HOT NEWS 2025 January(141) February(191) March(268) April(349) May(260) June(502) July(272) August(180) September(202) October(252) November(187) December(0) THREATS YEARS
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 31.8.25 | Threat Intelligence Report: August 2025 | Threat Intelligence Report: August 2025 ANTROPIC | REPORT | REPORT |
| 31.8.25 | Design Patterns for Securing LLM Agents against Prompt Injections | Large Language Models (LLMs) are becoming integral components of complex software systems, where they serve as intelligent agents that can interpret natural language instructions, make plans, and execute actions through external tools and APIs | PAPERS | PAPERS |
| 31.8.25 | Design Patterns for Securing LLM Agents against Prompt Injections | Large Language Models (LLMs) are becoming integral components of complex software systems, where they serve as intelligent agents that can interpret natural language instructions, make plans, and execute actions through external tools and APIs | ATTACK | AI |
| 31.8.25 | Xworm RAT delivered through ScreenConnect disguised as a Fake Video file | A recent campaign has been observed using AI-themed lures to trick victims into downloading a digitally signed ScreenConnect installer disguised as a video file. Once executed, the installer secretly establishes a hidden remote session and initiates a multi-stage infection chain. | VIRUS | |
| 31.8.25 | SpyNote Android RAT spreads through fake Play Store sites. | A new campaign is distributing the SpyNote Android RAT through deceptive websites mimicking Google Play Store pages, tricking users into installing dropper APKs. | ALERTS | VIRUS |
| 31.8.25 | Silver Fox Abuses Legit Drivers to Deploy RAT | Researchers at Check Point observed a Silver Fox campaign where they exploited a Microsoft-signed vulnerable driver (amsdk.sys) in an attempt to silently disable EDR and antivirus protections on Windows 10 and 11. | VIRUS | |
| 31.8.25 | TASPEN Impersonation Malware Exploits Indonesian Pensioners | A sophisticated mobile malware campaign, potentially linked to Chinese actors, is actively targeting Indonesian pensioners and civil servants by impersonating PT Dana Tabungan dan Asuransi Pegawai Negeri (TASPEN), a state-owned pension fund. | EXPLOIT | |
| 31.8.25 | ShadowSilk: A Mixed-Language APT Targeting Government in Asia | A recently published report details the ShadowSilk threat actor group, a mixed-language (Chinese and Russian) actor primarily focused on data exfiltration from government targets. | ALERTS | APT |
| 31.8.25 | SmartApeSG uses fake CAPTCHAs to deploy NetSupport RAT and StealC v2 | A multi-stage attack chain linked to SmartApeSG is exploiting compromised websites by injecting fake CAPTCHA pages that trick users into executing hidden commands through a ClickFix-style script. | VIRUS | |
| 31.8.25 | Hook v3 evolves into banking, spyware and ransomware extortion | A new variant of the Hook Android banking trojan has emerged, evolving beyond credential theft to include ransomware-style extortion via full-screen cryptocurrency payment overlays. | VIRUS | |
| 31.8.25 | Cephalus Ransomware | In mid‑August 2025, researchers observed two ransomware incidents involving a new variant dubbed “Cephalus.” According to their findings, the attackers gained entry via RDP using accounts without MFA and appeared to exfiltrate data via MEGA before deploying the payload. | RANSOM | |
| 31.8.25 | "PlugX" Backdoor Powers UNC6384's Diplomatic Espionage | A sophisticated cyber-espionage campaign, attributed to the PRC-nexus threat actor UNC6384, is actively targeting diplomats in Southeast Asia and other global entities. | ALERTS | VIRUS |
| 31.8.25 | ZipLine: Building Trust, Exploiting Trust – A New Attack Vector | The sophisticated social engineering campaign, "ZipLine," targets US companies across diverse sectors like manufacturing, semiconductors, and biotech, seeking valuable data, vendor networks, or exploitable infrastructure. Unlike traditional phishing, ZipLine initiates contact via a company's public "Contact Us" form, generating initial legitimacy. | EXPLOIT | |
| 31.8.25 | Datebug threat group uses custom malware to target Linux BOSS systems | The Datebug threat group (aka APT36, Transparent Tribe) is a Pakistan-based group known to target various industries (government. media, military) primarily situated in India. In recent activity, the group was observed targeting the Linux BOSS operating system with custom malware, notably those systems associated with the Indian government. | VIRUS | |
| 31.8.25 | Biotech and Semiconductor Firms Impersonated to Spread Snake Keylogger | Symantec has identified an actor running two coordinated malspam campaigns that impersonated well-known companies to distribute Snake Keylogger, a prevalent information-stealing malware designed to harvest credentials, system details, and other sensitive data before transmitting them to attacker-controlled Telegram bots. | ALERTS | VIRUS |
| 31.8.25 | New Android Backdoor Impersonates Antivirus to Spy on Russian Business Leaders | A new sophisticated Android malware, Android.Backdoor.916.origin, has been identified, specifically targeting executives of Russian businesses. | VIRUS | |
| 31.8.25 | Anatsa - Android banking malware | Anatsa, a banking Trojan targeting Android devices, has been in circulation since 2020. A recently observed campaign saw the malware being downloaded after installation of a decoy document reader application from the Google Play Store. Some features present in the recent release include: | VIRUS | |
| 31.8.25 | Gayfemboy malware campaign | A stealthy malware strain, dubbed "Gayfemboy," has been observed exploiting a range of vulnerabilities to infiltrate systems. Most recent attacks target vulnerabilities in products from vendors such as DrayTek, TP-Link, Raisecom, and Cisco. | ALERTS | CAMPAIGN |
| 30.8.25 | Anatsa | Android Document Readers and Deception: Tracking the Latest Updates to Anatsa | MALWARE | Android |
| 30.8.25 | Android.Backdoor.916.origin | Android backdoor spies on employees of Russian businesses | MALWARE | Android |
| 30.8.25 | APT36 | APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files | APT | APT |
| 30.8.25 | COOKIE SPIDER | Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS | GROUP | GROUP |
| 30.8.25 | CVE-2025-34511 | Post-authenticated remote code execution via Sitecore PowerShell Extension | VULNEREBILITY | VULNEREBILITY |
| 30.8.25 | CVE-2025-34510 | Post-authenticated remote code execution via path traversal | VULNEREBILITY | VULNEREBILITY |
| 30.8.25 | CVE-2025-34509 | Use of hard-coded credentials | VULNEREBILITY | VULNEREBILITY |
| 30.8.25 | CVE-2025-53694 | Information Disclosure in ItemService API with a restricted anonymous user, leading to exposure of cache keys using a brute-force approach | VULNEREBILITY | VULNEREBILITY |
| 30.8.25 | CVE-2025-53691 | Remote code execution (RCE) through insecure deserialization | VULNEREBILITY | VULNEREBILITY |
| 30.8.25 | CVE-2025-53693 | HTML cache poisoning through unsafe reflections | VULNEREBILITY | VULNEREBILITY |
| 30.8.25 | CVE-2025-55177 | Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device | VULNEREBILITY | VULNEREBILITY |
| 30.8.25 | SikkahBot Malware | Executive Summary Cyble Research and Intelligence Labs (CRIL) has uncovered an ongoing Android malware tracker named “SikkahBot,” active since July 2024 and explicitly targeting students in Bangladesh. | MALWARE | Bot |
| 30.8.25 | Operation HanKook Phantom | Table of Contents: Introduction Threat Profile Infection Chain Campaign-1 Analysis of Decoy: Technical Analysis Fingerprint of ROKRAT’s Malware Campaign-2 Analysis of Decoy Technical analysis Detailed analysis of Decoded tony31.dat Conclusion Seqrite Protections MITRE Att&ck | OPERATION | OPERATION |
| 30.8.25 | INF0S3C STEALER | EXECUTIVE SUMMARY Cyfirma’s threat intelligence assessment reveals Inf0s3c Stealer, a Python-based grabber designed to collect system information and user data. The executable | MALWARE | Stealer |
| 30.8.25 | TINKYWINKEY KEYLOGGER | EXECUTIVE SUMMARY At CYFIRMA, we are dedicated to providing timely intelligence on emerging cyber threats and adversarial tactics that target both individuals and organizations. | MALWARE | Keylogger |
| 29.8.25 | APT29 | Amazon disrupts watering hole campaign by Russia’s APT29 | APT | APT |
| 29.8.25 | Xiangoop | Pirates of The Nang Hai: Follow the Artifacts No One Know | MALWARE | Loader |
| 29.8.25 | TAOTH | TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents | CAMPAIGN | Exploit |
| 29.8.25 | CVE-2025-57819 | FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data | VULNEREBILITY | VULNEREBILITY |
| 29.8.25 | TamperedChef | Truesec has observed what appears to be a large cybercrime campaign, involving multiple fraudulent websites promoted through a Google advertising campaign. | MALWARE | Stealer |
| 28.8.25 |
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System |
People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. | REPORT | REPORT |
| 28.8.25 | Storm-0501 | Storm-0501’s evolving techniques lead to cloud-based ransomware | APT | APT |
| 27.8.25 | CVE-2025-8424 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access | VULNEREBILITY | VULNEREBILITY |
| 27.8.25 | CVE-2025-7776 | Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it | VULNEREBILITY | VULNEREBILITY |
| 27.8.25 | CVE-2025-7775 | Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC | VULNEREBILITY | VULNEREBILITY |
| 27.8.25 | UNC6395 | Widespread Data Theft Targets Salesforce Instances via Salesloft Drift | GROUP | GROUP |
| 27.8.25 | TAG-144 | TAG-144’s Persistent Grip on South American Organizations | GROUP | GROUP |
| 27.8.25 |
Sni5Gect: A Practical Approach to Inject aNRchy into 5G NR |
Sni5Gect: A Practical Approach to Inject aNRchy into 5G NR |
PAPERS | PAPERS |
| 27.8.25 | Sni5Gect | A 5G Sniffer and Downlink Injector on steroids... And yes, Wireshark supported!!! Supports DCI Sniffing, MAC-NR Downlink/Uplink message sniffing and MAC-NR Downlink message injection | ATTACK | 5G |
| 27.8.25 | ZipLine | ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies | CAMPAIGN | Phishing |
| 26.8.25 | Gigabud Malware Masquerades as Grab Super-App in Southeast Asia | A recent variant of the Gigabud Android malware has been found impersonating the popular GRAB super-app—offering ride-hailing, food delivery, and digital payments—widely used across Southeast Asia. The trojanized APK, named Grab.apk, was detected in Thailand, disguised as the legitimate application. | VIRUS | |
| 26.8.25 | Sinobi Ransomware | The Sinobi ransomware ransom note uses standard double-extortion techniques. It mixes intimidation (stolen documents, 7-day deadline, threats of leaks) with persuasion (test decryption and stolen file list). | RANSOM | |
| 26.8.25 | Global Industries and Government Agencies Targeted in Remcos Campaign | A recently observed malspam campaign is leveraging impersonation of a global supplier in the valves and actuators industry to deliver Remcos RAT. The lure comes in the form of emails with the subject line “Price quote” or “Quotation” and a malicious archive (Quote_pdf.z) as attachment. | ALERTS | CAMPAIGN |
| 26.8.25 | APT36 is evolving with new delivery techniques | A new campaign by APT36(aka Transparent Tribe) has been reported, leveraging phishing emails containing ZIP archives with malicious .desktop files disguised as PDFs to target users. | APT | |
| 26.8.25 | Phishing campaign targeting Kazakhstan’s Public Sector | A phishing campaign in Kazakhstan has been discovered that is targeting public sector clients by mimicking official government login portals and using Telegram’s Bot API as a covert channel to exfiltrate stolen credentials. | CAMPAIGN | |
| 26.8.25 | FamiPay users targeted by new phishing campaign | Recently, Symantec has observed phish runs targeting users of FamiPay, a Japanese digital wallet and mobile payment service offered by FamilyMart. | ALERTS | CAMPAIGN |
| 26.8.25 | Fake IBM Trusteer Mobile App Used in SpyNote Campaign | During ongoing monitoring of mobile threats, Symantec identified a malicious Android application masquerading as an IBM security product. The app, distributed under the name IBMTMOBILE.apk, was hosted on a domain designed to typosquat IBM Trusteer. | CAMPAIGN | |
| 26.8.25 | TA-NATALSTATUS cryptojacking campaigns | TA-NATALSTATUS is a threat actor engaged in conduct of cryptojacking operations around the world. The attackers are targeting vulnerable Redis server instances for the purpose of cryptominer malware deployments. | CRYPTOCURRENCY | |
| 26.8.25 | Warlock Ransomware Leverages SharePoint ToolShell vulnerability (CVE-2025-53770) for Widespread Attacks | Warlock ransomware threat actors have been aggressively targeting organizations globally by exploiting a critical vulnerability (CVE-2025-53770) in Microsoft SharePoint, known as the ToolShell exploit chain. | RANSOM | |
| 26.8.25 | BQTLOCK Ransomware | BQTLOCK is a new ransomware variant offered for sale in the form of a Ransomware-as-a-Service (Raas) model. The malware has the functionality to encrypt user data and append .bqtlock extension to the locked files. | RANSOM | |
| 26.8.25 | SHAMOS macOS malware | SHAMOS is a new variant of AMOS (aka Atomic macOS Stealer) malware targeting the macOS platform. The malware is sold by the threat group known as Cookie Spider in form of a MaaS (Malware-as-a-Service) offering. | VIRUS | |
| 26.8.25 | QuirkyLoader: A stealthy new malware loader | A newly identified malware loader dubbed QuirkyLoader has emerged as a sophisticated cyber threat, actively distributing a range of infostealers and RATs including Agent Tesla, AsyncRAT, FormBook, MassLogger, Remcos and others. | ALERTS | VIRUS |
| 26.8.25 | Fake Electricity subsidy App phishing campaign | An Android phishing campaign impersonating an Indian government electricity subsidy scheme has been discovered. Victims are lured through YouTube and a GitHub-hosted phishing site mimicking an official subsidy portal. | PHISHING | |
| 26.8.25 | VIP Keylogger Spreads via Multi-Org Impersonation Campaign | Symantec has recently observed a series of malicious email campaigns delivering VIP Keylogger, in which attackers impersonated multiple legitimate organizations across industries such as logistics, engineering, and manufacturing—leveraging run-of-the-mill purchase orders, quotations, shipment notices, and sales contracts for social engineering. | CAMPAIGN | |
| 26.8.25 | Turkish Bank-themed Malspam spreads Snake Keylogger Across Sectors | Symantec has identified a recent malspam campaign distributing Snake Keylogger under the guise of a major financial institution in Turkey. | ALERTS | VIRUS |
| 26.8.25 | Deployment of the RealBlindingEDR tool among the recent activities of the Crypto24 threat group | Threat actor known as Crypto24 has been observed to recently conduct multi-stage attacks against high-profile organizations from various sectors. | GROUP | |
| 26.8.25 | CVE-2024-36401 in OSGeo GeoServer GeoTools exploited in a recent resource monetization campaign | According to latest report from Palo Alto Networks, a new campaign leveraging exploits of a remote code execution (RCE) vulnerability CVE-2024-36401 has been spotted in the wild. | VULNEREBILITY | |
| 26.8.25 | SoupDealer Loader malware | SoupDealer is a new loader malware variant observed recently in the wild and targeting users from Turkey. The malware is Java-based and distributed via malicious .jar attachments in malspam campaigns. | VIRUS | |
| 26.8.25 | ConfuserEx Obfuscation Spotted in Latest DarkCloud Stealer Campaign | A recent threat report from Unit 42 (Palo Alto Networks) highlights an evolved infection chain delivering the DarkCloud Stealer, now using ConfuserEx for obfuscation and a final payload written in Visual Basic 6. | ALERTS | CAMPAIGN |
| 26.8.25 | CORNFLAKE.V3 in “ClickFix” campaign | Researchers have uncovered a new campaign where the CORNFLAKE.V3 backdoor is being used, spread through fake CAPTCHA “ClickFix” pages run by the threat group UNC5518. | CAMPAIGN | |
| 26.8.25 | UNC1151 leverages macro-enabled Spreadsheets and Cloud C2 in latest campaign | The UNC1151 APT group has been observed conducting a malware campaign targeting Ukraine and Poland through malicious archive files containing decoy spreadsheets with embedded obfuscated macros. | APT | |
| 26.8.25 | MountBot Botnet | Researchers recently reported MountBot, a new IoT botnet first observed in April exploiting ASUS AiCloud vulnerabilities and operating on the same infrastructure as RapperBot. | ALERTS | BOTNET |
| 26.8.25 | ShadowCaptcha | Israel National Digital Agency Uncovers Global Cyberattack Campaign “ShadowCaptcha” | CAMPAIGN | CAMPAIGN |
| 26.8.25 | PRC-Nexus Espionage Campaign | Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats | CAMPAIGN | CAMPAIGN |
| 26.8.25 | Hook Version 3 | Hook Version 3: The Banking Trojan with The Most Advanced Capabilities | MALWARE | Banking |
| 26.8.25 | CVE-2025-48384 | Git Link Following Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 26.8.25 | CVE-2024-8068 | Citrix Session Recording Improper Privilege Management Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 26.8.25 | CVE-2024-8069 | Citrix Session Recording Deserialization of Untrusted Data Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 26.8.25 | CVE-2025-9074 | A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. | VULNEREBILITY | VULNEREBILITY |
| 26.8.25 | UpCrypter | Phishing Campaign Targeting Companies via UpCrypter | MALWARE | Crypter |
| 24.8.25 | DOM-based Extension Clickjacking | DOM-based Extension Clickjacking: Your Password Manager Data at Risk | HACKING | CRYPTOCURRENCY |
| 24.8.25 | XenoRAT | XenoRAT malware campaign hits multiple embassies in South Korea | MALWARE | RAT |
| 24.8.25 | CVE-2025-52970 | A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request. | VULNEREBILITY | VULNEREBILITY |
| 23.8.25 | Chihuahua Stealer | Chihuahua Stealer: Disguising Data Theft in Plain Lyrics | MALWARE | Stealer |
| 22.8.25 | VShell | The Silent, Fileless Threat of VShell | MALWARE | Linux |
| 22.8.25 | MURKY PANDA | MURKY PANDA: A Trusted-Relationship Threat in the Cloud | GROUP | GROUP |
| 22.8.25 | CVE-2025-57788 | (CVSS score: 6.9) - A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials | VULNEREBILITY | VULNEREBILITY |
| 22.8.25 | CVE-2025-57789 | (CVSS score: 5.3) - A vulnerability during the setup phase between installation and the first administrator login that allows remote attackers to exploit the default credentials to gain admin control | VULNEREBILITY | VULNEREBILITY |
| 22.8.25 | CVE-2025-57790 | (CVSS score: 8.7) - A path traversal vulnerability that allows remote attackers to perform unauthorized file system access through a path traversal issue, resulting in remote code execution | VULNEREBILITY | VULNEREBILITY |
| 22.8.25 | CVE-2025-57791 | (CVSS score: 6.9) - A vulnerability that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation, resulting in a valid user session for a low-privilege role | VULNEREBILITY | VULNEREBILITY |
| 22.8.25 | CORNFLAKE.V3 | A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor | MALWARE | Backdoor |
| 21.8.25 | QuirkyLoader | A new malware loader delivering infostealers and RATs | MALWARE | RAT |
| 21.8.25 | Scattered Spider | Scattered Spider: A Threat Profile | HACKING | THREATS |
| 21.8.25 | CVE-2025-43300 | About the security content of iOS 18.6.2 and iPadOS 18.6.2 | VULNEREBILITY | VULNEREBILITY |
| 21.8.25 | DOM-based Extension Clickjacking | DOM-based Extension Clickjacking: Your Password Manager Data at Risk | HACKING | CRYPTOCURRENCY |
| 21.8.25 | CVE-2018-0171 | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device | VULNEREBILITY | VULNEREBILITY |
| 21.8.25 | SYNful Knock | SYNful Knock: Detecting and Mitigating Cisco IOS Software Attacks | ATTACK | DDoS |
| 20.8.25 | Fake Flash updates deliver Winos Trojan | A new Silver Fox campaign masquerading as a Flash plugin update has been observed. Users are lured through fake online tools, such as counterfeit translation sites, where they are prompted to install a fraudulent Flash update. | VIRUS | |
| 20.8.25 | EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery | A recent campaign attributed to threat group EncryptHub (aka LARVA-208 and Water Gamayun), blends social engineering with the exploitation of the Microsoft Management Console (MMC) vulnerability tracked as CVE-2025-26633, dubbed MSC EvilTwin. | EXPLOIT | |
| 20.8.25 | Cracked Games lead to Lumma Stealer and SectopRAT infections | A multi-stage malware campaign has been uncovered where users searching for cracked games are tricked into downloading installers that first deploy Lumma Stealer and then install SectopRAT. | ALERTS | VIRUS |
| 20.8.25 | Modular PipeMagic backdoor masquerades as a ChatGPT application | Recent activity by a financially motivated threat actor group involved deployment of the modular PipeMagic malware under the guise of a ChatGPT desktop application. | VIRUS | |
| 20.8.25 | Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) | Three vulnerabilities affecting Adobe Experience Manager (AEM) software solutions have been recently disclosed. The vulnerabilities are tracked as follows: | VULNEREBILITY | |
| 20.8.25 | njRAT masquerades as browser-based Minecraft Game | The renewed hype around Minecraft, driven by its upcoming film adaptation, is being exploited by cybercriminals who are distributing what appears to be a browser-based clone of the game but in reality conceals njRAT, a powerful remote access trojan. | ALERTS | VIRUS |
| 20.8.25 | Android malware masquerading as GiftFlipSoft | A sophisticated Android banking malware dubbed Lazarus Stealer, masquerading as the seemingly benign GiftFlipSoft app has been observed. | VIRUS | |
| 20.8.25 | NOVABLIGHT MaaS after Wallets | NOVABLIGHT is a sophisticated new Malware-as-a-Service (MaaS) information stealer leveraging Telegram and Discord for both distribution and operational support. Posing as an "educational tool," it stealthily distributes itself through social engineering lures like fake video game installers often repackaged with French-language titles. | CRYPTOCURRENCY | |
| 20.8.25 | PhantomCard mobile malware | A novel NFC-based malware, dubbed PhantomCard, has been identified in the wild and is actively targeting Android banking customers. | VIRUS | |
| 20.8.25 | Charon Ransomware | Charon represents a recently identified ransomware variant that utilizes DLL-injection techniques for the compromise of targeted endpoints. | RANSOM | |
| 20.8.25 | Phishing emails targeting U-Next users pose account takeover risk | U-Next is a Japanese video streaming platform (OTT). Recently, Symantec detected a phishing campaign targeting U-Next's users and its accounts. | PHISHING | |
| 20.8.25 | A new variant of the FireWood Linux malware found in the wild | A new variant of the Linux malware dubbed FireWood has been discovered in the wild. The malware is linked to Project Wood malware family and attributed to the Gelsemium APT group. | ALERTS | VIRUS |
| 20.8.25 | CVE-2017-11882 exploits still lead to malicious infections | CVE-2017-11882 is an older vulnerability affecting the Equation Editor component in Microsoft Office. If successfully exploited the flaw might allow attackers remote code execution on the targeted systems. | VULNEREBILITY | |
| 20.8.25 | BytesFromHeaven ransomware | A new ransomware strain, BytesFromHeaven, has surfaced in the wild. Upon execution, the malware encrypts user data, appends random extensions to locked files, and changes the desktop wallpaper to signal a successful attack. | RANSOM | |
| 20.8.25 | SmartLoader delivered via Github repositories | A new campaign leveraging Github repositories to deliver the SmartLoader malware has been reported in the wild. The repositories are disguised as projects involving automation tools, DDoS protection applications, software cracks or game hacks. | ALERTS | VIRUS |
| 20.8.25 | New malicious campaign delivering PS1Bot malware | A new malicious operation delivering PowerShell-based malware variant dubbed PS1Bot has been reported by the researchers from Cisco Talos. | VIRUS | |
| 20.8.25 | Scamlexity | "Scamlexity" - a new era of scam complexity, supercharged by Agentic AI. Familiar tricks hit harder than ever, while new AI-born attack vectors break into reality. | HACKING | AI |
| 20.8.25 | CVE-2023-46604 | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | VULNEREBILITY | VULNEREBILITY |
| 20.8.25 | DripDropper | Patching for persistence: How DripDropper Linux malware moves through the cloud | MALWARE | Linux |
| 19.8.25 | GodRAT | GodRAT – New RAT targeting financial institutions | MALWARE | RAT |
| 19.8.25 | CVE-2025-31324 | (CVSS score: 10.0) - Missing Authorization check in SAP NetWeaver's Visual Composer development server | VULNEREBILITY | VULNEREBILITY |
| 19.8.25 | CVE-2025-42999 |
SAP NetWeaver Visual
Composer Metadata Uploader is vulnerable when a privileged user can
upload untrusted or malicious content which, when deserialized, could
potentially lead to a compromise of confidentiality, integrity, and availability of the host system. |
VULNEREBILITY | VULNEREBILITY |
| 19.8.25 | Noodlophile | Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints | MALWARE | STEALER |
| 19.8.25 | Preventing Domain Resurrection Attacks |
PyPI now checks for
expired domains to prevent domain resurrection attacks, a type of supply-chain
attack where someone buys an expired domain and uses it to take over
PyPI accounts through password resets. |
ATTACK | ATTACK |
| 17.8.25 | Operation CargoTalon | UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant. | OPERATION | OPERATION |
| 17.8.25 | GPUHammer | GPUHammer: Rowhammer Attacks on GPU Memories are Practical | ATTACK | GPU |
| 17.8.25 | DarkCloud | New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer | MALWARE | STEALER |
| 17.8.25 | ERMAC V3.0 | Hunt.io Exposes and Analyzes ERMAC V3.0 Banking Trojan Full Source Code Leak | MALWARE | Android |
| 17.8.25 | EncryptHub | When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal | APT | APT |
| 17.8.25 | CVE-2025-26633 | Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. | VULNEREBILITY | VULNEREBILITY |
| 17.8.25 | UAT-7237 | UAT-7237 targets Taiwanese web hosting infrastructure | GROUP | GROUP |
| 16.8.25 | DEFCON 33 | ALL PRESENTATIONS FROM THE CONFERENCE IN THE WINZIP ARCHIVE | KONFERENCE | KONFERENCE |
| 16.8.25 | BLACKHAT 2025 USA | ALL PRESENTATIONS FROM THE CONFERENCE IN THE WINZIP ARCHIVE | KONFERENCE | KONFERENCE |
| 15.8.25 | CVE-2025-20265 | Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | PhantomCard | PhantomCard: New NFC-driven Android malware emerging in Brazil | MALWARE | Android |
| 14.8.25 | CVE-2025-8876 | N-able N-central Command Injection Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | CVE-2025-8875 | N-able N-central Insecure Deserialization Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | PS1Bot | Malvertising campaign leads to PS1Bot, a multi-stage malware framework | MALWARE | Backdoor |
| 14.8.25 | CVE-2025-49457 | Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | CVE-2025-25256 | Remote unauthenticated command injection | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | CVE-2025-53767 | (CVSS score: 10.0) - Azure OpenAI Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | CVE-2025-53766 | (CVSS score: 9.8) - GDI+ Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | CVE-2025-50165 | (CVSS score: 9.8) - Windows Graphics Component Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | CVE-2025-53792 | (CVSS score: 9.1) - Azure Portal Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | CVE-2025-53787 | (CVSS score: 8.2) - Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | CVE-2025-50177 | (CVSS score: 8.1) - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | CVE-2025-50176 | (CVSS score: 7.8) - DirectX Graphics Kernel Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | Earth Baxia | New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises | VULNEREBILITY | VULNEREBILITY |
| 14.8.25 | XZ Utils | Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images | VULNEREBILITY | VULNEREBILITY |
| 13.8.25 | Amadey | MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities | CAMPAIGN | CAMPAIGN |
| 12.8.25 | CVE-2025-6543 | Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) | VULNEREBILITY | VULNEREBILITY |
| 12.8.25 | CVE-2024-40766 | An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. | VULNEREBILITY | VULNEREBILITY |
| 12.8.25 | CVE-2025-53786 | On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. | VULNEREBILITY | VULNEREBILITY |
| 12.8.25 | 2TETRA:2BURST | Midnight Blue presents new research on the security of TETRA, including on the elusive TETRA End-to-End (E2EE) encryption mechanisms that are commonly encountered in the most sensitive of use cases. | VULNEREBILITY | VULNEREBILITY |
| 12.8.25 | CVE-2024-42009 | (CVSS score: 9.3) - A cross-site scripting (XSS) vulnerability in RoundCube Webmail that could allow a remote attacker to steal and send emails of a victim via a crafted email message by | VULNEREBILITY | VULNEREBILITY |
| 12.8.25 | CVE-2025-32433 | (CVSS score: 10.0) - A missing authentication for a critical function vulnerability in the Erlang/OTP SSH server that could allow an attacker to execute arbitrary commands without valid credentials, | VULNEREBILITY | VULNEREBILITY |
| 12.8.25 | CVE-2025-8088 | A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | CVE-2024-40766 | An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | CVE-2025-30023 | The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | CVE-2025-30024 | The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack. | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | CVE-2025-30025 | The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | CVE-2025-30026 | The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required. | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | CVE-2025-53786 | Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | “CAPTCHAgeddon” | Unmasking the Viral Evolution of the ClickFix Browser-Based Threat | HACKING | HACKING |
| 9.8.25 | CVE-2020-25078 | (CVSS score: 7.5) - An unspecified vulnerability in D-Link DCS-2530L and DCS-2670L devices that could allow for remote administrator password disclosure | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | CVE-2020-25079 | (CVSS score: 8.8) - An authenticated command injection vulnerability in the cgi-bin/ddns_enc.cgi component affecting D-Link DCS-2530L and DCS-2670L devices | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | CVE-2020-40799 | (CVSS score: 8.8) - A download of code without an integrity check vulnerability in D-Link DNR-322L that could allow an authenticated attacker to execute operating system-level commands on the device | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 |
Оновлений інструментарій UAC-0099: MATCHBOIL, MATCHWOK, DRAGSTARE |
Національною командою реагування на
кіберінциденти, кібератаки, кіберзагрози CERT-UA досліджено низку
кібератак, здійснених угрупуванням UAC-0099, у відношенні органів державної влади, Сил оборони та підприємств оборонно-промислового комплексу України. |
BATTLEFIELD UKRAINE |
BATTLEFIELD UKRAINE |
| 9.8.25 | CVE-2025-54948 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | VULNEREBILITY | VULNEREBILITY |
| 9.8.25 | CVE-2025-54987 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | VULNEREBILITY | VULNEREBILITY |
| 5.8.25 | PlayPraetor | PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT | MALWARE | RAT |
| 5.8.25 | PXA Stealer | Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem | MALWARE | STEALER |
| 5.8.25 | CVE-2025-23319 | (CVSS score: 8.1) - A vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request | VULNEREBILITY | VULNEREBILITY |
| 5.8.25 | CVE-2025-23320 | (CVSS score: 7.5) - A vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request | VULNEREBILITY | VULNEREBILITY |
| 5.8.25 | CVE-2025-23334 | (CVSS score: 5.9) - A vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request | VULNEREBILITY | VULNEREBILITY |
| 5.8.25 | CVE-2025-21479 | Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 5.8.25 | CVE-2025-21480 | Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 5.8.25 | CVE-2025-27038 | Qualcomm Multiple Chipsets Use-After-Free Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 2.8.25 | FunkSec decryptor | ANTI-RANSOM TOOLS | Anti-Ransom Tool | Anti-Ransom Tool |