2025 January(141) February(191) March(268) April(349) May(260) June(2) July(0) August(0) September(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 30.4.25 | SLAAC Snooping | NDP messages are unsecured, which makes SLAAC susceptible to attacks that involve the spoofing (or forging) of link-layer addresses. You must configure SLAAC snooping to validate IPv6 clients using SLAAC before allowing them to access the network. | ATTACK | IPv6 |
| 30.4.25 | Context Compliance Attack | (CCA), a jailbreak technique that involves the adversary injecting a "simple assistant response into the conversation history" about a potentially sensitive topic that expresses readiness to provide additional information | ATTACK | AI |
| 30.4.25 | Policy Puppetry Attack | a prompt injection technique that crafts malicious instructions to look like a policy file, such as XML, INI, or JSON, and then passes it as input to the large language model (LLMs) to bypass safety alignments and extract the system prompt | ATTACK | AI |
| 30.4.25 | Memory INJection Attack | (MINJA), which involves injecting malicious records into a memory bank by interacting with an LLM agent via queries and output observations and leads the agent to perform an undesirable action | ATTACK | AI |
| 29.4.25 | CVE-2025-3928 - Commvault Web Server vulnerability | CVE-2025-3928 is a recently disclosed unspecified vulnerability affecting Commvault Web Server. If successfully exploited, the flaw could enable remote, authenticated attackers to gain unauthorized access to the vulnerable systems and allow them for deployment and execution of arbitrary webshells. | VULNEREBILITY | |
| 29.4.25 | ELENOR-corp - a new Mimic ransomware variant | ELENOR-corp is a new ransomware variant from the Mimic malware family just recently identified in the wild and reported to be targeting the healthcare sector. The attackers have been also leveraging a persistent Clipper malware as well as a Python-based infostealer during the activities preceding the ransomware payload deployment. | RANSOM | |
| 29.4.25 | Multi-Stage malware campaign targeting South Korean entities linked to Konni APT | A sophisticated multi-stage malware campaign potentially linked to the North Korean Konni APT group has been observed targeting entities primarily in South Korea. The attack begins with a ZIP file containing a disguised .lnk shortcut which executes an obfuscated PowerShell script designed to download and run additional malicious payloads. | APT | |
| 29.4.25 | RevolverRAT targeting users with malicious emails | RevolverRAT, a newly disclosed Remote Access Trojan is initially spread via targeted emails in the recipient's native language claiming to be a copyright claim that needs to be addressed. The emails request that users click a link which results in an installation of software vulnerable to DLL side-loading attacks. | VIRUS | |
| 29.4.25 | DslogdRAT malware distribution | A recent campaign spreading DslogdRAT malware has been targeting organizations in Japan as reported by JPCERT. The attackers have been exploiting a vulnerability in Ivanti Connect Secure (CVE-2025-0282) to deliver the malicious payloads. DslogdRAT has the functionality to execute arbitrary commands received from the C2 servers (according to the hardcoded configuration data). | VIRUS | |
| 29.4.25 | Spoofed Driver and Vehicle Licensing Agency (DVLA) email notifications appear in phish runs | The Driver and Vehicle Licensing Agency (DVLA) is British government's organization responsible for maintaining records of drivers in Great Britain and vehicles for entire United Kingdom. Recently, Symantec has observed phishing attempts mimicking DVLA, enticing users to open fake notification emails. | PHISHING | |
| 29.4.25 | China-linked threat actors exploit NFC Tech | China-linked threat actors are exploiting NFC technologies for fraudulent activities targeting financial institutions worldwide, causing significant losses. Sophisticated tools like Z-NFC and King NFC are used to facilitate illegal transactions. These tools leverage Near Field Communication (NFC) technology, which is essential for contactless payments and applications relying on Host Card Emulation (HCE). | EXPLOIT | |
| 29.4.25 | AsyncRAT malware campaign using Cloudflare Tunnels | A malware campaign using Cloudflare tunnels to deploy AsyncRAT has been reported. The attack vector starts with a phishing email containing a malicious .ms-library file which when opened downloads a PDF shortcut (LNK file) that triggers a series of scripts. | VIRUS | |
| 29.4.25 | Ammyy Admin and PetitPotato deployed in targeted MS-SQL Server attacks | An emerging threat campaign targeting poorly managed MS-SQL servers has been observed, aiming to deploy Ammyy Admin and PetitPotato malware for remote access and privilege escalation. The attackers exploit vulnerable servers, execute commands to gather system information and use WGet to install the malware. They also enable RDP services and add new user accounts to maintain persistent access. | VIRUS | |
| 29.4.25 | Phishing campaign targets Norinchukin Bank users with fake login pages | Norinchukin (Nochu) Bank, founded in 1923, is a Japanese cooperative bank that supports the agricultural sector. It serves as the national institution for JA Bank, a group of agricultural cooperatives. Recently, Symantec detected a phishing campaign targeting the bank’s online banking services. | CAMPAIGN | |
| 29.4.25 | UyghurEdit++ Tool | Uyghur Language Software Hijacked to Deliver Malware | HACKING | SOFTWARE |
| 29.4.25 | CVE-2025-3928 | (CVSS score: 8.7) - An unspecified flaw in the Commvault Web Server that allows a remote, authenticated attacker to create and execute web shells |
VULNEREBILITY |
|
| 29.4.25 | CVE-2025-1976 | (CVSS score: 8.6) - A code injection flaw affecting Broadcom Brocade Fabric OS that allows a local user with administrative privileges to execute arbitrary code with full root privileges |
VULNEREBILITY |
|
| 29.4.25 | CVE-2025-32432 | (CVSS score: 10.0) - A remote code execution (RCE) vulnerability in Craft CMS (Patched in versions 3.9.15, 4.14.15, and 5.6.17) |
VULNEREBILITY |
|
| 29.4.25 | CVE-2024-58136 | (CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP framework used by Craft CMS that could be exploited to access restricted functionality or resources |
VULNEREBILITY |
|
| 27.4.25 | DragonForce | Ransomware Groups Evolve Affiliate Models | RANSOMWARE | RANSOMWARE |
| 27.4.25 | KB5055627 | April 25, 2025—KB5055627(OS Build 26100.3915) Preview | KB DATABAZE | KB DATABAZE |
| 27.4.25 | CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. |
VULNEREBILITY |
|
| 27.4.25 | CVE-2025-32432 | A remote code execution (RCE) vulnerability in Craft CMS. |
VULNEREBILITY |
|
| 27.4.25 | CVE-2024-58136 | An input validation flaw in the Yii framework used by Craft CMS. |
VULNEREBILITY |
|
| 27.4.25 | Password Spraying | The basics of a password spraying attack involve a threat actor using a single common password against multiple accounts on the same application. This avoids the account lockouts that typically occur when an attacker uses a brute force attack on a single account by trying many passwords. | ATTACK | Password |
| 26.4.25 | ToyMaker | Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs | GROUP | IAB |
| 26.4.25 | FBI INTERNET CRIME REPORT | This year marks the 25th anniversary of the FBI’s Internet Crime Complaint Center, or IC3. Originally intended to serve the law enforcement community, IC3 has evolved to become the primary destination for the public to report cyber-enabled crime and fraud as well as a key source for information on scams and cyber threats | REPORT | REPORT |
| 26.4.25 | CVE-2024-54084 | APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. |
VULNEREBILITY |
|
| 26.4.25 | CVE-2024-54085 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
VULNEREBILITY |
|
| 25.4.25 | KB5055523 | 8. dubna 2025 – KB5055523 (build operačního systému 26100.3775) | KB DATABAZE | KB DATABAZE |
| 25.4.25 | KB5052093 | February 25, 2025—KB5052093 (OS Build 26100.3323) Preview | KB DATABAZE | KB DATABAZE |
| 25.4.25 | KB5046617 | 12. listopadu 2024 – KB5046617 (build operačního systému 26100.2314) | KB DATABAZE | KB DATABAZE |
| 25.4.25 | CVE-2025-42599 | Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. |
VULNEREBILITY |
|
| 25.4.25 | ELUSIVE COMET | Mitigating ELUSIVE COMET Zoom remote control attacks | OPERATION | CRYPTOCURRENCY |
| 25.4.25 | KB5055612 | April 22, 2025—KB5055612 (OS Build 19045.5796) Preview | KB DATABAZE | KB DATABAZE |
| 25.4.25 | Cookie-Bite attack | Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments | ATTACK | COOKIES |
| 25.4.25 | Scallywag | Scallywag Extensions Monetize Piracy | OPERATION | CRYPTOCURRENCY |
| 25.4.25 | Various GPT services are vulnerable to "Inception" jailbreak, allows for bypass of safety guardrails | Two systemic jailbreaks, affecting a number of generative AI services, were discovered. These jailbreaks can result in the bypass of safety protocols and allow an attacker to instruct the corresponding LLM to provide illicit or dangerous content. | ALERT | ALERT |
| 25.4.25 | ZDI-25-256 | Avast Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 25.4.25 | ZDI-25-255 | Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 25.4.25 | ZDI-25-254 | Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 25.4.25 | ZDI-25-253 | SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 25.4.25 | CVE-2017-9844 | SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. |
VULNEREBILITY |
|
| 25.4.25 | CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. |
VULNEREBILITY |
|
| 25.4.25 | CVE-2025-27610 | (CVSS score: 7.5) - A path traversal vulnerability that could be used to gain access to all files under the specified root: directory, assuming an attacker can determine the paths to those files |
VULNEREBILITY |
|
| 25.4.25 | CVE-2025-27111 | (CVSS score: 6.9) - An improper neutralization of carriage return line feeds (CRLF) sequences and improper output neutralization for logs vulnerability that could be used to manipulate log entries and distort log files |
VULNEREBILITY |
|
| 25.4.25 | CVE-2025-25184 | (CVSS score: 5.7) - An improper neutralization of carriage return line feeds (CRLF) sequences and improper output neutralization for logs vulnerability that could be used to manipulate log entries and inject malicious data |
VULNEREBILITY |
|
| 25.4.25 | CVE-2025-0282 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. |
VULNEREBILITY |
|
| 25.4.25 | DslogdRAT | DslogdRAT Malware Installed in Ivanti Connect Secure | MALWARE | RAT |
| 24.4.25 | ZDI-25-252 | (0Day) Cato Networks Cato Client for macOS Helper Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 24.4.25 | ZDI-25-251 | (0Day) Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 24.4.25 | ZDI-25-250 | (0Day) Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 24.4.25 | ZDI-25-249 | (0Day) eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 24.4.25 | ZDI-25-248 | (0Day) eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 24.4.25 | ZDI-25-247 | (0Day) eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 24.4.25 | PE32 Ransomware | PE32 ransomware is a newly discovered malware strain that leverages Telegram for C2 operations. It employs a dual-extortion model, charging separate fees for file decryption and data non-disclosure. Despite its messy and simplistic code, which uses basic Windows libraries, it poses a significant threat to systems with weak security hygiene. | RANSOM | |
| 24.4.25 | Proton66 Infrastructure tied to expanding malware campaigns and C2 operations | Proton66 has emerged as a central hub for malicious cyber activity, hosting infrastructure used in C2 operations and phishing campaigns involving malware like GootLoader, SpyNote and XWorm. | VIRUS | |
| 24.4.25 | ToyMaker IAB paves way for Cactus ransomware | Initial Access Brokers are oftentimes the first step in a successful campaign for a threat actor. The access brokers work their way into an environment, collect relevant data, and then sell that information to a threat actor for further compromise. | RANSOM | |
| 24.4.25 | Weaponized Alpine Quest App used to spy on Russian military via Telegram Bot | A modified version of the popular Android navigation app Alpine Quest, has been found carrying spyware targeting Russian military personnel. The spyware, bundled within the app collects sensitive information like phone numbers, account details, contacts and geolocation. | BOTNET | |
| 24.4.25 | A recent FormBook distribution campaign observed in the wild | A new FormBook distribution campaign has been reported by the researchers from Fortinet. The attackers leverage malicious Word documents containing an exploit for CVE-2017-11882, which is an older vulnerability affecting the Equation Editor component in Microsoft Office. | CAMPAIGN | |
| 24.4.25 | Billbug APT continues campaigns in Southeast Asia | The Billbug espionage group (aka Lotus Blossom, Lotus Panda, Bronze Elgin) compromised multiple organizations in a single Southeast Asian country during an intrusion campaign that ran between August 2024 and February 2025. | APT | |
| 24.4.25 | RustoBot botnet activity | RustoBot is a new Rust-based botnet variant distributed via exploitation of vulnerabilities in unpatched TOTOLINK devices. | BOTNET | |
| 24.4.25 | UNC4736 | UNC4736 is a North Korean threat actor that has been involved in supply chain attacks targeting software chains of 3CX and X_TRADER. They have used malware strains such as TAXHAUL, Coldcat, and VEILEDSIGNAL to compromise Windows and macOS systems. | GROUP | GROUP |
| 24.4.25 | UNC1069 | (Active since at least April 2018), which targets diverse industries for financial gain using social engineering ploys by sending fake meeting invites and posing as investors from reputable companies on Telegram to gain access to victims' digital assets and cryptocurrency | GROUP | GROUP |
| 24.4.25 | UNC4899 | (Active since 2022), which is known for orchestrating job-themed campaigns that deliver malware as part of a supposed coding assignment and has previously staged supply chain compromises for financial gain (Overlaps with Jade Sleet, PUKCHONG, Slow Pisces, and TraderTraitor) | GROUP | GROUP |
| 24.4.25 | UNC5342 | (Active since at least December 2022), which is also known for employing job-related lures to trick developers into running malware-laced projects (Overlaps with Contagious Interview, DeceptiveDevelopment, DEV#POPPER, and Famous Chollima) | GROUP | GROUP |
| 24.4.25 | Operation SyncHole | Operation SyncHole: Lazarus APT goes back to the well | OPERATION | APT |
| 24.4.25 | io_uring | io_uring Is Back, This Time as a Rootkit | MALWARE | ROOTKIT |
| 24.4.25 | Darcula phishing-as-a-service | AI-Enabled Darcula-Suite Makes Phishing Kits More Accessible, Easier to Deploy | PHISHING | PHaaS |
| 24.4.25 | CVE-2025-34028 | A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without authentication. |
VULNEREBILITY |
|
| 23.4.25 | M-Trends 2025 | A key takeaway from M-Trends 2025 is that attackers are seizing every opportunity to further their objectives. | REPORT | REPORT |
| 23.4.25 | Phishing for Codes | Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | PHISHING | PHISHING |
| 23.4.25 | XRP supply chain attack | XRP supply chain attack: Official NPM package infected with crypto stealing backdoor | ATTACK | Crypto |
| 23.4.25 | RustoBot | New Rust Botnet "RustoBot" is Routed via Routers | BOTNET | Bot |
| 22.4.25 | Ransomware group Interlock enhances tactics with ClickFix and Infostealers | Reports indicate that the ransomware group Interlock has advanced its attack methods by incorporating ClickFix social engineering techniques alongside infostealers. | RANSOM | |
| 22.4.25 | Gunra Ransomware | Another ransomware actor operating under the name Gunra has recently surfaced, allegedly claiming several victims in the healthcare, electronics, and beverage manufacturing sectors, as listed on their onion website. | RANSOM | |
| 22.4.25 | SuperCard X Android malware | A new Android malware campaign, identified as a malware-as-a-service called SuperCard X, has been observed targeting users in Italy. Delivered via socially engineered smishing and phone calls, the intent of the campaign is financial theft. | VIRUS | |
| 22.4.25 | PasivRobber - Spyware targeting macOS platform | PasivRobber is a new malware variant targeting the macOS platform that has been recently identified in the wild. Its main function is to ex-filtrate miscellaneous data from the macOS systems including information from 3rd party apps, web browsers, emails, cookies, chat messages (WeChat and QQ), screenshots, etc. | ||
| 22.4.25 | DKIM Replay Phishing Attack | Google Spoofed Via DKIM Replay Attack: A Technical Breakdown | ATTACK | PHISHING |
| 22.4.25 | Billbug | Billbug: Intrusion Campaign Against Southeast Asia Continues | GROUP | Espionage group |
| 22.4.25 | Larva-24005 | During the breach investigation process, the AhnLab SEcurity intelligence Center (ASEC) discovered a new operation related to the Kimsuky group and named it Larva-24005.1 | GROUP | APT Group Profiles |
| 22.4.25 | SuperCard X Malware | A novel Android malware offered through a Malware-as-a-Service (MaaS) model, enabling NFC relay attacks for fraudulent cash-outs. | MALWARE | ANDROID |
| 22.4.25 | SuperCard X | SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation | OPERATION | Fraund |
| 22.4.25 | Proton66 | Proton66 Part 1: Mass Scanning and Exploit Campaigns | GROUP | GROUP |
| 21.4.25 | Interlock ransomware | Interlock is a ransomware intrusion set first observed in September 2024 that conducts Big Game Hunting and double extortion campaigns. | RANSOMWARE | RANSOMWARE |
|
21.4.25 |
CVE-2021-20035 | Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. |
VULNEREBILITY |
|
| 21.4.25 | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability |
VULNEREBILITY |
|
|
21.4.25 |
CVE-2025-20150 | Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability |
VULNEREBILITY |
|
| 21.4.25 | CVE-2025-20178 | Cisco Secure Network Analytics Privilege Escalation Vulnerability |
VULNEREBILITY |
|
|
21.4.25 |
In-car dash cameras (dashcams) have become quintessential to our daily lives, supported by guidelines and regulations from insurance companies as part of insurance reduction or substantiating claims during an accident. However, this can be a double-edged sword without proper security measures, potentially compromising privacy and increasing susceptibility to identity theft. |
BLACK HAT 2025 ASIE |
||
| 21.4.25 |
QuickShell: Sharing is Caring About an RCE Attack Chain on Quick Share |
Quick Share (formerly Nearby Share) has allowed Android users to easily share files for four years now. A year ago, Google introduced a Windows version. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Think Inside the Box: In-the-Wild Abuse of Windows Sandbox in Targeted Attacks |
Windows Sandbox is a lightweight virtualization mechanism introduced in 2018, designed to provide an isolated desktop environment for quickly testing suspicious applications. However, this feature can also serve as a "magic cloak" for adversaries. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
vCenter Lost: How the DCERPC Vulnerabilities Changed the Fate of ESXi |
As one of the most widely-used commercial virtualization platforms, the security of VMware virtualization suite has long been a focal point of scrutiny. Over the past few years, we have focused extensively on identifying vulnerabilities within VMware products, particularly those in ESXi and Workstation virtualization implementations. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | Java serialization and deserialization facilitate cooperation between different Java systems, enabling convenient data and code exchange. However, a significant vulnerability known as Java Object Injection (JOI) allows remote attackers to inject crafted serialized objects, triggering internal Java methods (gadgets) and resulting in severe consequences such as remote code execution (RCE). |
BLACK HAT 2025 ASIE |
||
|
21.4.25 |
With the new AI moving to the cloud, a sequence of ML/AI tooling suites has been integrated into the core Azure DevOps functionalities, yielding a new concept of MLOps to enable the LLM capabilities for Azure. |
BLACK HAT 2025 ASIE |
||
| 21.4.25 | As WebAssembly becomes more integrated into modern web browsers, its interaction with JavaScript creates new opportunities for performance optimization, but also introduces significant security risks. This presentation dives deep into the vulnerabilities emerging from the boundaries between WebAssembly and JavaScript, with a focus on type confusion issues and improper handling of object boundaries within the V8 engine. |
BLACK HAT 2025 ASIE |
||
|
21.4.25 |
Double Tap at the Blackbox: Hacking a Car Remotely Twice with MiTM |
Obtaining the hardware, extracting firmware, and then reverse engineering to uncover vulnerabilities in automotive systems is a common practice within the vehicle security community. However, access to vehicle components can often be limited—especially for newer models—making it challenging for researchers who do not own the vehicle. Dissecting a car can also be risky and expensive for many security researchers. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 |
The Illusion of Isolation: How Isolation Failures in CI/CD Servers Lead to RCE and Privacy Risks |
For many years, security research on CI/CD platforms has been a popular topic, but researchers often tend to look for flaws that are visibly present across various functionalities within the workflow rather than auditing CI/CD platform implementations to analyze application mechanisms and identify potential vulnerabilities. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
This talk invites you on an exploration of advanced reverse engineering techniques applied to sophisticated proprietary hardware. Rather than focusing on well-known hands-on methods such as hardware decapsulation and schematic analysis, I will demonstrate how a unique combination of patent analysis, firmware reverse engineering, and theoretical modeling can unlock the intricacies of undocumented hardware technologies and their application semantics. |
BLACK HAT 2025 ASIE |
||
| 21.4.25 |
Determining Exploitability of Vulnerabilities with SBOM and VEX |
Software Composition Analysis tools are known to generate a flood of vulnerability data in third party code. The key challenge today is determining the number of vulnerabilities that are actually exploitable in the products that are shipped. A lot of tools have started exploring this problem. However, it cannot be completely solved without internal developer context on how a third party package is being used. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Currently, the application of LLMs within the security landscape has achieved widespread adoption, becoming a standard practice across the industry. In the realm of threat intelligence, LLMs have distinguished themselves through their exceptional capabilities in extracting IOCs and summarizing cyberattack reports, significantly enhancing the efficiency and precision of threat intelligence processing. |
BLACK HAT 2025 ASIE |
||
| 21.4.25 | One Bug to Rule Them All: Stably Exploiting a Preauth RCE Vulnerability on Windows Server 2025 | As the security protection mechanisms of the Windows operating system are constantly being proposed and applied, it is becoming increasingly difficult to find exploitable vulnerabilities on current Windows, especially vulnerabilities that can cause preauth 0-click RCE. But, is there really no such vulnerabilities? |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Foreign Information Manipulation and Interference (Disinformation 2.0) - How Patterns of Behavior in the Information Domain Threaten or Attack Organizations' Values, Procedures and Political Processes | Over the past decade, foreign information manipulation and interference (FIMI) operations have grown in complexity and scope. More specifically, Russia and China have continuously invested resources into developing their hybrid warfare strategy. Hybrid warfare goes beyond physical confrontation. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities | Linux kernel vulnerability reproduction is a critical task in system security. To reproduce a kernel vulnerability, the vulnerable environment and the Proof of Concept (PoC) program are needed. Most existing research focuses on the generation of PoC, while the construction of the environment is overlooked. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Mini-App But Great Impact: New Ways to Compromise Mobile Apps | In the mobile app ecosystem, super-apps serve as platforms hosting mini-apps, facilitating cross-platform operation across Android and iOS. Traditionally, attacks on mobile apps have targeted native applications, web pages, and networks. Our research pioneers a novel exploitation vector targeting mobile apps via mini-apps. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | Should We Chat, Too? Security Analysis of WeChat's MMTLS Encryption Protocol | WeChat, with over 1.2 billion monthly active users, stands as the most popular messaging and social media platform in China and third globally. Instead of TLS, WeChat mainly uses a proprietary network encryption protocol called "MMTLS". We performed the first public analysis of the security and privacy properties of MMTLS and found it to be a modified version of TLS 1.3, with many of the modifications that WeChat developers made to the cryptography introducing weaknesses. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Invisible Ink: Privacy Risks of CSS in Browsers and Emails | Recently, Google Chrome and other browsers have started restricting traditional tracking methods, such as third-party cookies, to improve user privacy. Still, websites can leverage browser fingerprinting to track users across websites, even when they try to protect their privacy. Interestingly, the same principles can be leveraged to enhance the security of web applications, such as in risk-based authentication, where users are identified based on their browser fingerprint. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | Operation BlackEcho: Voice Phishing Using Fake Financial and Vaccine Apps | Voice phishing (a.k.a. vishing) is a crime in which scammers deceive victims through phone calls in order to fraudulently obtain funds or steal personal information. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Watch Your Phone: Novel USB-Based File Access Attacks Against Mobile Devices | Modern mobile OSs employ lock screens and user confirmation prompts to shield sensitive data from attackers with access to the device's USB port. In this talk, we present novel attacks and attack techniques that bypass both of these critical security mechanisms to gain USB-based file access on state-of-the-art mobile devices. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | (Mis)adventures with Copilot+: Attacking and Exploiting Windows NPU Drivers | In May 2024, Microsoft introduced a new category of PCs designed for AI, called Copilot+ PCs. According to Microsoft, those PCs are starting a new chapter of AI integration on Windows and, thus, personal computing. Each device will have an NPU enabling the device to run Large-Language Models (LLMs) locally. But how exactly were those NPUs integrated into Windows? |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Behind Closed Doors - Bypassing RFID Readers | Cloning RFID tags - you probably tried it, or at least heard about it. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | Impostor Syndrome - Hacking Apple MDMs Using Rogue Device Enrolments | Apple's solution for mobile device management seems like an airtight process. Enterprise customers buy devices from registered retailers, these are automatically registered in Apple Business Manager which in turn integrates seamlessly with the customer's choice of MDM platform. A company can have devices set up and shipped to remote employees without ever touching them. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Standing on the Shoulders of Giants: De-Obfuscating WebAssembly Using LLVM | WebAssembly (Wasm) is an increasingly popular compilation target, offering compact representation, efficient validation and compilation, and safe low to no-overhead execution. Wasm is popular not only on the browsers but finding adoption across various platforms. As its popularity grows for various applications, so does the need to obfuscate it, subsequently raising the necessity to de-obfuscate. In this talk we will discuss how to de-obfuscate Wasm code using LLVM compiler infrastructure. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | A Closer Look at the Gaps in the Grid: New Vulnerabilities and Exploits Affecting Solar Power Systems | Distributed energy resources (DER), such as solar power systems, are rapidly becoming essential elements of power grids worldwide. However, cybersecurity for these systems is often an afterthought, creating a growing risk to grid reliability. While each residential solar system produces limited power, their combined output reaches dozens of gigawatts — making their collective impact on grid stability too significant to ignore. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks | Content Delivery Networks (CDNs) are widely adopted to enhance web performance and offer protection against DDoS attacks. However, our research unveils a critical vulnerability within CDN back-to-origin strategies, allowing attackers to exploit these mechanisms for massive amplification attacks, termed as Back-to-Origin Amplification (BtOAmp) attacks. These attacks leverage CDN configurations that prioritize performance over security, leading to the exhaustion of origin server resources. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | I Have Got to Warn You, It Is a Learning Robot: Using Deep Learning Attribution Methods for Fault Injection Attacks | Deep Learning (DL) has recently received significant attention in breaking cryptographic implementations on embedded systems. However, research on the subject mostly focused on side-channel attacks (SCAs). |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
The Drone Supply Chain's Grand Siege: From Initial Breaches to Long-Term Espionage on High-Value Targets | In mid-2024, we disclosed a cyber campaign named TIDRONE, attributed to an unidentified threat actor likely linked to Chinese-speaking groups. This campaign revealed a strong focus on the military industry, specifically targeting drone manufacturers in Taiwan. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | Dismantling the SEOS Protocol | In this talk, we present the first open source implementation of HID SEOS communication protocol over RFID. HID SEOS is a credential technology designed to provide enhanced security, flexibility, and convenience for access control and identity management applications. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
KernelSnitch: Leaking Kernel Heap Pointers by Exploiting Software-Induced Side-Channel Leakage of Kernel Hash Tables | In this talk, we present a generic software-induced side-channel attack, KernelSnitch, on the operating system. With this new side-channel attack we opened up a novel attack surface in operating systems that are both, potent and difficult to patch. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | The ByzRP Solution: A Global Operational Shield for RPKI Validators | The Border Gateway Protocol (BGP) is the core routing protocol on the Internet, but it lacks security mechanisms. At the same time, the democratization of access has transformed the Internet into the default platform, where global services and communications happen. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
The Problems of Embedded Python in Excel, or How to Excel in Pwning Pandas | In Windows build 2407, Microsoft released Python support inside Excel as embedded =PY() functions. According to the Microsoft website: "Python in Excel brings the power of Python analytics into Excel. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | AI-Powered Image-Based Command and Control (C2) Framework: Utilizing AI Models to Conceal and Extract Commands in C2 Images | Generative AI concentrates on generating novel and unique content in various forms, including text, image, and video. Many researchers focus on utilizing GenAI models to improve our lives or identifying vulnerabilities in GenAI models. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors | Email attachments have become a favored delivery vector for malware campaigns. In response, email attachment detectors are widely deployed to safeguard email security. However, an emerging threat arises when adversaries exploit parsing discrepancies between email detectors and clients to evade detection. Currently, uncovering these vulnerabilities still depends on manual, ad hoc methods. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | State Manipulation: Unveiling New Attack Vectors in Bluetooth Vulnerability Discovery through Protocol State Machine Reconfiguration | The Bluetooth protocol has become ubiquitous, supporting a wide range of devices from personal gadgets like headphones and smartphones to complex systems in automotive and IoT environments. While Bluetooth's flexibility and performance have been thoroughly validated, an overlooked attack surface exists within the protocol's underlying state machines. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Sweeping the Blockchain: Unmasking Illicit Accounts in Web3 Scams | The web3 applications have recently been growing, especially on the Ethereum platform, starting to become the target of scammers. The web3 scams, imitating the services provided by legitimate platforms, mimic regular activity to deceive users. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet | Today's vehicles are evolving rapidly, with a rising number of electric models and an expanding array of digital technologies, such as onboard Wi-Fi, Bluetooth, and USB connectivity. These advancements are making cars increasingly connected and technologically complex. However, most vehicles still have largely proprietary internal systems, which, coupled with the critical importance of automotive safety, makes them a significant area of focus for security research. |
BLACK HAT 2025 ASIE |
|
|
21.4.25 |
Weaponized Deception: Lessons from Indonesia's Muslim Cyber Army | A defunct Indonesian cyber deception collective of attackers known as Muslim Cyber Army (MCA) modeled one of the first known examples of weaponizing deception and disinformation to disrupt Indonesian politics more than a decade ago, well before the notorious Russian attempts to undermine American electoral politics in 2016. |
BLACK HAT 2025 ASIE |
|
| 21.4.25 | Operation BlackEcho | Voice Phishing using Fake Financial and Vaccine Apps | OPERATION | OPERATION |
|
21.4.25 |
WINELOADER | European diplomats targeted by APT29 (Cozy Bear) with WINELOADER | MALWARE | Loader |
|
20.4.25 |
KB5059091 | 16. dubna 2025 – KB5059091 (build operačního systému 17763.7249) mimo pásmo | KB DATABAZE | KB DATABAZE |
|
20.4.25 |
KB5059092 | 16. dubna 2025 – KB5059092 (build operačního systému 20348.3566) mimo pásmo | KB DATABAZE | KB DATABAZE |
|
20.4.25 |
KB5059087 | 16. dubna 2025 – KB5059087 (build operačního systému 26100.3781) Mimo pásmo | KB DATABAZE | KB DATABAZE |
|
20.4.25 |
KB5058922 | 11. dubna 2025 – KB5058920 (build operačního systému 20348.3561) Mimo pásmo | KB DATABAZE | KB DATABAZE |
|
20.4.25 |
KB5058921 | 11. dubna 2025 – KB5058921 (build operačního systému 14393.7973) Mimo pásmo | KB DATABAZE | KB DATABAZE |
|
20.4.25 |
KB5058920 | 11. dubna 2025 – KB5058922 (build operačního systému 17763.7240) Mimo pásmo | KB DATABAZE | KB DATABAZE |
|
20.4.25 |
KB5058920 | 11. dubna 2025 – KB5058920 (build operačního systému 20348.3561) Mimo pásmo | KB DATABAZE | KB DATABAZE |
|
20.4.25 |
KB5058919 | 11. dubna 2025 – KB5058919 (buildy operačního systému 22621.5192 a 22631.5192) Mimo pásmo | KB DATABAZE | KB DATABAZE |
|
20.4.25 |
KB5057589: Aktualizace prostředí Windows Recovery Environment pro Windows 10 verze 21H2 a 22H2: 8. dubna 2025 |
KB DATABAZE | KB DATABAZE | |
|
20.4.25 |
KB5057588: Aktualizace prostředí Windows Recovery Environment pro Windows Server 2022: 8. dubna 2025 |
KB DATABAZE | KB DATABAZE | |
| 19.4.25 | Earth Estries | Earth Estries is a Chinese Advanced Persistent Threat (APT) group that has gained prominence for its sophisticated cyber espionage activities targeting critical infrastructure and government entities globally. | APT | PROFILE |
| 19.4.25 | Smishing Triad | Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit | CAMPAIGN | SPAM |
| 19.4.25 | CVE-2025-2492 | An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. |
VULNEREBILITY |
|
| 18.4.25 | MysterySnail RAT | IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia | MALWARE | RAT |
| 18.4.25 | PteroLNK malware | PteroLNK is a new Pterodo malware variant recently distributed in the wild and attributed to the Shuckworm APT (aka Gamaredon). The malware comes in form of an obfuscated VBScript with a downloader and a LNK dropper components. | VIRUS | |
| 18.4.25 | A recent campaign attributed to the Fritillary APT group | A new malicious campaign targeting diplomatic entities in Europe has been attributed to the cyberespionage group called Fritillary (aka Midnight Blizzard, APT29). According to a recent research by Checkpoint, the attackers have been leveraging a new custom malware loader dubbed GrapeLoader as well as an updated variant of the WineLoader backdoor. | APT | |
| 18.4.25 | New fileless malware campaign drops XWorm & Rhadamanthys | A new malware campaign has been observed using JScript and obfuscated PowerShell commands to deploy highly evasive malware variants such as XWorm and Rhadamanthys. The campaign targets Windows systems employing scheduled tasks or deceptive ClickFix CAPTCHA screens to trick users into executing malicious payloads. | VIRUS | |
| 18.4.25 | DragonForce Ransomware's Campaign Intensifies in 2025 | In 2024, DragonForce ransomware actors were highly active, claiming around 93 victims on their leak website, with likely more that were not disclosed. We're still in early 2025, and the group has already "allegedly" claimed over 40 organizations as potential victims across multiple countries and sectors. | RANSOM | |
| 18.4.25 | Multi-stage attacks delivering Agent Tesla variants | Malspam email campaigns are the rule rather than the exception these days. Delivering multi-stage attacks through malicious attachments is the norm. Researchers at Palo Alto Networks have published a report sharing details about such campaigns using variants of Agent Tesla as the final payload. | VIRUS | |
| 18.4.25 | Malicious VSCode extensions infecing users with cryptominer | A set of VSCode extensions posing as legitimate development tools has been observed infecting users with the XMRig cryptominer for Monero in a new cryptojacking campaign. | CRYPTOCURRENCY | |
| 18.4.25 | DOGE BIG BALLS Ransomware | A new ransomware campaign has been reported exploiting the name of a prominent figure within the Department of Government Efficiency (DOGE) to trick victims. The attack delivers a modified variant of Fog ransomware dubbed "DOGE BIG BALLS Ransomware." | RANSOM | |
| 18.4.25 | Linux based BPFDoor observed in Asia and Middle East | BPFDoor is a Linux based backdoor that has been observed in attacks against various industries in Asia and the Middle East. Named for its use of Berkeley Packet Filtering, the malware implements a filter that activates functionality based on specific sequences found during network packet inspection. | VIRUS | |
| 18.4.25 | CVE-2025-30208 - Vite Arbitrary File Read vulnerability | CVE-2025-30208 is a recently disclosed Arbitrary File Read vulnerability affecting Vite, which is a frontend build and development tool for web applications. | VULNEREBILITY | |
| 18.4.25 | PAKLOG, CorKLOG, and SplatCloak | P2 | Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 | MALWARE | APT |
| 18.4.25 | ToneShell and StarProxy | P1 | Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 | MALWARE | APT |
| 18.4.25 | XorDDoS controller | Unmasking the new XorDDoS controller and infrastructure | MALWARE | DDoS |
| 18.4.25 | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability |
VULNEREBILITY |
|
| 17.4.25 | Sponsored Actors Try ClickFix | Around the World in 90 Days: State-Sponsored Actors Try ClickFix | CAMPAIGN | CAMPAIGN |
| 17.4.25 | CVE-2025-32433 | Unauthenticated Remote Code Execution in Erlang/OTP SSH |
VULNEREBILITY |
|
| 17.4.25 | CVE-2021-20035 | SonicWall SMA100 Appliances OS Command Injection Vulnerability |
VULNEREBILITY |
|
| 17.4.25 | CVE-2025-24201 | (CVSS score: 7.1) - An out-of-bounds write issue in the WebKit component that could be exploited to break out of the Web Content sandbox using maliciously crafted web content |
VULNEREBILITY |
|
| 17.4.25 | CVE-2025-24200 | (CVSS score: 4.6) - An authorization issue in the Accessibility component that could enable an attacker to disable USB Restricted Mode on a locked device as part of a cyber-physical attack |
VULNEREBILITY |
|
| 17.4.25 | CVE-2025-24085 | (CVSS score: 7.8) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges |
VULNEREBILITY |
|
| 17.4.25 | CVE-2025-31201 | (CVSS score: 6.8) - A vulnerability in the RPAC component that could be used by an attacker with arbitrary read and write capability to bypass Pointer Authentication |
VULNEREBILITY |
|
| 17.4.25 | CVE-2025-31200 | (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio stream in a maliciously crafted media file |
VULNEREBILITY |
|
| 17.4.25 | New Vulnerabilities for schtasks.exe | Task Scheduler– New Vulnerabilities for schtasks.exe |
VULNEREBILITY |
|
| 16.4.25 | Android.Clipper | Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft? | MALWARE | Android |
| 16.4.25 | Multi-Stage Phishing Attack Exploits Gamma | Attackers exploit Gamma in a multi-stage phishing attack using Cloudflare Turnstile and AiTM tactics to evade detection and steal Microsoft credentials. | ATTACK | AI |
| 16.4.25 | BPFDoor | BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets | MALWARE | Backdoor |
| 16.4.25 | SNOWLIGHT | According to sysdig, SNOWLIGHT is used as a dropper for its fileless payload (vshell). | MALWARE | Linux |
| 16.4.25 | UNC5174 | UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell | GROUP | GROUP |
| 16.4.25 | CVE-2025-24859 | A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. |
VULNEREBILITY |
|
| 15.4.25 | SpyNote Campaign Masquerades as a MissAV mobile app | Porn remains one of the most effective social engineering vectors due to high curiosity-driven engagement, the stigma that discourages victims from reporting, and the ease with which it can be weaponized through mobile-based attacks such as fake APKs. | CAMPAIGN | |
| 15.4.25 | Turkish Employment Agency Impersonated in a Snake Keylogger campaign | Symantec has recently observed a Snake Keylogger campaign targeting organizations in Turkey, including those in the Aerospace & Defense and Financial Services sectors. | CAMPAIGN | |
| 15.4.25 | ZeroTrace Stealer | ZeroTrace Stealer is a new infostealing malware that recently emerged on the threat landscape. The malware builder has been distributed via various underground forums and file-sharing platforms while advertised as being created for educational and research purposes ony. | VIRUS | |
| 15.4.25 | Pulsar RAT malware | Pulsar is a new remote access trojan (RAT) variant recently identified in the wild. This C#-based malware is based on the Quasar RAT strain and has miscellaneous functionality including keylogging, cryptocurrency wallet clipping, infostealing, file management, remote shell and command execution, among others. | VIRUS | |
| 15.4.25 | PelDox Ransomware | Unlike typical ransomware, PelDox does not inform victims about the encryption of their files or demand payment for decryption. After encrypting the files and appending the ".lczx" extension, the ransomware displays a full-screen message. | RANSOM | |
| 15.4.25 | HijackLoader new modular enhancements for stealth and evasion | HijackLoader (also known as GHOSTPULSE or IDAT Loader) is a malware loader capable of delivering second-stage payloads and offers a variety of modules mainly used for configuration information, evasion of security software, and injection/execution of code. | ||
| 15.4.25 | Slow Pisces | Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware | GROUP | GROUP |
| 15.4.25 | Precision-Validated Phishing | The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders | PHISHING | PHISHING |
| 15.4.25 | Double-Edged Email Attack | Pick your Poison - A Double-Edged Email Attack | HACKING | SPAM |
| 15.4.25 | CVE-2025-30406 | Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. |
VULNEREBILITY |
|
| 15.4.25 | ResolverRAT | New Malware Variant Identified: ResolverRAT Enters the Maze | MALWARE | RAT |
| 15.4.25 | CurlBack RAT | Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks | MALWARE | RAT |
| 13.4.25 | Tycoon2FA | Tycoon2FA New Evasion Technique for 2025 | PHISHING | Kit |
| 13.4.25 |
We Have a Package for You! A Comprehensive Analysis of
Package Hallucinations by Code Generating LL |
The reliance of popular programming languages such as Python and JavaScript on centralized package repositories and open-source software, combined with the emergence of code-generating Large Language Models (LLMs), has created a new type of threat to the software supply chain: package hallucinations. T | PAPERS | AI |
| 12.4.25 | NanoCrypt Ransomware | NanoCrypt is another "run-of-the-mill" ransomware variant discovered in the wild. The malware encrypts user data and appends .ncrypt to the name of locked files. The ransom note dropped in the form of a text file called README.txt indicates that this malware has been created "for fun" and not intended for any harmful activity. | RANSOM | |
| 12.4.25 | Chaos Ransomware Variant Targets IT Staff via Fake Security Tool | Chaos ransomware variants continue to emerge, mostly used by actors targeting individual machines through drive-by-download social engineering. These attacks typically demand a smaller ransom compared to double-extortion ransomware actors who target larger organizations through more complex attack chains. | RANSOM | |
| 12.4.25 | New Amethyst Stealer variant distributed by Sapphire Werewolf group | Distribution of a new and updated Amethyst Stealer variant has been observed in the wild. The campaign is attributed to the threat actor known as Sapphire Werewolf. | VIRUS | |
| 12.4.25 | CVE-2025-31161 - CrushFTP authentication bypass vulnerability exploited in the wild | CVE-2025-31161 is a recently disclosed critical (CVSS score 9.8) authentication bypass vulnerability affecting CrushFTP file transfer solution. If successfully exploited, the flaw could grant unauthenticated attackers admin level access to the underlying server via crafted HTTP requests. | VULNEREBILITY | |
| 12.4.25 | Neptune RAT | Neptune RAT is a highly modular, multi-functional remote access Trojan. The malware contains numerous DLL plugins which provide functionality. Available features include, but are not limited to, the following: | VIRUS | |
| 12.4.25 | Salary Adjustment PDF Lure Redirects to AWS-Hosted Outlook Credential Phish | Symantec has observed a new phishing campaign in which threat actors are leveraging PDFs to redirect users to a phishing page hosted on AWS S3. | PHISHING | |
| 12.4.25 | CVE-2025-1094 - PostgreSQL SQL injection vulnerability | CVE-2025-1094 is a recently disclosed high severity (CVSS score 8.1) SQL injection vulnerability affecting PostgreSQL, which is an open-source relational database management system (RDBMS). If successfully exploited, the flaw might lead up to a remote code execution due to improperly sanitized SQL inputs. | ALERTS | VULNEREBILITY |
| 12.4.25 | CVE-2025-30401 | A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. |
VULNEREBILITY |
|
| 12.4.25 | TsarBot | TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications | MALWARE | Bot |
| 12.4.25 | CVE-2024-21762 | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests |
VULNEREBILITY |
|
| 12.4.25 | CVE-2023-27997 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. |
VULNEREBILITY |
|
| 12.4.25 | CVE-2022-42475 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. |
VULNEREBILITY |
|
| 11.4.25 | Core Werewolf | Core Werewolf hones its arsenal against Russia’s government organizations | GROUP | GROUP |
| 11.4.25 | Venture Wolf | Venture Wolf attempts to disrupt Russian businesses with MetaStealer | GROUP | GROUP |
| 11.4.25 | NOVA | Attackers use a fork of a popular stealer to target Russian companies | GROUP | GROUP |
| 11.4.25 | Bloody Wolf | Bloody Wolf evolution: new targets, new tools | GROUP | GROUP |
| 11.4.25 | Sapphire Werewolf | Sapphire Werewolf refines Amethyst stealer to attack energy companies | GROUP | GROUP |
| 11.4.25 | ZDI-25-246 | MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-245 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-244 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-243 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-242 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-241 | Trend Micro Deep Security Agent Link Following Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-240 | Trend Micro Deep Security Anti-Malware Solution Platform Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-239 | Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-238 | Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-237 | Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-236 | Trend Micro Apex Central modTMSM Server-Side Request Forgery Information Disclosure Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-235 | Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-234 | Microsoft Windows dxkrnl Untrusted Pointer Dereference Local Privilege Escalation Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-233 | Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-232 | Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-231 | Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-230 | (Pwn2Own) Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability | ZERO-DAY | ZERO-DAY |
| 11.4.25 | ZDI-25-229 | (Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability | ZERO-DAY | ZERO-DAY |
| 11.4.25 | ZDI-25-228 | (Pwn2Own) Samsung Galaxy S24 Quick Share Insufficient UI Warning Arbitrary File Write Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-227 | (Pwn2Own) Samsung Galaxy S24 Gaming Hub Exposed Dangerous Method Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-226 | (Pwn2Own) Samsung Galaxy S24 Gaming Hub Improper Input Validation Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-225 | (Pwn2Own) Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-224 | (Pwn2Own) Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-223 | (Pwn2Own) Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 11.4.25 | ZDI-25-222 | (Pwn2Own) Lexmark CX331adwe concatstrings Type Confusion Information Disclosure Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-221 | (Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-220 | (Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-219 | (Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-218 | (Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-217 | (Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-216 | (Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-215 | (Pwn2Own) Synology DiskStation DS1823xs+ LDAP Client Improper Certificate Validation Authentication Bypass Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-214 | (Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-213 | (Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability | ZERO-DAY | ZERO-DAY |
| 11.4.25 | ZDI-25-212 | (Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-211 | (Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-210 | (Pwn2Own) Synology BeeStation BST150-4T Improper Input Validation Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-209 | (Pwn2Own) Synology BeeStation BST150-4T Cleartext Transmission of Sensitive Information Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-208 | (Pwn2Own) Synology DiskStation DS1823xs+ Replication Service Out-Of-Bounds Write Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 11.4.25 | ZDI-25-207 | (Pwn2Own) Synology BeeStation BST150-4T Command Injection Remote Code Execution Vulnerability | ZERO-DAY | ZERO-DAY |
| 11.4.25 | GOFFEE | GOFFEE continues to attack organizations in Russia | GROUP | GROUP |
| 11.4.25 | SpyNote | Newly Registered Domains Distributing SpyNote Malware | MALWARE | Android RAT |
| 11.4.25 | CVE-2025-3102 | The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. |
VULNEREBILITY |
|
| 10.4.25 | Everest Ransomware Group | Threat Actor Profile | GROUP | Ransomware |
| 10.4.25 | GammaSteel | Shuckworm Targets Foreign Military Mission Based in Ukraine | MALWARE | PowerShell |
| 10.4.25 | CVE-2024-0132 | NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. |
VULNEREBILITY |
|
| 10.4.25 | AkiraBot | AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale | BOTNET | AI |
| 9.4.25 | GiftedCrook infostealer deployed in UAC-0226 campaign | According to a recent security alert released by Ukraine's Computer Emergency Response Team (CERT-UA), a new wave of targeted attacks against various military and governmental entities in Ukraine has been detected. The campaign dubbed as UAC-0226 distributes phishing emails containing .xlsm attachments with malicious macros. | VIRUS | |
| 9.4.25 | CVE-2025-29927 - Next.js middleware authorization bypass vulnerability | CVE-2025-29927 is a recently disclosed vulnerability (CVSS score 9.1) affecting Next.js, which is an open-source web development javascript framework. If successfully exploited, the flaw might allow the attackers for an authorization bypass attack via specially crafted HTTP requests potentially leading to protected content exposure. | VULNEREBILITY | |
| 9.4.25 | This Vidar stealer is not your Sysinternals tool | Vidar is an information stealing malware that has been active since 2018. It is a Malware-as-a-Service offering which has been used by attackers to steal sensitive data, such as credentials stored in browsers, applications, and cloud storage services. | VIRUS | |
| 9.4.25 | EncryptHub attackers leverage MSC files for payload delivery | A recent campaign attributed to EncryptHub (Water Gamayun) group has seen the threat actors to leverage Microsoft Management Console vulnerability (tracked as CVE-2025-26633) files for malicious payload execution. | VIRUS | |
| 9.4.25 | HollowQuill campaign luring users with disguised malicious PDFs | HollowQuill campaign has been targeting academic institutions and government agencies worldwide through weaponized PDF documents. The attack employs social engineering tactics, disguising malicious PDFs as research papers, grant applications, decoy research invitations, or government communiques to entice unsuspecting users. | CAMPAIGN | |
| 9.4.25 | Springtail APT group targets South Korean government entities | The Springtail (aka Kimsuky) APT group recently engaged in campaigns targeting South Korean government entities. The campaigns leveraged government-themed messaging (one being tax related and another regarding a policy on the topic of sex offenders) to distribute malicious LNK files as malspam attachments. | APT | |
| 9.4.25 | From Phishing to LINE Scams: Rakuten Securities users at risk | Over the past few weeks, a phishing actor has been launching campaign after campaign targeting Rakuten Securities users in an attempt to steal their credentials | PHISHING | |
| 9.4.25 | ModiLoader deployed via .SCR in Taiwanese Freight Impersonation | Malware actors have been abusing Windows screensavers file format (.scr) for some time now. While they might appear harmless, they are essentially executable programs with a different file extension. | VIRUS | |
| 9.4.25 | CVE-2025-27491 | Windows Hyper-V Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-26686 | Windows TCP/IP Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-27752 | Microsoft Excel Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-27745 | Microsoft Office Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-27748 | Microsoft Office Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-27749 | Microsoft Office Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-29791 | Microsoft Excel Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-26663 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-27482 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-29809 | Windows Kerberos Security Feature Bypass Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-30406 | Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-29824 | Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability |
VULNEREBILITY |
|
| 9.4.25 | CVE-2025-29824 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
VULNEREBILITY |
|
| 9.4.25 | VibeScamming | VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side | PHISHING | AI |
| 9.4.25 | TCESB | How ToddyCat tried to hide behind AV software | MALWARE | Rootkit |
| 9.4.25 | CVE-2024-48887 | Unverified password change via set_password endpoint |
VULNEREBILITY |
|
| 9.4.25 | AWS SSM Agent's Plugin ID Validation | Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation |
VULNEREBILITY |
|
| 9.4.25 | ClipBanker | Attackers distributing a miner and the ClipBanker Trojan via SourceForge | MALWARE | Trojan |
| 8.4.25 | ZDI-25-206 | Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.4.25 | ZDI-25-205 | Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.4.25 | ZDI-25-204 | GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.4.25 | ZDI-25-203 | GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.4.25 | ZDI-25-202 | Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability |
ZERO-DAY |
|
| 8.4.25 | ZDI-25-201 | Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 8.4.25 | ZDI-25-200 | Exim Use-After-Free Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 8.4.25 | Цільова шпигунська активність UAC-0226 у відношенні осередків інновацій, державних і правоохоронних органів з використанням стілеру GIFTEDCROOK (CERT-UA#14303) | Урядовою командою реагування на комп'ютерні надзвичайні події України CERT-UA, починаючи з лютого 2025 року, відстежується цільова активність, яка здійснюється з метою шпигунства у відношенні осередків розвитку інновацій у військовій сфері, військових формувань, правоохоронних органів України та органів місцевого самоврядування, особливо тих, що розташовані вздовж східного кордону країни. | BATTLEFIELD UKRAINE | BATTLEFIELD UKRAINE |
| 8.4.25 | CVE-2025-31161 | CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." |
VULNEREBILITY |
|
| 8.4.25 | CVE-2024-53150 | (CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure |
VULNEREBILITY |
|
| 8.4.25 | CVE-2024-53197 | (CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel |
VULNEREBILITY |
|
|
6.4.25 |
PoisonSeed Campaign | PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation | CAMPAIGN | SPAM |
|
6.4.25 |
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. |
VULNEREBILITY |
||
|
6.4.25 |
Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.” |
PAPERS |
MALWARE |
|
|
6.4.25 |
(CVSS score: 7.8) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability |
VULNEREBILITY |
||
|
6.4.25 |
(CVSS score: 6.5) - Microsoft Windows File Explorer Spoofing Vulnerability |
VULNEREBILITY |
||
| 5.4.25 | GRUB2 vulnerabilities | [SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18 |
VULNEREBILITY |
|
| 5.4.25 | Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions | PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. | ALERT | ALERT |
| 4.4.25 | CVE-2024-54085 - AMI MegaRAC BMC authentication bypass vulnerability | CVE-2024-54085 is a critical (CVSS score 10.0) authentication bypass vulnerability affecting AMI MegaRAC Baseboard Management Controller (BMC) which is a remote server management platform. | ALERTS | VULNEREBILITY |
| 4.4.25 | Lockbit 4.0 ransomware | Lockbit 4.0 is the most recent iteration of the infamous ransomware attributed to the threat actor called Syrphid. The ransomware is operated based on a Ransomware-as-a-Service (RaaS) model with various affiliates carrying out the attacks and often employing different tactics, techniques, and procedures (TTPs). | RANSOM | |
| 4.4.25 | RolandSkimmer campaign | A new credit card skimming campaign dubbed RolandSkimmer has been reported by the researchers from Fortinet. The attack starts with .zip archives containing malicious .lnk files being delivered to the intended victims. | CAMPAIGN | |
| 4.4.25 | CVE-2024-4577 makes a return in recent malware campaigns | A high severity CVE (CVSS: 9.8), CVE-2024-4577, has recently been disclosed to be in use in an active malware campaign targeting companies within the APJ region. | ||
| 4.4.25 | Latest Gootloader variant spread via malvertisements | Latest Gootloader variant has been observed to abuse Google Ads platform for distribution. The malware has been leveraging malvertisements directed at users searching for various legal templates such as NDA agreements, etc. | VIRUS | |
| 4.4.25 | CrazyHunter - a new Prince ransomware variant | CrazyHunter is a new Go-based ransomware variant based on the open-source Prince encryptor malware family. The malware encrypts user data and drops ransom note in form of a text file called "Decryption Instructions.txt". This note is written in identical format as the one observed from older Prince ransomware variant deployments. | RANSOM | |
| 4.4.25 | ZDI-25-199 | Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 4.4.25 | ZDI-25-198 |
Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
ZERO-DAY |
ZERO-DAY |
| 4.4.25 | ZDI-25-197 | Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 4.4.25 | Proton66 | Bulletproof Hosting Networks and Proton66 | GROUP | GROUP |
| 4.4.25 | UAC-0219: кібершпигунство з використанням PowerShell-стілеру WRECKSTEEL (CERT-UA#14283) | Урядовою командою реагування на комп'ютерні надзвичайні події України CERT-UA вживаються системні заходи щодо накопичення та проведення аналізу даних про кіберінциденти з метою надання актуальної інформації про кіберзагрози. | BATTLEFIELD UKRAINE | BATTLEFIELD UKRAINE |
| 4.4.25 | ClickFix tactic | From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic | HACKING | CRYPTOCURRENCY |
| 4.4.25 | CVE-2025-22457 | April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457) |
VULNEREBILITY |
|
| 4.4.25 | CVE-2025-30065 | Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. |
VULNEREBILITY |
|
| 4.4.25 | RaccoonO365 Script Analysis | During our investigation into the RaccoonO365 Phishing-as-a-Service operation, we uncovered a sandbox report revealing a script embedded in an HTML page associated with a RaccoonO365 phishing link. | PHISHING | PHaaS |
| 3.4.25 | New phishing campaign targets Monex Securities users | Lately, Symantec has observed phish runs targeting users of Monex Securities (マネックス証券), one of the Japan's leading online securities company through the merger of Monex, Inc. and Nikko Beans, Inc. The company offers individual investors with different financial services. | PHISHING | |
| 3.4.25 | DarkCloud Stealer via TAR archives in Multi-Sector Spanish Campaign | A company in Spain that specializes in mountain and skiing equipment is being spoofed in an email campaign. The actors behind this attack are targeting Spanish companies and local offices of international organizations. | VIRUS | |
| 3.4.25 | CVE-2024-20439 - Cisco Smart Licensing Utility static credential vulnerability | CVE-2024-20439 is a static credential vulnerability (CVSS score 9.8) affecting Cisco Smart Licensing Utility. If successfully exploited, the flaw could allow attackers to gain administrative privileges for the application's API. | VULNEREBILITY | |
| 3.4.25 | CPU_HU cryptomining malware | A new campaign distributing cryptomining malware dubbed CPU_HU has been reported in the wild. The attackers target vulnerable or misconfigured PostgreSQL instances in efforts to deploy XMRig-C3 cryptominer binaries. Similar malware variant (also known as PG_MEM) has been distributed last year in campaigns attributed to the same threat actors. The most recent campaign implements additional detection evasion techniques including fileless payload execution. | VIRUS | |
| 3.4.25 | Salvador Stealer - a new mobile malware | Salvador Stealer is a newly discovered Android malware variant. The infostealer is spread under the disguise of legitimate mobile banking apps. The malware delivery is a multistage process that uses a separate malicious dropper .apk binary responsible for final payload execution. Salvador Stealer aims at collection and exfiltration of user confidential data including banking details and credentials. | VIRUS | |
| 3.4.25 | Recent activities deploying Konni RAT malware | Konni RAT is a well known remote access trojan (RAT) variant active on the threat landscape for several years. The malware has the functionality to exfiltrate sensitive data from compromised machines, achieve persistence on the infected endpoints and execute remote commands received from attackers. | VIRUS | |
| 3.4.25 | CVE-2024-48248 - NAKIVO Backup and Replication absolute path traversal vulnerability | CVE-2024-48248 is a recently identified absolute path traversal vulnerability (CVSS score 8.6) affecting NAKIVO Backup and Replication solution. If successfully exploited, the flaw might enable unauthenticated attackers to read arbitrary files on the target hosts leading to sensitive information exposure. | VULNEREBILITY | |
| 3.4.25 | CVE-2024-10668 | There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. |
VULNEREBILITY |
|
| 3.4.25 | Stripe API Skimming Campaign | Stripe API Skimming Campaign: Additional Victims and Insights | CAMPAIGN | Skimming |
| 3.4.25 | ImageRunner | ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run |
VULNEREBILITY |
|
| 2.4.25 | Masslogger Bank-Themed Phishing Primarily Targets Romania, With Broader European Reach | Symantec has observed a Masslogger campaign primarily targeting organizations in Romania, where attackers are impersonating a Romanian bank. In addition to Romanian entities, the campaign has also impacted organizations in several other countries across Europe and beyond. | VIRUS | |
| 2.4.25 | TsarBot Android malware | TsarBot is a new Android banking trojan reported to be targeting over 750 different banking, financial and cryptocurrency-related applications. | VIRUS | |
| 2.4.25 | ZDI-25-196 | Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 2.4.25 | ZDI-25-195 | Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | ZERO-DAY |
ZERO-DAY |
| 2.4.25 | ZDI-25-194 | Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability | ZERO-DAY |
ZERO-DAY |
| 2.4.25 | ZDI-25-193 | Apple macOS CoreText Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | ZERO-DAY |
ZERO-DAY |
| 2.4.25 | ZDI-25-192 | Apple macOS MP4 File Parsing Memory Corruption Remote Code Execution Vulnerability | ZERO-DAY |
ZERO-DAY |
| 2.4.25 | ZDI-25-191 | Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | ZERO-DAY |
ZERO-DAY |
| 2.4.25 | ZDI-25-190 |
Apple macOS MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
ZERO-DAY |
| 2.4.25 | ZDI-25-189 |
Apple macOS AudioToolbox AMR File Parsing Memory Corruption Remote Code Execution Vulnerability |
ZERO-DAY |
ZERO-DAY |
| 2.4.25 | ZDI-25-188 |
Apple macOS AudioToolboxCore WAV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
ZERO-DAY |
| 2.4.25 | CPU_HU: Fileless cryptominer | CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims | HACKING | CRYPTOCURRENCY |
| 2.4.25 | Outlaw | Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective | MALWARE | Linux |
| 2.4.25 | HijackLoader | Analyzing New HijackLoader Evasion Tactics |
Loader |
|
| 2.4.25 | Anubis Backdoor | The Savage Ladybug , also known as FIN7, has developed a new, mildly obfuscated Python-based backdoor called Anubis Backdoor . This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine. |
Backdoor |
|
| 2.4.25 | Lucid Phishing-as-a-Service | Lucid is a sophisticated Phishing-as-a-Service (PhAAS) platform operated by Chinese-speaking threat actors, targeting 169 entities across 88 countries globally. With 129 active instances and 1000+ registered domains, Lucid ranks among prominent PhAAS platforms, alongside Darcula and Lighthouse | PHISHING | Platform |
|
1.4.25 |
To achieve persistence on infected systems, Water Gamayun employs two distinct backdoors in their campaigns. In earlier campaigns with encrypthub[.]net/org, they utilized the SilentPrism backdoor, a tool designed for stealthy access and control. In their latest campaign, we identified a new backdoor, which we have named DarkWisp. |
Backdoor |
||
|
1.4.25 |
The MSC EvilTwin loader represents a novel approach (CVE-2025-26633) to malware deployment by leveraging specially crafted Microsoft Saved Console (.msc) files. The MSC EvilTwin loader creates two directories: C:\Windows \System32<space>\ and C:\Windows<space>\System32\en-US. |
Loader |
||
|
1.4.25 |
SilentPrism is a backdoor malware designed to achieve persistence, dynamically execute shell commands, and maintain unauthorized remote control of compromised systems. |
Backdoor |
||
|
1.4.25 |
On July 26, 2024, security researcher Germán Fernández tweeted about a fake WinRAR website distributing various types of malwares, including stealers, miners, hidden virtual network computing (hVNC), and ransomware, as shown. These malicious tools were hosted on a GitHub repository named "encrypthub," managed by a user called "sap3r-encrypthub" |
Stealer |
||
|
1.4.25 |
SnakeKeylogger is an info-stealer malware that harvests credentials and other sensitive data. It targets a wide range of applications such as web browsers like Google Chrome, Mozilla Firefox, and email clients such as Microsoft Outlook and Thunderbird. |
|||
|
1.4.25 |
Crocodilus is a new mobile banking trojan variant identified recently on the threat landscape. The malware has extensive remote control and infostealing functionalities, allowing the attackers for application overlay attacks, remote access to the compromised devices, theft of credentials/data stored on the mobile device, keylogging and execution of commands received from C2 servers, among others. |
|||
|
1.4.25 |
CoffeeLoader is a new sophisticated malware loader designed to implement secondary payloads while evading detection. This loader leverages a packer that executes code on a system’s GPU. CoffeeLoader can establish persistence via the Windows Task Schedule and can maintain persistence via a scheduled task with a hard-coded name. |
|||
|
1.4.25 |
MassLogger Targets Businesses Worldwide via Procurement-themed Phishing |
MassLogger, an information-stealing malware designed to capture credentials, keystrokes, and clipboard data from victims, has been gaining prevalence in the threat landscape, with campaigns of various sizes and victimology observed worldwide. |
||
|
1.4.25 |
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques |
CyberSpionage |
||
|
1.4.25 |
(CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges |
VULNEREBILITY |
||
|
1.4.25 |
(CVSS score: 4.6) - An authorization issue in the Accessibility component that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack |
VULNEREBILITY |
||
|
1.4.25 |
(CVSS score: 8.8) - An out-of-bounds write issue in the WebKit component that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox |
VULNEREBILITY |