2025 January(141) February(191) March(268) April(184) May(0) June(0) July(0) August(0) September(0)
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
| 16.4.25 | Android.Clipper | MALWARE | Android | Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft? |
| 16.4.25 | Multi-Stage Phishing Attack Exploits Gamma | ATTACK | AI | Attackers exploit Gamma in a multi-stage phishing attack using Cloudflare Turnstile and AiTM tactics to evade detection and steal Microsoft credentials. |
| 16.4.25 | BPFDoor | MALWARE | Backdoor | BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets |
| 16.4.25 | SNOWLIGHT | MALWARE | Linux | According to sysdig, SNOWLIGHT is used as a dropper for its fileless payload (vshell). |
| 16.4.25 | UNC5174 | GROUP | GROUP | UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell |
| 16.4.25 | CVE-2025-24859 |
VULNEREBILITY |
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. | |
| 15.4.25 | SpyNote Campaign Masquerades as a MissAV mobile app | CAMPAIGN | Porn remains one of the most effective social engineering vectors due to high curiosity-driven engagement, the stigma that discourages victims from reporting, and the ease with which it can be weaponized through mobile-based attacks such as fake APKs. | |
| 15.4.25 | Turkish Employment Agency Impersonated in a Snake Keylogger campaign | CAMPAIGN | Symantec has recently observed a Snake Keylogger campaign targeting organizations in Turkey, including those in the Aerospace & Defense and Financial Services sectors. | |
| 15.4.25 | ZeroTrace Stealer | VIRUS | ZeroTrace Stealer is a new infostealing malware that recently emerged on the threat landscape. The malware builder has been distributed via various underground forums and file-sharing platforms while advertised as being created for educational and research purposes ony. | |
| 15.4.25 | Pulsar RAT malware | VIRUS | Pulsar is a new remote access trojan (RAT) variant recently identified in the wild. This C#-based malware is based on the Quasar RAT strain and has miscellaneous functionality including keylogging, cryptocurrency wallet clipping, infostealing, file management, remote shell and command execution, among others. | |
| 15.4.25 | PelDox Ransomware | RANSOM | Unlike typical ransomware, PelDox does not inform victims about the encryption of their files or demand payment for decryption. After encrypting the files and appending the ".lczx" extension, the ransomware displays a full-screen message. | |
| 15.4.25 | HijackLoader new modular enhancements for stealth and evasion | HijackLoader (also known as GHOSTPULSE or IDAT Loader) is a malware loader capable of delivering second-stage payloads and offers a variety of modules mainly used for configuration information, evasion of security software, and injection/execution of code. | ||
| 15.4.25 | Slow Pisces | GROUP | GROUP | Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware |
| 15.4.25 | Precision-Validated Phishing | PHISHING | PHISHING | The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders |
| 15.4.25 | Double-Edged Email Attack | HACKING | SPAM | Pick your Poison - A Double-Edged Email Attack |
| 15.4.25 | CVE-2025-30406 |
VULNEREBILITY |
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. | |
| 15.4.25 | ResolverRAT | MALWARE | RAT | New Malware Variant Identified: ResolverRAT Enters the Maze |
| 15.4.25 | CurlBack RAT | MALWARE | RAT | Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks |
| 13.4.25 | Tycoon2FA | PHISHING | Kit | Tycoon2FA New Evasion Technique for 2025 |
| 13.4.25 |
We Have a Package for You! A Comprehensive Analysis of
Package Hallucinations by Code Generating LL |
PAPERS | AI | The reliance of popular programming languages such as Python and JavaScript on centralized package repositories and open-source software, combined with the emergence of code-generating Large Language Models (LLMs), has created a new type of threat to the software supply chain: package hallucinations. T |
| 12.4.25 | NanoCrypt Ransomware | RANSOM | NanoCrypt is another "run-of-the-mill" ransomware variant discovered in the wild. The malware encrypts user data and appends .ncrypt to the name of locked files. The ransom note dropped in the form of a text file called README.txt indicates that this malware has been created "for fun" and not intended for any harmful activity. | |
| 12.4.25 | Chaos Ransomware Variant Targets IT Staff via Fake Security Tool | RANSOM | Chaos ransomware variants continue to emerge, mostly used by actors targeting individual machines through drive-by-download social engineering. These attacks typically demand a smaller ransom compared to double-extortion ransomware actors who target larger organizations through more complex attack chains. | |
| 12.4.25 | New Amethyst Stealer variant distributed by Sapphire Werewolf group | VIRUS | Distribution of a new and updated Amethyst Stealer variant has been observed in the wild. The campaign is attributed to the threat actor known as Sapphire Werewolf. | |
| 12.4.25 | CVE-2025-31161 - CrushFTP authentication bypass vulnerability exploited in the wild | VULNEREBILITY | CVE-2025-31161 is a recently disclosed critical (CVSS score 9.8) authentication bypass vulnerability affecting CrushFTP file transfer solution. If successfully exploited, the flaw could grant unauthenticated attackers admin level access to the underlying server via crafted HTTP requests. | |
| 12.4.25 | Neptune RAT | VIRUS | Neptune RAT is a highly modular, multi-functional remote access Trojan. The malware contains numerous DLL plugins which provide functionality. Available features include, but are not limited to, the following: | |
| 12.4.25 | Salary Adjustment PDF Lure Redirects to AWS-Hosted Outlook Credential Phish | PHISHING | Symantec has observed a new phishing campaign in which threat actors are leveraging PDFs to redirect users to a phishing page hosted on AWS S3. | |
| 12.4.25 | CVE-2025-1094 - PostgreSQL SQL injection vulnerability | ALERTS | VULNEREBILITY | CVE-2025-1094 is a recently disclosed high severity (CVSS score 8.1) SQL injection vulnerability affecting PostgreSQL, which is an open-source relational database management system (RDBMS). If successfully exploited, the flaw might lead up to a remote code execution due to improperly sanitized SQL inputs. |
| 12.4.25 | CVE-2025-30401 |
VULNEREBILITY |
A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. | |
| 12.4.25 | TsarBot | MALWARE | Bot | TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications |
| 12.4.25 | CVE-2024-21762 |
VULNEREBILITY |
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests | |
| 12.4.25 | CVE-2023-27997 |
VULNEREBILITY |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. | |
| 12.4.25 | CVE-2022-42475 |
VULNEREBILITY |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | |
| 11.4.25 | Core Werewolf | GROUP | GROUP | Core Werewolf hones its arsenal against Russia’s government organizations |
| 11.4.25 | Venture Wolf | GROUP | GROUP | Venture Wolf attempts to disrupt Russian businesses with MetaStealer |
| 11.4.25 | NOVA | GROUP | GROUP | Attackers use a fork of a popular stealer to target Russian companies |
| 11.4.25 | Bloody Wolf | GROUP | GROUP | Bloody Wolf evolution: new targets, new tools |
| 11.4.25 | Sapphire Werewolf | GROUP | GROUP | Sapphire Werewolf refines Amethyst stealer to attack energy companies |
| 11.4.25 | ZDI-25-246 |
ZERO-DAY |
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability | |
| 11.4.25 | ZDI-25-245 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-244 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-243 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-242 |
ZERO-DAY |
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-241 |
ZERO-DAY |
Trend Micro Deep Security Agent Link Following Denial-of-Service Vulnerability | |
| 11.4.25 | ZDI-25-240 |
ZERO-DAY |
Trend Micro Deep Security Anti-Malware Solution Platform Link Following Local Privilege Escalation Vulnerability | |
| 11.4.25 | ZDI-25-239 | ZERO-DAY |
ZERO-DAY |
Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability |
| 11.4.25 | ZDI-25-238 | ZERO-DAY |
ZERO-DAY |
Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-237 | ZERO-DAY |
ZERO-DAY |
Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-236 | ZERO-DAY |
ZERO-DAY |
Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-235 | ZERO-DAY |
ZERO-DAY |
Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-234 | ZERO-DAY |
ZERO-DAY |
Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability |
| 11.4.25 | ZDI-25-233 | ZERO-DAY |
ZERO-DAY |
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-232 | ZERO-DAY |
ZERO-DAY |
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-231 | ZERO-DAY |
ZERO-DAY |
Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-230 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-229 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability |
| 11.4.25 | ZDI-25-228 |
ZERO-DAY |
(Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability | |
| 11.4.25 | ZDI-25-227 |
ZERO-DAY |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability | |
| 11.4.25 | ZDI-25-226 |
ZERO-DAY |
(Pwn2Own) Samsung Galaxy S24 Gaming Hub Improper Input Validation Privilege Escalation Vulnerability | |
| 11.4.25 | ZDI-25-225 |
ZERO-DAY |
(Pwn2Own) Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-224 |
ZERO-DAY |
(Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-223 |
ZERO-DAY |
(Pwn2Own) Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability | |
| 11.4.25 | ZDI-25-222 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe concatstrings Type Confusion Information Disclosure Vulnerability |
| 11.4.25 | ZDI-25-221 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability |
| 11.4.25 | ZDI-25-220 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-219 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-218 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-217 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-216 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-215 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology DiskStation DS1823xs+ LDAP Client Improper Certificate Validation Authentication Bypass Vulnerability |
| 11.4.25 | ZDI-25-214 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-213 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability |
| 11.4.25 | ZDI-25-212 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability |
| 11.4.25 | ZDI-25-211 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-210 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-209 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability |
| 11.4.25 | ZDI-25-208 | ZERO-DAY |
ZERO-DAY |
(Pwn2Own) Synology DiskStation DS1823xs+ Replication Service Out-Of-Bounds Write Remote Code Execution Vulnerability |
| 11.4.25 | ZDI-25-207 | ZERO-DAY | ZERO-DAY | (Pwn2Own) Synology BeeStation BST150-4T Command Injection Remote Code Execution Vulnerability |
| 11.4.25 | GOFFEE | GROUP | GROUP | GOFFEE continues to attack organizations in Russia |
| 11.4.25 | SpyNote | MALWARE | Android RAT | Newly Registered Domains Distributing SpyNote Malware |
| 11.4.25 | CVE-2025-3102 |
VULNEREBILITY |
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. | |
| 10.4.25 | Everest Ransomware Group | GROUP | Ransomware | Threat Actor Profile |
| 10.4.25 | GammaSteel | MALWARE | PowerShell | Shuckworm Targets Foreign Military Mission Based in Ukraine |
| 10.4.25 | CVE-2024-0132 |
VULNEREBILITY |
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. | |
| 10.4.25 | AkiraBot | BOTNET | AI | AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale |
| 9.4.25 | GiftedCrook infostealer deployed in UAC-0226 campaign | VIRUS | According to a recent security alert released by Ukraine's Computer Emergency Response Team (CERT-UA), a new wave of targeted attacks against various military and governmental entities in Ukraine has been detected. The campaign dubbed as UAC-0226 distributes phishing emails containing .xlsm attachments with malicious macros. | |
| 9.4.25 | CVE-2025-29927 - Next.js middleware authorization bypass vulnerability | VULNEREBILITY | CVE-2025-29927 is a recently disclosed vulnerability (CVSS score 9.1) affecting Next.js, which is an open-source web development javascript framework. If successfully exploited, the flaw might allow the attackers for an authorization bypass attack via specially crafted HTTP requests potentially leading to protected content exposure. | |
| 9.4.25 | This Vidar stealer is not your Sysinternals tool | VIRUS | Vidar is an information stealing malware that has been active since 2018. It is a Malware-as-a-Service offering which has been used by attackers to steal sensitive data, such as credentials stored in browsers, applications, and cloud storage services. | |
| 9.4.25 | EncryptHub attackers leverage MSC files for payload delivery | VIRUS | A recent campaign attributed to EncryptHub (Water Gamayun) group has seen the threat actors to leverage Microsoft Management Console vulnerability (tracked as CVE-2025-26633) files for malicious payload execution. | |
| 9.4.25 | HollowQuill campaign luring users with disguised malicious PDFs | CAMPAIGN | HollowQuill campaign has been targeting academic institutions and government agencies worldwide through weaponized PDF documents. The attack employs social engineering tactics, disguising malicious PDFs as research papers, grant applications, decoy research invitations, or government communiques to entice unsuspecting users. | |
| 9.4.25 | Springtail APT group targets South Korean government entities | APT | The Springtail (aka Kimsuky) APT group recently engaged in campaigns targeting South Korean government entities. The campaigns leveraged government-themed messaging (one being tax related and another regarding a policy on the topic of sex offenders) to distribute malicious LNK files as malspam attachments. | |
| 9.4.25 | From Phishing to LINE Scams: Rakuten Securities users at risk | PHISHING | Over the past few weeks, a phishing actor has been launching campaign after campaign targeting Rakuten Securities users in an attempt to steal their credentials | |
| 9.4.25 | ModiLoader deployed via .SCR in Taiwanese Freight Impersonation | VIRUS | Malware actors have been abusing Windows screensavers file format (.scr) for some time now. While they might appear harmless, they are essentially executable programs with a different file extension. | |
| 9.4.25 | CVE-2025-27491 |
VULNEREBILITY |
Windows Hyper-V Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-26686 |
VULNEREBILITY |
Windows TCP/IP Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27752 |
VULNEREBILITY |
Microsoft Excel Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27745 |
VULNEREBILITY |
Microsoft Office Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27748 |
VULNEREBILITY |
Microsoft Office Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27749 |
VULNEREBILITY |
Microsoft Office Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-29791 |
VULNEREBILITY |
Microsoft Excel Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-26670 |
VULNEREBILITY |
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-26663 |
VULNEREBILITY |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27482 |
VULNEREBILITY |
Windows Remote Desktop Services Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-27480 |
VULNEREBILITY |
Windows Remote Desktop Services Remote Code Execution Vulnerability | |
| 9.4.25 | CVE-2025-29809 |
VULNEREBILITY |
Windows Kerberos Security Feature Bypass Vulnerability | |
| 9.4.25 | CVE-2025-29824 |
VULNEREBILITY |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| 9.4.25 | CVE-2025-30406 |
VULNEREBILITY |
Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability | |
| 9.4.25 | CVE-2025-29824 |
VULNEREBILITY |
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability | |
| 9.4.25 | CVE-2025-29824 |
VULNEREBILITY |
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |
| 9.4.25 | VibeScamming | PHISHING | AI | VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side |
| 9.4.25 | TCESB | MALWARE | Rootkit | How ToddyCat tried to hide behind AV software |
| 9.4.25 | CVE-2024-48887 |
VULNEREBILITY |
Unverified password change via set_password endpoint | |
| 9.4.25 | AWS SSM Agent's Plugin ID Validation |
VULNEREBILITY |
Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation | |
| 9.4.25 | ClipBanker | MALWARE | Trojan | Attackers distributing a miner and the ClipBanker Trojan via SourceForge |
| 8.4.25 | ZDI-25-206 |
ZERO-DAY |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability | |
| 8.4.25 | ZDI-25-205 |
ZERO-DAY |
Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability | |
| 8.4.25 | ZDI-25-204 |
ZERO-DAY |
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | |
| 8.4.25 | ZDI-25-203 |
ZERO-DAY |
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability | |
| 8.4.25 | ZDI-25-202 |
ZERO-DAY |
Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability | |
| 8.4.25 | ZDI-25-201 |
ZERO-DAY |
Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability | |
| 8.4.25 | ZDI-25-200 |
ZERO-DAY |
Exim Use-After-Free Local Privilege Escalation Vulnerability | |
| 8.4.25 | Цільова шпигунська активність UAC-0226 у відношенні осередків інновацій, державних і правоохоронних органів з використанням стілеру GIFTEDCROOK (CERT-UA#14303) | BATTLEFIELD UKRAINE | BATTLEFIELD UKRAINE | Урядовою командою реагування на комп'ютерні надзвичайні події України CERT-UA, починаючи з лютого 2025 року, відстежується цільова активність, яка здійснюється з метою шпигунства у відношенні осередків розвитку інновацій у військовій сфері, військових формувань, правоохоронних органів України та органів місцевого самоврядування, особливо тих, що розташовані вздовж східного кордону країни. |
| 8.4.25 | CVE-2025-31161 |
VULNEREBILITY |
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." | |
| 8.4.25 | CVE-2024-53150 |
VULNEREBILITY |
(CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure | |
| 8.4.25 | CVE-2024-53197 |
VULNEREBILITY |
(CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel | |
|
6.4.25 |
PoisonSeed Campaign | CAMPAIGN | SPAM | PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation |
|
6.4.25 |
VULNEREBILITY |
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. |
||
|
6.4.25 |
PAPERS |
MALWARE |
Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.” |
|
|
6.4.25 |
VULNEREBILITY |
(CVSS score: 7.8) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability |
||
|
6.4.25 |
VULNEREBILITY |
(CVSS score: 6.5) - Microsoft Windows File Explorer Spoofing Vulnerability |
||
| 5.4.25 | GRUB2 vulnerabilities |
VULNEREBILITY |
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18 | |
| 5.4.25 | Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions | ALERT | ALERT | PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. |
| 4.4.25 | CVE-2024-54085 - AMI MegaRAC BMC authentication bypass vulnerability | ALERTS | VULNEREBILITY | CVE-2024-54085 is a critical (CVSS score 10.0) authentication bypass vulnerability affecting AMI MegaRAC Baseboard Management Controller (BMC) which is a remote server management platform. |
| 4.4.25 | Lockbit 4.0 ransomware | RANSOM | Lockbit 4.0 is the most recent iteration of the infamous ransomware attributed to the threat actor called Syrphid. The ransomware is operated based on a Ransomware-as-a-Service (RaaS) model with various affiliates carrying out the attacks and often employing different tactics, techniques, and procedures (TTPs). | |
| 4.4.25 | RolandSkimmer campaign | CAMPAIGN | A new credit card skimming campaign dubbed RolandSkimmer has been reported by the researchers from Fortinet. The attack starts with .zip archives containing malicious .lnk files being delivered to the intended victims. | |
| 4.4.25 | CVE-2024-4577 makes a return in recent malware campaigns | A high severity CVE (CVSS: 9.8), CVE-2024-4577, has recently been disclosed to be in use in an active malware campaign targeting companies within the APJ region. | ||
| 4.4.25 | Latest Gootloader variant spread via malvertisements | VIRUS | Latest Gootloader variant has been observed to abuse Google Ads platform for distribution. The malware has been leveraging malvertisements directed at users searching for various legal templates such as NDA agreements, etc. | |
| 4.4.25 | CrazyHunter - a new Prince ransomware variant | RANSOM | CrazyHunter is a new Go-based ransomware variant based on the open-source Prince encryptor malware family. The malware encrypts user data and drops ransom note in form of a text file called "Decryption Instructions.txt". This note is written in identical format as the one observed from older Prince ransomware variant deployments. | |
| 4.4.25 | ZDI-25-199 | ZERO-DAY |
ZERO-DAY |
Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability |
| 4.4.25 | ZDI-25-198 | ZERO-DAY |
ZERO-DAY |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| 4.4.25 | ZDI-25-197 | ZERO-DAY |
ZERO-DAY |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| 4.4.25 | Proton66 | GROUP | GROUP | Bulletproof Hosting Networks and Proton66 |
| 4.4.25 | UAC-0219: кібершпигунство з використанням PowerShell-стілеру WRECKSTEEL (CERT-UA#14283) | BATTLEFIELD UKRAINE | BATTLEFIELD UKRAINE | Урядовою командою реагування на комп'ютерні надзвичайні події України CERT-UA вживаються системні заходи щодо накопичення та проведення аналізу даних про кіберінциденти з метою надання актуальної інформації про кіберзагрози. |
| 4.4.25 | ClickFix tactic | HACKING | CRYPTOCURRENCY | From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic |
| 4.4.25 | CVE-2025-22457 |
VULNEREBILITY |
April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457) | |
| 4.4.25 | CVE-2025-30065 |
VULNEREBILITY |
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. | |
| 4.4.25 | RaccoonO365 Script Analysis | PHISHING | PHaaS | During our investigation into the RaccoonO365 Phishing-as-a-Service operation, we uncovered a sandbox report revealing a script embedded in an HTML page associated with a RaccoonO365 phishing link. |
| 3.4.25 | New phishing campaign targets Monex Securities users | PHISHING | Lately, Symantec has observed phish runs targeting users of Monex Securities (マネックス証券), one of the Japan's leading online securities company through the merger of Monex, Inc. and Nikko Beans, Inc. The company offers individual investors with different financial services. | |
| 3.4.25 | DarkCloud Stealer via TAR archives in Multi-Sector Spanish Campaign | VIRUS | A company in Spain that specializes in mountain and skiing equipment is being spoofed in an email campaign. The actors behind this attack are targeting Spanish companies and local offices of international organizations. | |
| 3.4.25 | CVE-2024-20439 - Cisco Smart Licensing Utility static credential vulnerability | VULNEREBILITY | CVE-2024-20439 is a static credential vulnerability (CVSS score 9.8) affecting Cisco Smart Licensing Utility. If successfully exploited, the flaw could allow attackers to gain administrative privileges for the application's API. | |
| 3.4.25 | CPU_HU cryptomining malware | VIRUS | A new campaign distributing cryptomining malware dubbed CPU_HU has been reported in the wild. The attackers target vulnerable or misconfigured PostgreSQL instances in efforts to deploy XMRig-C3 cryptominer binaries. Similar malware variant (also known as PG_MEM) has been distributed last year in campaigns attributed to the same threat actors. The most recent campaign implements additional detection evasion techniques including fileless payload execution. | |
| 3.4.25 | Salvador Stealer - a new mobile malware | VIRUS | Salvador Stealer is a newly discovered Android malware variant. The infostealer is spread under the disguise of legitimate mobile banking apps. The malware delivery is a multistage process that uses a separate malicious dropper .apk binary responsible for final payload execution. Salvador Stealer aims at collection and exfiltration of user confidential data including banking details and credentials. | |
| 3.4.25 | Recent activities deploying Konni RAT malware | VIRUS | Konni RAT is a well known remote access trojan (RAT) variant active on the threat landscape for several years. The malware has the functionality to exfiltrate sensitive data from compromised machines, achieve persistence on the infected endpoints and execute remote commands received from attackers. | |
| 3.4.25 | CVE-2024-48248 - NAKIVO Backup and Replication absolute path traversal vulnerability | VULNEREBILITY | CVE-2024-48248 is a recently identified absolute path traversal vulnerability (CVSS score 8.6) affecting NAKIVO Backup and Replication solution. If successfully exploited, the flaw might enable unauthenticated attackers to read arbitrary files on the target hosts leading to sensitive information exposure. | |
| 3.4.25 | CVE-2024-10668 |
VULNEREBILITY |
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. | |
| 3.4.25 | Stripe API Skimming Campaign | CAMPAIGN | Skimming | Stripe API Skimming Campaign: Additional Victims and Insights |
| 3.4.25 | ImageRunner |
VULNEREBILITY |
ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run | |
| 2.4.25 | Masslogger Bank-Themed Phishing Primarily Targets Romania, With Broader European Reach | VIRUS | Symantec has observed a Masslogger campaign primarily targeting organizations in Romania, where attackers are impersonating a Romanian bank. In addition to Romanian entities, the campaign has also impacted organizations in several other countries across Europe and beyond. | |
| 2.4.25 | TsarBot Android malware | VIRUS | TsarBot is a new Android banking trojan reported to be targeting over 750 different banking, financial and cryptocurrency-related applications. | |
| 2.4.25 | ZDI-25-196 | ZERO-DAY |
ZERO-DAY |
Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| 2.4.25 | ZDI-25-195 | ZERO-DAY |
ZERO-DAY |
Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-194 | ZERO-DAY |
ZERO-DAY |
Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-193 | ZERO-DAY |
ZERO-DAY |
Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-192 | ZERO-DAY |
ZERO-DAY |
Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability |
| 2.4.25 | ZDI-25-191 | ZERO-DAY |
ZERO-DAY |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-190 | ZERO-DAY |
ZERO-DAY |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| 2.4.25 | ZDI-25-189 | ZERO-DAY |
ZERO-DAY |
Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability |
| 2.4.25 | ZDI-25-188 | ZERO-DAY |
ZERO-DAY |
Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| 2.4.25 | CPU_HU: Fileless cryptominer | HACKING | CRYPTOCURRENCY | CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims |
| 2.4.25 | Outlaw | MALWARE | Linux | Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective |
| 2.4.25 | HijackLoader |
Loader |
Analyzing New HijackLoader Evasion Tactics | |
| 2.4.25 | Anubis Backdoor |
Backdoor |
The Savage Ladybug , also known as FIN7, has developed a new, mildly obfuscated Python-based backdoor called Anubis Backdoor . This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine. | |
| 2.4.25 | Lucid Phishing-as-a-Service | PHISHING | Platform | Lucid is a sophisticated Phishing-as-a-Service (PhAAS) platform operated by Chinese-speaking threat actors, targeting 169 entities across 88 countries globally. With 129 active instances and 1000+ registered domains, Lucid ranks among prominent PhAAS platforms, alongside Darcula and Lighthouse |
|
1.4.25 |
Backdoor |
To achieve persistence on infected systems, Water Gamayun employs two distinct backdoors in their campaigns. In earlier campaigns with encrypthub[.]net/org, they utilized the SilentPrism backdoor, a tool designed for stealthy access and control. In their latest campaign, we identified a new backdoor, which we have named DarkWisp. |
||
|
1.4.25 |
Loader |
The MSC EvilTwin loader represents a novel approach (CVE-2025-26633) to malware deployment by leveraging specially crafted Microsoft Saved Console (.msc) files. The MSC EvilTwin loader creates two directories: C:\Windows \System32<space>\ and C:\Windows<space>\System32\en-US. |
||
|
1.4.25 |
Backdoor |
SilentPrism is a backdoor malware designed to achieve persistence, dynamically execute shell commands, and maintain unauthorized remote control of compromised systems. |
||
|
1.4.25 |
Stealer |
On July 26, 2024, security researcher Germán Fernández tweeted about a fake WinRAR website distributing various types of malwares, including stealers, miners, hidden virtual network computing (hVNC), and ransomware, as shown. These malicious tools were hosted on a GitHub repository named "encrypthub," managed by a user called "sap3r-encrypthub" |
||
|
1.4.25 |
SnakeKeylogger is an info-stealer malware that harvests credentials and other sensitive data. It targets a wide range of applications such as web browsers like Google Chrome, Mozilla Firefox, and email clients such as Microsoft Outlook and Thunderbird. |
|||
|
1.4.25 |
Crocodilus is a new mobile banking trojan variant identified recently on the threat landscape. The malware has extensive remote control and infostealing functionalities, allowing the attackers for application overlay attacks, remote access to the compromised devices, theft of credentials/data stored on the mobile device, keylogging and execution of commands received from C2 servers, among others. |
|||
|
1.4.25 |
CoffeeLoader is a new sophisticated malware loader designed to implement secondary payloads while evading detection. This loader leverages a packer that executes code on a system’s GPU. CoffeeLoader can establish persistence via the Windows Task Schedule and can maintain persistence via a scheduled task with a hard-coded name. |
|||
|
1.4.25 |
MassLogger Targets Businesses Worldwide via Procurement-themed Phishing |
MassLogger, an information-stealing malware designed to capture credentials, keystrokes, and clipboard data from victims, has been gaining prevalence in the threat landscape, with campaigns of various sizes and victimology observed worldwide. |
||
|
1.4.25 |
CyberSpionage |
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques |
||
|
1.4.25 |
VULNEREBILITY |
(CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges |
||
|
1.4.25 |
VULNEREBILITY |
(CVSS score: 4.6) - An authorization issue in the Accessibility component that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack |
||
|
1.4.25 |
VULNEREBILITY |
(CVSS score: 8.8) - An out-of-bounds write issue in the WebKit component that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox |