January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(316) September(186) October(24) November(114) December(126)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
|
31.12.24 |
In 24, a malicious actor exploited Uzum's brand in a series of campaigns targeting mobile users in Uzbekistan. |
|||
|
31.12.24 |
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. |
VULNEREBILITY |
||
|
31.12.24 |
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. |
VULNEREBILITY |
||
|
31.12.24 |
Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration |
VULNEREBILITY |
||
|
30.12.24 |
Ficora and Capsaicin botnets leverage old vulnerabilities for distribution |
According to the researchers from Fortinet, two Linux botnet variants Ficora and Capsaicin have been distributed in recently observed campaigns. |
||
|
28.12.24 |
Skuld Infostealer malware continues to target developers via npm registry |
A malware campaign deploying the Skuld infostealer via the npm registry has been reported, targeting developers with ambiguous packages. |
||
|
28.12.24 |
Gosar is a recently identified Golang-based variant of the Quasar backdoor. |
|||
|
28.12.24 |
Latest XWorm distribution campaign targets the hospitality sector |
A new campaign distributing the XWorm commodity malware has been reported in the wild. |
||
|
28.12.24 |
Recent I2PRAT malware variant leverages anonymous peer-to-peer network communication |
The latest I2PRAT malware variant has been observed to leverage I2P anonymous peer-to-peer network for the purpose of C2 communication. |
||
|
28.12.24 |
The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. |
VULNEREBILITY |
||
|
28.12.24 |
OtterCookie, a new malware used by Contagious Interview |
JavaScript |
||
|
28.12.24 |
Cloud Atlas seen using a new tool in its attacks |
GROUP |
||
|
28.12.24 |
CVE-24-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet |
VULNEREBILITY |
||
|
28.12.24 |
Botnets Continue to Target Aging D-Link Vulnerabilities |
BOTNET |
||
|
28.12.24 |
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services |
VULNEREBILITY |
||
|
26.12.24 |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. |
VULNEREBILITY |
||
|
26.12.24 |
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", |
VULNEREBILITY |
||
|
26.12.24 |
BellaCPP: Discovering a new BellaCiao variant written in C++ |
Malware |
||
|
26.12.24 |
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. |
VULNEREBILITY |
||
|
26.12.24 |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). |
VULNEREBILITY |
||
|
26.12.24 |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. |
VULNEREBILITY |
||
|
26.12.24 |
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces |
PHAAS |
||
|
22.12.24 |
HeartCrypt was originally discovered through underground forums and reported by security researchers in February and March 24. |
Crypto |
||
|
22.12.24 |
The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD). |
RAT |
||
|
21.12.24 |
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware |
Backdoor |
||
|
21.12.24 |
On Wednesday, December 11, 24, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. |
BOTNET |
||
|
21.12.24 |
ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous external attacks. |
HACKING |
||
|
21.12.24 |
(CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 9.8) - Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 10.0) - Nice Linear eMerge E3-Series OS Command Injection Vulnerability |
VULNEREBILITY |
||
|
21.12.24 |
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 9.8) - A pre-auth SQL injection vulnerability in the email protection feature that could lead to remote code execution, |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 9.8) - A weak credentials vulnerability arising from a suggested and non-random SSH login passphrase for High Availability (HA) |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 8.8) - A post-auth code injection vulnerability in the User Portal that allows authenticated users to gain remote code execution. |
VULNEREBILITY |
||
|
21.12.24 |
(CVSS score: 8.8), an authenticated command injection flaw that has also been fixed in FortiWLM 8.6.6, to obtain remote code execution in the context of root. |
VULNEREBILITY |
||
|
21.12.24 |
[FortiWLM] Unauthenticated limited file read vulnerability |
VULNEREBILITY |
||
|
18.12.24 |
Effective Phishing Campaign Targeting European Companies and Organizations |
Phishing |
||
|
18.12.24 |
File upload logic in Apache Struts is flawed. |
VULNEREBILITY |
||
|
18.12.24 |
Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks |
APT |
||
|
18.12.24 |
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. |
VULNEREBILITY |
||
|
18.12.24 |
Sha zhu pan scam uses AI chat tool to target iPhone and Android users |
SPAM |
||
|
18.12.24 |
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion |
RAT |
||
|
18.12.24 |
Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads |
Backdoor |
||
|
17.12.24 |
Proofpoint observed advanced persistent threat (APT) TA397 targeting a Turkish defense sector organization with a lure about public infrastructure projects in Madagascar. |
GROUP |
||
|
17.12.24 |
BITTER APT Targets Chinese Government Agency |
APT |
||
|
17.12.24 |
Until 2016, the foreign security manufacturer Forcepoint disclosed the existence of the Manlinghua organization for the first time |
RAT |
||
|
17.12.24 |
Bitter Group Launches New Trojan Miyarat, Domestic Users Become Primary Ttargets |
RAT |
||
|
17.12.24 |
CoinLurker: The Stealer Powering the Next Generation of Fake Updates |
STEALER |
||
|
17.12.24 |
Careto is back: what’s new after 10 years of silence? |
APT |
||
|
17.12.24 |
(CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel (Patched by Adobe in March 24) |
CVE |
||
|
17.12.24 |
(CVSS score: 7.8) - Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges (Patched by Microsoft in June 24) |
CVE |
||
|
17.12.24 |
DrayTek Routers Exploited in Massive Ransomware Campaign: Analysis and Recommendations |
EXPLOIT |
||
|
16.12.24 |
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising |
MALWARETISING |
||
|
16.12.24 |
“A Digital Prison”: Surveillance and the suppression of civil society in Serbia |
ANDROID |
||
|
16.12.24 |
Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals |
BACKDOOR |
||
|
16.12.24 |
New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9 |
BACKDOOR |
||
|
16.12.24 |
BADBOX Botnet Is Back |
BOTNET |
||
|
14.12.24 |
New Yokai Side-loaded Backdoor Targets Thai Officials |
BACKDOOR |
||
|
14.12.24 |
NodeLoader Exposed: The Node.js Malware Evading Detection |
LOADER |
||
|
14.12.24 |
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials |
GROUP |
||
|
13.12.24 |
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. |
CVE |
||
|
13.12.24 |
Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by Iran-affiliated attackers to attack Israel- and U.S.-based OT/IoT devices. |
IoT |
||
|
13.12.24 |
PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers. |
ROOTKIT |
||
|
12.12.24 |
Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT |
ANDROID |
||
|
12.12.24 |
Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT |
ANDROID |
||
|
12.12.24 |
Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. |
APT |
||
|
12.12.24 |
Unauthorized access to iCloud: analyzing an iOS vulnerability that could expose sensitive data to attackers |
CVE |
||
|
12.12.24 |
Unauthorized Plugin Installation/Activation in Hunk Companion |
CVE |
||
|
11.12.24 |
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine |
GROUP |
||
|
11.12.24 |
Upgraded Kazuar Backdoor Offers Stealthy Power |
BACKDOOR |
||
|
11.12.24 |
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation |
HACKING |
||
|
11.12.24 |
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass |
CVE |
||
|
11.12.24 |
Inside Zloader’s Latest Trick: DNS Tunneling |
TROJAN |
||
|
11.12.24 |
Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus |
SPYWARE |
||
|
11.12.24 |
Likely China-based Attackers Target High-profile Organizations in Southeast Asia |
APT |
||
|
11.12.24 |
(CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access |
CVE |
||
|
11.12.24 |
(CVSS score: 9.1) - A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution |
CVE |
||
|
11.12.24 |
(CVSS score: 9.1) - An SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements |
CVE |
||
|
11.12.24 |
(CVSS score: 9.1) - An argument injection vulnerability in Ivanti Connect Secure before version 22.7R2.4 |
CVE |
||
|
11.12.24 |
(CVSS score: 9.1) - A command injection vulnerability in Ivanti Connect Secure before version 22.7R2.3 |
CVE |
||
|
11.12.24 |
(CVSS score: 8.8) - An insecure permissions vulnerability in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 |
CVE |
||
|
10.12.24 |
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can |
CVE |
||
|
10.12.24 |
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices |
BANKING |
||
|
10.12.24 |
Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels |
APT |
||
|
10.12.24 |
Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers |
APT |
||
|
10.12.24 |
Operation Tainted Love | Chinese APTs Target Telcos in New Attacks |
APT |
||
|
09.12.24 |
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware |
RANSOMWARE |
||
|
09.12.24 |
PROXY.AM Powered by Socks5Systemz Botnet |
BOTNET |
||
|
07.12.24 |
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows |
STEALER |
||
|
06.12.24 |
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples |
MOBILE |
||
|
06.12.24 |
Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats |
AI |
||
|
06.12.24 |
(CVSS score: 7.2) - An insufficient sanitization issue in MLflow that leads to a cross-site scripting (XSS) attack when running an untrusted recipe in a Jupyter Notebook, |
CVE |
||
|
06.12.24 |
(CVSS score: 7.5) - An unsafe deserialization issue in H20 when importing an untrusted ML model, potentially resulting in RCE |
CVE |
||
|
06.12.24 |
(CVSS score: 7.5) - A path traversal issue in MLeap when loading a saved model in zipped format can lead to a Zip Slip vulnerability, |
CVE |
||
|
06.12.24 |
Unveiling RevC2 and Venom Loader |
LOADER |
||
|
06.12.24 |
BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure |
DROPPER |
||
|
06.12.24 |
DroidBot: Insights from a new Turkish MaaS fraud operation |
ANDROID |
||
|
06.12.24 |
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) |
CVE |
||
|
05.12.24 |
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks |
EXPLOIT KIT |
||
|
05.12.24 |
Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 24 |
PHISHING |
||
|
05.12.24 |
(CVSS score: 10.0) - An incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property |
CVE |
||
|
05.12.24 |
(CVSS score: 7.5) - An improper restriction of XML External Entity (XXE) reference vulnerability that could allow a remote, |
CVE |
||
|
05.12.24 |
(CVSS score: 9.8) - An improper authentication vulnerability that allows a remote, unauthenticated attacker to create accounts, |
CVE |
||
|
05.12.24 |
(CVSS score: 7.5) - A path traversal vulnerability in the web management interface that could allow an attacker to download or |
CVE |
||
|
04.12.24 |
Snowblind: The Invisible Hand of Secret Blizzard |
APT |
||
|
04.12.24 |
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage |
ESPIONAGE |
||
|
04.12.24 |
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. |
CVE |
||
|
04.12.24 |
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, |
CVE |
||
|
04.12.24 |
The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox |
EXPLOIT |
||
|
03.12.24 |
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject |
CVE |
||
|
03.12.24 |
(CVSS score: 5.6) - An insufficient certificate validation vulnerability impacting Palo Alto Networks GlobalProtect for Windows, macOS, |
CVE |
||
|
03.12.24 |
(CVSS score: 7.1) - A vulnerability impacting SonicWall SMA100 NetExtender Windows client that could allow an attacker to execute |
CVE |
||
|
03.12.24 |
Analysis of Kimsuky Threat Actor's Email Phishing Campaign |
APT |
||
|
03.12.24 |
Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT |
RAT |
||
|
03.12.24 |
Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT |
RAT |
||
|
02.12.24 |
SmokeLoader Attack Targets Companies in Taiwan |
LOADER |
||
|
02.12.24 |
SpyLoan: A Global Threat Exploiting Social Engineering |
SPYWARE |