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-559 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-558 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-557 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-556 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-555 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-554 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-553 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-552 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-551 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-550 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-549 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-548 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-547 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-546 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-545 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-543 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-542 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-541 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-540 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-539 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-538 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-537 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-536 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-535 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-534 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-533 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-532 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-531 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-530 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-529 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-528 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-527 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-526 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-525 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-524 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-523 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-522 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-521 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-520 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-519 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-518 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-517 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-516 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-515 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-514 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-513 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-512 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-511 | IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-510 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-509 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-508 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-507 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-506 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-505 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-504 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-503 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-502 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-501 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-500 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-499 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-498 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-497 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-496 | IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-495 | IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-494 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-493 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-492 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-491 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-490 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-489 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-488 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-487 | IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-486 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-485 | IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-484 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-483 | IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-482 | (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-481 | (0Day) INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-480 | (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-479 | (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-478 | (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-477 | (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-476 | (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-475 | (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-474 | (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
9.7.25 | ZDI-25-473 | Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
9.7.25 | NordDragonScan infostealer | NordDragonScan is a new Windows-based infostealing malware variant identified by the researchers from Fortinet. Recently observed campaigns leverage malicious .HTA files in order to deliver infostealing payload to the intended victims. | ALERTS | VIRUS |
9.7.25 | RondoDox botnet | RondoDox is new botnet identified recently by the researchers from Fortinet. RondoDox has been reported to leverage two high severity vulnerabilities for spreading: CVE-2024-3721 and CVE-2024-12856. | BOTNET | |
9.7.25 | Datebug APT attacks against BOSS Linux systems | Datebug threat group (also known as APT36 or Transparent Tribe) has been reported to conduct a new campaign targeting the BOSS Linux systems. | APT | |
9.7.25 | NimDoor - a Nim-based malware for macOS | NimDoor is a newly identified macOS malware variant for the macOS platform. Compiled in the Nim programming language, the malware targets Web3 and Cryptocurrency-related platforms. The attackers leverage social engineering tactics to approach their victims. | VIRUS | |
9.7.25 | SHELLTER | Taking SHELLTER: a commercial evasion framework abused in- the- wild | MALWARE | INFOSTEALER |
9.7.25 | Anatsa | Anatsa Targets North America; Uses Proven Mobile Campaign Process | MALWARE | Mobil |
8.7.25 | NordDragonScan | NordDragonScan: Quiet Data-Harvester on Windows | MALWARE | INFOSTEALER |
8.7.25 | CVE-2024-12856 | The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. | VULNEREBILITY | VULNEREBILITY |
8.7.25 | CVE-2024-3721 | A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. | VULNEREBILITY | VULNEREBILITY |
8.7.25 | RondoDox | RondoDox Unveiled: Breaking Down a New Botnet Threat | BOTNET | BOTNET |
8.7.25 | Batavia | Batavia spyware steals data from Russian organizations | MALWARE | SPYWARE |
8.7.25 | CVE-2019-9621 | (CVSS score: 7.5) - A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could result in unauthorized access to internal resources and remote code execution | VULNEREBILITY | VULNEREBILITY |
8.7.25 | CVE-2019-5418 | (CVSS score: 7.5) - A path traversal vulnerability in Ruby on Rails' Action View that could cause contents of arbitrary files on the target system's file system to be exposed | VULNEREBILITY | VULNEREBILITY |
8.7.25 | CVE-2016-10033 | (CVSS score: 9.8) - A command injection vulnerability in PHPMailer that could allow an attacker to execute arbitrary code within the context of the application or result in a denial-of-service (DoS) condition | VULNEREBILITY | VULNEREBILITY |
8.7.25 | CVE-2014-3931 | (CVSS score: 9.8) - A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory write and memory corruption | VULNEREBILITY | VULNEREBILITY |
8.7.25 | DRAT V2 | DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal | MALWARE | RAT |
6.7.25 | Malicious Abuse of ConnectWise (ScreenConnect) | Over the past several months, we have observed a sharp increase in the malicious use of the popular Remote Monitoring and Management (RMM) tool ConnectWise by ransomware operators, Initial Access Brokers, APTs, and other eCrime actors. | ALERTS | APT |
6.7.25 | Remcos malspam campaign starts with a tar archive | A recently observed Remcos campaign began with a malicious email containing a .tar archive attachment. The archive contains a .lnk file which launches PowerShell to download the Remcos payload. | CAMPAIGN | |
6.7.25 | Janela RAT delivered in a recent campaign | Janela RAT (Remote Access Trojan) is a modified variant of a malware known as BX RAT. Janela RAT has been previously seen spread in campaigns targeting banking users from the LATAM region. | VIRUS | |
6.7.25 | Blackmoon’s expanding arsenal | The Blackmoon banking trojan, known for targeting users of online financial services, particularly in South Korea, has evolved into a more deceptive and multi-functional threat. | VIRUS | |
6.7.25 | DEVMAN - a new DragonForce ransomware variant | DEVMAN is a new customized ransomware variant from the DragonForce malware family. The malware encrypts data and appends .DEVMAN extension to locked files. | RANSOM | |
6.7.25 | GIFTEDCROOK malware upgraded for document theft via Telegram | An enhanced version of the GIFTEDCROOK malware, operated by the UAC-0226 threat group has been reported, marking a significant upgrade from its earlier capabilities first observed in February 2025. | VIRUS | |
5.7.25 | ZDI-25-472 | Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-471 | Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-470 | Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-469 | Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-468 | GFI Archiver Telerik Web UI Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-467 | GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | CVE-2025-20309 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, | VULNEREBILITY | VULNEREBILITY |
5.7.25 | CVE-2025-6463 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including, 1.44.2. | VULNEREBILITY | VULNEREBILITY |
5.7.25 | FileFix (Part 2) | Last week I released the FileFix attack blog post which is an alternative to the traditional ClickFix attack. This blog post explores another variation to the original FileFix attack. | ATTACK | ATTACK |
5.7.25 | Chisel | Chisel is an open-source project by Jaime Pillora (jpillora) that allows tunneling TCP and UDP connections via HTTP. It is available across platforms and written in Go. While benign in itself, Chisel has been utilized by multiple threat actors. It was for example observed by SentinelOne during a PYSA ransomware campaign to achieve persistence and used as backdoor. | MALWARE | Backdoor |
5.7.25 | CVE-2025-32462 | (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines | VULNEREBILITY | VULNEREBILITY |
5.7.25 | CVE-2025-32463 | (CVSS score: 9.3) - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option | VULNEREBILITY | VULNEREBILITY |
4.7.25 | The Continuous Evolution of Ad Fraud Exploiting App Stores as a Front | The IAS Threat Lab has uncovered "Kaleidoscope," an insidiously adaptive Android ad fraud operation that employs legitimate-looking apps hosted on Google Play as a deceptive façade, while its malicious duplicate counterparts, distributed predominantly through third-party app stores, drive fraudulent ad supply. | REPORT | REPORT |
3.7.25 | HOUKEN | SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS | REPORT | REPORT |
3.7.25 | CVE-2025-20309 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. | VULNEREBILITY | VULNEREBILITY |
3.7.25 | NimDoor | macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware | MALWARE | macOS |
2.7.25 | Braodo infostealer hosts downloaded components on GitHub | A recently observed campaign involving Braodo stealer malware leveraged GitHub to house multiple components downloaded in the attack chain. | ALERTS | VIRUS |
2.7.25 | CVE-2025-4322: WordPress Motors theme privilege escalation vulnerability | CVE-2025-4322 is a critical unauthenticated privilege escalation vulnerability (CVSS 9.8) affecting the WordPress Motors theme in versions up to 5.6.67. | VULNEREBILITY | |
2.7.25 | EmailJS and HubSpot Abused in CCMA Phishing Scheme | A new phishing campaign is circulating under the guise of a legal summons from South Africa’s Commission for Conciliation, Mediation and Arbitration (CCMA), leveraging urgency and fear to pressure recipients into action. | PHISHING | |
2.7.25 | Nebulous Mantis | (a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is a Russian-speaking cyber espionage group that has actively deployed the RomCom remote access trojan (RAT) and Hancitor loader in targeted campaigns since mid-2019. | CAMPAIGN | CAMPAIGN |
2.7.25 | TransferLoader | Zscaler ThreatLabz has identified a new malware loader that we have named TransferLoader, which has been active since at least February 2025. | MALWARE | LOADER |
2.7.25 | DAMASCENED PEACOCK | A lightweight, staged downloader targeting Windows, delivered via spear-phishing. | MALWARE | DOWNLOADER |
2.7.25 | CVE-2025-49596 | The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio | VULNEREBILITY | VULNEREBILITY |
1.7.25 | CVE-2025-6554 | Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | VULNEREBILITY | VULNEREBILITY |
1.7.25 |
Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest |
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) (hereafter referred to as the authoring agencies) strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors. | REPORT | REPORT |