2025 January(141) February(161) March(0) | BATTLEFIELD UKRAINE (25)
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
| 31.1.25 | SparkRAT - a cross-platform modular malware | ALERTS | VIRUS | SparkRAT is a Golang-based modular malware variant initially discovered back in 2022. With its cross-platform support it targets various architectures including Windows, macOS, and Linux. The malware was used in various targeted cyber espionage operations just last year. |
| 31.1.25 | Windows Locker ransomware | ALERTS | RANSOM | A new variant of the Windows Locker ransomware has been identified in the wild. The malware encrypts user data and appends .winlocker extension to the locked files. A ransom request is dropped in form of a text file "Readme.txt" with information on how to contact the threat actors and on how to pay the ransom demands. Windows Locker ransomware has the functionality to maintain persistence, disable firewall and task manager as well as to delete backups and volume shadow copies on the compromised machine. |
| 29.1.25 | Aquabot v3 - a new Mirai variant in the field | ALERTS | BOTNET | A new Mirai malware variant dubbed Aquabot v3 has been observed in the wild. The malware has been reported to exploit CVE-2024-41710 which is a command injection vulnerability affecting various Mitel devices. The malware is also able to exploit some older vulnerabilities affecting Hadoop YARN or various Linksys devices. Aquabot v3 supports a wide range of architectures including x86 and ARM. Functionality-wise the malware is predominately used for initiating DDoS attacks from the compromised devices. |
| 29.1.25 | Recent activities of the GamaCopy threat group | ALERTS | GROUP | A new malicious activity attributed to the GamaCopy threat group has been reported in the wild. The TTPs utilized by the group share certain degree of overlap with another APT called Core Werewolf and the discovered activity mimics some of the older attacks conducted by the Shuckworm (aka Gamaredon) APT. The attackers leverage self-extracting (SFX) archive files to deliver decoy .PDF documents alongside of UltraVNC remote desktop tool used for remote access to the compromised endpoints. |
| 29.1.25 | TorNet backdoor | ALERTS | VIRUS | TorNet is a new backdoor variant spread within an ongoing malicious campaign targeting prevalently Germany and Poland. The threat actors responsible have also been distributing various other malware payloads including Agent Tesla and Snake Keylogger. According to the recent Cisco Talos report, the attack chain leverages phishing emails disguised as correspondence from financial institutions and manufacturing or logistics companies. |
| 28.1.25 | New Lumma Stealer campaign using fake Captchas | ALERTS | VIRUS | A new malware campaign that leverages fake CAPTCHA verification checks to deliver Lumma Stealer has been observed. This campaign has targeted victims from around the world (Argentina, Colombia, U.S., Philippines etc.) and across various industries (such as financial institutions, healthcare, marketing and telecom organizations). |
| 28.1.25 | CVE-2024-50050 | VULNEREBILITY | VULNEREBILITY | Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead. |
| 28.1.25 | CVE-2025-22218 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 8.5) - A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs |
| 28.1.25 | CVE-2025-22219 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 6.8) - A malicious actor with non-administrative privileges may be able to inject a malicious script that may lead to arbitrary operations as admin user via a stored cross-site scripting (XSS) attack |
| 28.1.25 | CVE-2025-22220 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 4.3) - A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user |
| 28.1.25 | CVE-2025-22221 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 5.2) - A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration |
| 28.1.25 | CVE-2025-22222 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 7.7) - A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known |
| 28.1.25 | Noma Research discovers RCE vulnerability in AI | VULNEREBILITY | AI | Noma Research discovers RCE vulnerability in AI-development platform, Lightning AI |
| 28.1.25 | CVE-2024-55417 | VULNEREBILITY | VULNEREBILITY | An arbitrary file write vulnerability in the "/admin/media/upload" endpoint |
| 28.1.25 | CVE-2024-55416 | VULNEREBILITY | VULNEREBILITY | A reflected cross-site scripting (XSS) vulnerability in the "/admin/compass" endpoint |
| 28.1.25 | CVE-2024-55415 | VULNEREBILITY | VULNEREBILITY | An arbitrary file leak and deletion vulnerability |
| 28.1.25 | CVE-2024-41710 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor to execute arbitrary commands within the context of the phone. |
| 28.1.25 | Operation Phantom Circuit | OPERATION | OPERATION | North Korea’s Global Data Exfiltration Campaign |
| 28.1.25 | Uncovering New Classes of Kernel Vulnerabiliti | PAPERS | PAPERS | Uncovering New Classes of Kernel Vulnerabiliti |
| 27.1.25 | GTA VI Hype Exploited: Malware Masquerades as Early Alpha Access | ALERTS | EXPLOIT | The hype surrounding popular games often becomes a breeding ground for cybercrime, and Grand Theft Auto VI is no exception. A highly anticipated next installment in Rockstar Games' iconic open-world action-adventure series. Officially announced in December 2023, the game is set to release in late 2025 for PlayStation and Xbox. |
| 27.1.25 | Phishing Campaign Targets Workplace Anxiety: Email Credentials at Risk | ALERTS | PHISHING | A recent phishing campaign leverages workplace fears and urgency in an attempt to steal email credentials. The attack begins with an email titled "Employment Termination lists and new admin position 2025" and an attached malicious HTML file (Staff Employment Termination listsPDF.html) disguised as an important workplace document. When opened, the attachment displays a fake login page, crafted to resemble a legitimate email login portal. |
| 27.1.25 | CVE-2025-23040 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 6.6) - Maliciously crafted remote URLs could lead to credential leaks in GitHub Desktop |
| 27.1.25 | CVE-2024-50338 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 7.4) - Carriage-return character in remote URL allows the malicious repository to leak credentials in Git Credential Manager |
| 27.1.25 | CVE-2024-53263 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 8.5) - Git LFS permits retrieval of credentials via crafted HTTP URLs |
| 27.1.25 | CVE-2024-53858 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 6.5) - Recursive repository cloning in GitHub CLI can leak authentication tokens to non-GitHub submodule hosts |
| 27.1.25 | GamaCopy | GROUP | GROUP | Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia |
| 27.1.25 | MintsLoader: StealC | MALWARE | Loader | MintsLoader: StealC and BOINC Delivery |
| 25.1.25 | FLOP: Breaking the Apple M3 CPU via False Load Output Predictions | PAPERS | PAPERS | To bridge the ever-increasing gap between the fast execution speed of modern processors and the long latency of memory accesses, CPU vendors continue to introduce newer and more advanced optimizations. While these optimizations improve performance, research has repeatedly demonstrated that they may also have an adverse impact on security. |
| 25.1.25 | SLAP: Data Speculation Attacks via Load Address Prediction on Apple Silicon | PAPERS | PAPERS | Since Spectre’s initial disclosure in 2018, the difficulty of mitigating speculative execution attacks completely in hardware has led to the proliferation of several new variants and attack surfaces in the past six years. Most of the progeny build on top of the original Spectre attack’s key insight, namely that CPUs can execute the wrong control flow transiently and disclose secrets through side-channel traces when attempting to alleviate control hazards, such as conditional or indirect branches and return statements. |
| 25.1.25 | CVE-2025-22604 | VULNEREBILITY | VULNEREBILITY | Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. |
| 25.1.25 | CVE-2024-40891 | VULNEREBILITY | VULNEREBILITY | Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891) |
| 25.1.25 | CVE-2024-40890 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 8.8) - A post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request |
| 25.1.25 | CVE-2024-40891 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 8.8) - A post-authentication command injection vulnerability in the management commands component that could allow an authenticated attacker to execute OS commands on an affected device via Telnet |
| 25.1.25 | CVE-2025-0890 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.8) - The use of insecure default credentials for the Telnet function that could allow an attacker to log in to the management interface |
| 25.1.25 | UAC-0063 | GROUP | GROUP | UAC-0063: Cyber Espionage Operation Expanding from Central Asia |
| 25.1.25 | TorNet | MALWARE | Backdoor | New TorNet backdoor seen in widespread campaign |
| 25.1.25 | ESXi Ransomware Attacks | RANSOMWARE | RANSOMWARE | ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling |
| 25.1.25 | CVE-2025-24085 | VULNEREBILITY | VULNEREBILITY | A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. |
| 24.1.25 | CVE-2024-50603 - Aviatrix Controller RCE vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2024-50603 is a critical (CVSS score 10.0) remote code execution vulnerability affecting Aviatrix Controller which has been recently reported as being exploited in the wild. The flaw results due to improper neutralization of user-supplied input and if exploited might allow remote unauthenticated attackers with arbitrary code execution. Product vendor has already addressed this vulnerability in patched versions 7.1.4191 and 7.2.4996. |
| 24.1.25 | PhaaS kit Sneaky 2FA | ALERTS | PHISHING | Phishing-as-a-service (PhaaS) kit dubbed Sneaky 2FA has been observed targeting Microsoft 365 accounts by sending payment type related emails luring recipients into opening fake receipt PDFs containing a QR code that upon scanning redirects to a Sneaky 2FA phishing page. The phishing pages are hosted on a compromised infrastructure, primarily involving WordPress websites and other domains controlled by the Threat Actor. The bogus authentication page(s) are designed to automatically populate the victim's email address to elevate their appearance of legitimacy. |
| 24.1.25 | LucKY Gh0$t Ransomware | ALERTS | RANSOM | A ransomware actor operating under the name LucKY Gh0$t has been observed in the threat landscape. The ransomware they employ is a Chaos variant that appends encrypted files with a .[4 random characters] extension. This threat is being spread via drive-by downloads, disguised as a fake ChatGPT desktop version ("ChatGPT 4.0 Full Version - Premium.zip"). |
| 23.1.25 | Murdoc botnet, a Mirai variant | ALERTS | BOTNET | A new Mirai variant dubbed Murdoc botnet has been discovered in a recently observed campaign. The campaign leverages ELF binaries and shell scripts to target various *nix based systems, such as IoT devices and IP cameras, among others. The shell scripts are deployed to the devices to download and execute the Murdoc botnet payloads from the C2 servers. |
| 22.1.25 | Groups targeting users with Email bombing and vishing campaigns | ALERTS | GROUP | Researchers have discovered two groups behind malware campaigns involving email-bombing, Microsoft Teams communication, and remote-control tools. These attacks begin with targeted email-bombing campaigns and continue with the attackers contacting the victims via Teams, posing as IT staff. They then tell the victim they can resolve the recent spam issue by using the Teams screen-sharing option or "Quick Assist." |
| 22.1.25 | Nnice Ransomware | ALERTS | RANSOM | Nnice is a new ransomware variant recently identified in the wild. The malware encrypts user data and appends “.xdddd” extension to the encrypted files. Beside dropping the ransom note in form of a “Readme.txt" text file, the ransomware also changes the desktop wallpaper to indicate that the user files have been encrypted and ransom is demanded from the victim. |
| 22.1.25 | Silent Lynx: New cyber threat group targeting government and financial entities in Kyrgyzstan | ALERTS | GROUP | A new threat group dubbed Silent Lynx has been discovered targeting organizations in Kyrgyzstan and neighboring countries. The group employs a range of techniques such as malicious email attachments, decoy documents and persistence mechanisms to maintain access to compromised systems. |
| 21.1.25 | MintsLoader campaign targets energy sector with StealC and BOINC malware | ALERTS | VIRUS | MintsLoader is a sophisticated malware loader that employs advanced techniques to evade detection and enhance its operational effectiveness. Impacted sectors include Electricity, Gas and Oil industries as well as Law firms and Legal service industries all within the U.S. and Europe. The infection process begins when a victim clicks on a link in a phishing email, triggering the download of malicious JScript files, leading to the deployment of secondary payloads like StealC and the Berkeley Open Infrastructure for Network Computing (BOINC) client. The combination of these payloads allows for the consumption of sensitive data from browsers, applications, crypto-wallets, and then the exfiltration to C2 server. |
| 21.1.25 | New Tanzeem Android Malware courtesy of DoNot Team | ALERTS | VIRUS | Threat actor APT group known as DoNot Team has been linked to a new Tanzeem Android malware. This malicious Android app primarily uses OneSignal which is a popular customer engagement platform used by organizations to send push notifications, emails, in-app messages, and SMS messages. Once installed the malicious app displays a fake chat screen prompting the victim to click a button named "Start Chat". Doing so triggers a message that instructs the victim to grant permissions to the accessibility services API, thus allowing it to perform various nefarious actions. |
| 21.1.25 | Redtail Cryptocurrency Mining Malware | ALERTS | CRYPTOCURRENCY | Redtail is an adaptable malware that stealthily installs itself on compromised systems utilizing advanced tactics to persist and exploit systems for unauthorized cryptocurrency mining. It is capable of running on various CPU architectures by utilizing two extra scripts: one script identifies the CPU architecture of the victim system ensuring compatibility for the malware, and a second script removes any other competing crypto-mining software that may already exist on the compromised system. This dual approach tactic maintains persistence and works towards evading detection. |
|
20.1.25 | PNGPlug loader leveraged for ValleyRAT distribution | ALERTS | VIRUS | A new ValleyRAT malware distribution campaign has been reported in the wild. The attackers leverage a new multi-stage loader dubbed PNGPlug within the observed attack chain. The deployed ValleyRAT payload has the functionality for deployed shellcode execution, download of additional arbitrary components, etc. This campaign has been attributed to the Silver Fox APT group and observed to be targeting various companies in several Chinese-speaking regions. |
|
20.1.25 | AIRASHI - a large scale DDoS botnet | ALERTS | BOTNET | Airashi is a variant of the Aisiru botnet observed in the wild last year. The botnet is known to be spread via exposed vulnerabilities as well as through exploitation of weak Telnet credentials. Airashi can be used by attackers to conduct a wide variety of DDoS attacks. Several strains of the botnet binaries also support additional functionalities such as command execution or proxy services. |
|
18.1.25 | Threat actors reusing legitimate government documents to deliver malware | ALERTS | VIRUS | A malware campaign has been linked to nation state actors targeting countries in Central Asia for information gathering. The attacks utilizes legitimate government documents to deliver the malware. |
|
18.1.25 | CVE-2024-55591 - Fortinet FortiOS Authorization Bypass vulnerability | ALERTS | VULNEREBILITY | CVE-2024-55591 is a recently discovered authorization bypass vulnerability affecting Fortinet FortiOS and FortiProxy products. Successful exploitation of the flaw could allow remote attackers to obtain super-admin privileges on the vulnerable devices via crafted requests to Node.js websocket module. |
|
18.1.25 | CVE-2024-12686 - BeyondTrust vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2024-12686 is a recently disclosed OS command injection vulnerability affecting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products. |
|
18.1.25 | Recent malicious activities of the Fireant APT group | ALERTS | APT | Fireant (aka RedDelta, Mustang Panda) advanced persistent threat (APT) group has been targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia in recent campaign spreading an updated variant of the PlugX backdoor. |
|
18.1.25 | Ottercookie observed being used by nation states to steal crypto currency | ALERTS | CRYPTOCURRENCY | OtterCookie, an infostealer designed to steal crypto currency information, has recently been observed in use by nation state actors. |
|
18.1.25 | LDAP vulnerability PoC is actually just an infostealer | ALERTS | VULNEREBILITY | CVE-2024-49113 is a vulnerability affecting Microsoft Windows Lightweight Directory Access Protocol (LDAP) which was patched in December. In a recent campaign, attackers have been observed distributing infostealer malware disguised as proof-of-concept (PoC) code for this vulnerability. The fake PoC leverages dropped/downloaded scripts to exfiltrate system information via FTP. |
|
18.1.25 | Спроби здійснення кібератак з використанням AnyDesk, нібито, від імені CERT-UA | BATTLEFIELD UKRAINE | BATTLEFIELD UKRAINE | Урядовою командою реагування на комп'ютерні надзвичайні події України CERT-UA отримано інформацію про непоодинокі випадки спроб підключень до комп'ютерів з використанням програми AnyDesk, нібито, від імені CERT-UA. |
|
18.1.25 | Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4) | ALERT | ALERT | Tunnelling protocols are an essential part of the Internet and form much of the backbone that modern network infrastructure relies on today. |
|
18.1.25 | Rsync contains six vulnerabilities | ALERT | ALERT | Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. |
|
18.1.25 | Howyar Reloader UEFI bootloader vulnerable to unsigned software execution | ALERT | ALERT | The Howyar UEFI Application "Reloader" (32-bit and 64-bit), distributed as part of SysReturn prior to version 10.2.02320240919, is vulnerable to the execution of arbitrary software from a hard-coded path. |
|
18.1.25 | Planet WGS-804HPT | HACKING | Hardware | Hack The Emulated Planet: Vulnerability Hunting Planet WGS-804HPT Industrial Switch |
|
18.1.25 | GSocket Gambling Scavenger | CAMPAIGN | CAMPAIGN | GSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesia |
|
18.1.25 | Sneaky 2FA | PHISHING | PHISHING | Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service |
|
18.1.25 | Star Blizzard | PHISHING | PHISHING | New Star Blizzard spear-phishing campaign targets WhatsApp accounts |
|
16.1.25 | CVE-2024-7344 | VULNEREBILITY | VULNEREBILITY | Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 |
|
16.1.25 | NTLMv1 | VULNEREBILITY | VULNEREBILITY | If you think you blocked NTLMv1 in your org, think again |
|
16.1.25 | SAP Security Patch Day – January 2025 | VULNEREBILITY | VULNEREBILITY | This post shares information on Security Notes that remediate vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on priority to protect their SAP landscape. |
|
16.1.25 | Google Ads heist | CRIME | CRIME | The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads |
|
16.1.25 | Operation 99 | OPERATION | OPERATION | Operation 99: North Korea’s Cyber Assault on Software Developers |
|
16.1.25 | NICKEL TAPESTRY | GROUP | GROUP | NICKEL TAPESTRY Infrastructure Associated with Crowdfunding Scheme |
|
16.1.25 | Rsync contains six vulnerabilities | VULNEREBILITY | VULNEREBILITY | Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. |
|
16.1.25 | CVE-2025-21311 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.8) - Windows NTLM V1 Elevation of Privilege Vulnerability |
|
16.1.25 | CVE-2025-21307 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.8) - Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
|
16.1.25 | CVE-2025-21298 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.8) - Windows Object Linking and Embedding (OLE) Remote Code Execution Vulnerability |
|
16.1.25 | CVE-2025-21295 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 8.1) - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability |
|
16.1.25 | CVE-2025-21294 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 8.1) - Microsoft Digest Authentication Remote Code Execution Vulnerability |
|
16.1.25 | CVE-2025-21308 | VULNEREBILITY | VULNEREBILITY | Windows Themes Spoofing Vulnerability |
|
16.1.25 | CVE-2025-21275 | VULNEREBILITY | VULNEREBILITY | Windows App Package Installer Elevation of Privilege Vulnerability |
|
16.1.25 | CVE-2025-21395 | VULNEREBILITY | VULNEREBILITY | Microsoft Access Remote Code Execution Vulnerability |
|
16.1.25 | CVE-2025-21366 | VULNEREBILITY | VULNEREBILITY | Microsoft Access Remote Code Execution Vulnerability |
|
16.1.25 | CVE-2025-21186 | VULNEREBILITY | VULNEREBILITY | Microsoft Access Remote Code Execution Vulnerability |
|
16.1.25 | CVE-2024-57726 | VULNEREBILITY | VULNEREBILITY | A privilege escalation vulnerability that allows an attacker who gains access as a low-privilege technician to elevate their privileges to an admin by taking advantage of missing backend authorization checks |
|
16.1.25 | CVE-2024-57728 | VULNEREBILITY | VULNEREBILITY | An arbitrary file upload vulnerability that allows an attacker with SimpleHelpAdmin privileges (or as a technician with admin privileges) to upload arbitrary files anywhere on the SimpleServer host, potentially leading to remote code execution |
|
16.1.25 | CVE-2024-57727 | VULNEREBILITY | VULNEREBILITY | An unauthenticated path traversal vulnerability that allows an attacker to download arbitrary files from the SimpleHelp server, including the serverconfig.xml file that contains hashed passwords for the SimpleHelpAdmin account and other local technician accounts |
|
14.1.25 | Millions of Accounts Vulnerable due to Google’s OAuth Flaw | VULNEREBILITY | VULNEREBILITY | Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable. |
|
14.1.25 | CVE-2024-55591 | VULNEREBILITY | VULNEREBILITY | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. |
|
14.1.25 | UAC-0063 | GROUP | GROUP | Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations |
|
14.1.25 | CVE-2024-44243 | VULNEREBILITY | VULNEREBILITY | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system. |
|
14.1.25 | CVE-2024-12686 | VULNEREBILITY | VULNEREBILITY | A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. |
|
14.1.25 | CVE-2024-50603 | VULNEREBILITY | VULNEREBILITY | An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. |
|
14.1.25 | Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection | HACKING | HACKING | Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress website. |
|
10.1.25 | CVE-2024-55550 - Mitel MiCollab Path Traversal vulnerability | ALERTS | VULNEREBILITY | VE-2024-55550 is a newly disclosed path traversal vulnerability affecting Mitel MiCollab collaboration tool versions 9.8 SP1 FP2 and earlier. |
|
10.1.25 | New variant of Banshee Stealer targets macOS users | ALERTS | VIRUS | A new and updated variant of the macOS-based infostealer malware dubbed Banshee Stealer has been detected in the wild. |
|
10.1.25 | Funksec Ransomware | ALERTS | RANSOM | Funksec (aka Funklocker) is another double-extortion ransomware actor that surfaced in late 2024 and allegedly claimed multiple organizations as victims. |
|
10.1.25 | Latest HexaLocker ransomware attacks leverage Skuld Stealer for data extraction | ALERTS | RANSOM | A new updated variant of the Go-based HexaLocker ransomware has been discovered in the wild. The new strain has the functionality to download infostealer malware called Skuld Stealer, in an effort focused on extraction of confidential data from the infected endpoint. |
|
10.1.25 | CVE-2025-0282 - Ivanti Connect Secure vulnerability exploited in zero-day attacks | ALERTS | VULNEREBILITY | CVE-2025-0282 is a newly disclosed critical (CVSS score 9.0) stack-based buffer overflow vulnerability affecting Ivanti Connect Secure. If successfully exploited, it could allow unauthenticated attackers to execute arbitrary code on the vulnerable instances. |
|
10.1.25 | Old Oracle WebLogic Deserialization vulnerability (CVE-2020-2883) exploited in the wild | ALERTS | VULNEREBILITY | CVE-2020-2883 is a 2020 deserialization vulnerability affecting unpatched Oracle WebLogic servers. If successfully exploited, it could allow remote code execution by unauthenticated attackers via specially crafted T3 port network requests. |
|
10.1.25 | XWorm Middle East Campaign: Fake Mossad Intelligence Reports Used as Lures | ALERTS | VIRUS | As tensions in the Middle East remain high, particularly following recent events in Syria, threat actors are exploiting the volatile situation to target organizations and individuals both within the region and globally, leveraging the allure of sensitive intelligence to entice victims. |
|
10.1.25 | FireScam mobile malware | ALERTS | VIRUS | FireScam is a mobile malware variant recently discovered in the wild. The malware is distributed via a phishing website and under the disguise of Telegram Premium app. |
|
10.1.25 | KGB Keylogger Targets Companies with Fake Russian Ministry-Themed Emails | ALERTS | VIRUS | During the second half of December 2024, an actor has been targeting companies with malicious emails enticing users with a Ministry of Industry and Trade of the Russian Federation (Минпромторг России) social engineering ploy along with the use of a malicious .scr file (Письмо в МНТЦ и ЦРП.scr). |
|
10.1.25 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 2.3) - An operating system (OS) command injection vulnerability that enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software | |
|
10.1.25 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 2.7) - A wildcard expansion vulnerability that allows an unauthenticated attacker to enumerate files on the host file system | |
|
10.1.25 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 2.7) - An arbitrary file deletion vulnerability that enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host file system | |
|
10.1.25 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 4.7) - A reflected cross-site scripting (XSS) vulnerability that enables attackers to execute malicious JavaScript code in the context of an authenticated user's browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to browser-session theft | |
|
10.1.25 | CVE-2025-0103 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 7.8) - An SQL injection vulnerability that enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys, as well as create and read arbitrary files |
|
10.1.25 | Scam Imitates CrowdStrike Hiring Process | SPAM | SPAM | A newly discovered phishing campaign uses CrowdStrike recruitment branding to convince victims to download a fake application, which serves as a downloader for the XMRig cryptominer. |
|
10.1.25 | FunkSec | RANSOMWARE | AI | FunkSec – Alleged Top Ransomware Group Powered by AI |
|
10.1.25 | CVE-2024-49415 | VULNEREBILITY | VULNEREBILITY | Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. |
|
10.1.25 | RedDelta | GROUP | GROUP | Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain |
|
10.1.25 | Banshee Stealer | MALWARE | MacOS | Cracking the Code: How Banshee Stealer Targets macOS Users |
|
10.1.25 | MirrorFace | GROUP | GROUP | China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. |
|
10.1.25 | CVE-2024-52875 | VULNEREBILITY | VULNEREBILITY | refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then lead to a cross-site scripting (XSS) flaw. |
|
10.1.25 | CVE-2025-0283 | VULNEREBILITY | VULNEREBILITY | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. |
|
10.1.25 | CVE-2025-0282 | VULNEREBILITY | VULNEREBILITY | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. |
|
10.1.25 | Muddling Malspam | SPAM | SPAM | Muddling Malspam: The Use of Spoofed Domains in Malicious Spam |
|
10.1.25 | DNA Sequencer's Vulnerable BIOS | VULNEREBILITY | VULNEREBILITY | Genetic Engineering Meets Reverse Engineering: DNA Sequencer's Vulnerable BIOS |
|
10.1.25 | NonEuclid RAT | MALWARE | RAT | The NonEuclid Remote Access Trojan (RAT) is a type of malicious software that enables unauthorised remote access and control of a victim’s computer, often without their awareness. |
|
10.1.25 | Gayfemboy | BOTNET | Botnet | Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit. |
|
10.1.25 | CVE-2024-41713 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker to gain unauthorized and unauthenticated access |
|
10.1.25 | CVE-2024-55550 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 4.4) - A path traversal vulnerability in Mitel MiCollab that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization |
|
10.1.25 | CVE-2020-2883 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.8) - A security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3 |
|
7.1.25 | EAGERBEE | MALWARE | Backdoor | EAGERBEE, with updated and novel components, targets the Middle East |
|
7.1.25 | CVE-2024-9140 | VULNEREBILITY | VULNEREBILITY | (CVSS 4.0 score: 9.3) - A vulnerability allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution |
|
7.1.25 | CVE-2024-9138 | VULNEREBILITY | VULNEREBILITY | (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain root-level access to the system, leading to system compromise, unauthorized modifications, data exposure, or service disruption |
|
5.1.25 | FireScam | MALWARE | ANDROID | Inside FireScam : An Information Stealer with Spyware Capabilities |
|
5.1.25 | CVE-2024-43405 | VULNEREBILITY | VULNEREBILITY | Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. |
|
4.1.25 | SECTOR 2024 | KONFERENCE | KONFERENCE | SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. |
|
4.1.25 | BLACK HAT 2024 EU | KONFERENCE | KONFERENCE |
Black Hat Briefings (běžně označované jako Black Hat ) je konference o počítačové bezpečnosti , která poskytuje bezpečnostní konzultace, školení a instruktáže hackerům, korporacím a vládním agenturám po celém světě. |
|
4.1.25 | VB2024 | KONFERENCE | KONFERENCE | The annual Virus Bulletin International Conference has been running since 1991, recently celebrating its 25th anniversary. The venue typically alternates between Europe and North America. |
|
4.1.25 | hitbsecconf2024bkk | KONFERENCE | KONFERENCE |
HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. |
|
4.1.25 | PLAYFULGHOST | MALWARE | RAT | Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations |
|
4.1.25 | Treasury Sanctions Technology Company for Support to Malicious Cyber Group | INCIDENT | APT | Treasury Sanctions Technology Company for Support to Malicious Cyber Group |
|
4.1.25 | SwaetRAT | MALWARE | RAT | We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior and a low Virustotal score (7/61). |
|
3.1.25 | Nitrogen Ransomware | ALERTS | RANSOM | The double-extortion ransomware group known as Nitrogen has been very active over the past four months, targeting organizations across diverse sectors such as construction, financial services, manufacturing, and technology. |
|
3.1.25 | Bad Likert Judge | HACKING | AI | Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability |
|
3.1.25 | CVE-2024-49112 | VULNEREBILITY | VULNEREBILITY | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
|
3.1.25 | CVE-2024-49113 | VULNEREBILITY | VULNEREBILITY | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
|
3.1.25 | Critical: .NET Install links are changing | VULNEREBILITY | VULNEREBILITY | We are currently making an unexpected change to the way that .NET installers and archives are distributed. |
|
2.1.25 | Microsoft 365 Vulnerability | VULNEREBILITY | VULNEREBILITY | Discovery to Resolution: A Critical Microsoft 365 Vulnerability |
|
2.1.25 | Quasar RAT | MALWARE | RAT | Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts |
|
1.1.25 | DoubleClickjacking | ATTACK | Web | is a new variation on this classic theme: instead of relying on a single click, it takes advantage of a double-click sequence. |