HOT NEWS 2025 January(141) February(191) March(268) April(349) May(260) June(502) July(272) August(180) September(202) October(252) November(187) December(0) THREATS YEARS
|
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 12.11.25 | CHAMELEON#NET campaign - from DarkTortilla loader to FormBook payload | A new sophisticated malspam campaign utilizing the DarkTortilla .NET malware loader to deliver the FormBook Remote Access Trojan (RAT) has been documented by the researchers from Securonix. The attack is initiated via phishing, where users are manipulated into downloading a compressed .BZ2 archive containing a highly obfuscated JavaScript dropper. | VIRUS | |
| 12.11.25 | A new phishing campaign targeting hospitality industry customers | A recent phishing campaign reported by the researchers from Sekoia is targeting hospitality customers. A key intrusion tactic involves sending malicious emails to popular hospitality sector businesses that lure the staff into clicking a URL employing the "ClickFix" social engineering technique, ultimately manipulating them into executing a malicious PowerShell command. | CAMPAIGN | |
| 12.11.2025 | CVE-2024-25621 | containerd affected by a local privilege escalation via wide permissions on CRI directory | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-10966 | missing SFTP host verification with wolfSSH | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-12863 | Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2 | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-12875 | mruby array.c ary_fill_exec out-of-bounds write | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-31133 | runc container escape via "masked path" abuse due to mount race conditions | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-40107 | can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-40109 | crypto: rng - Ensure set_ent is always present | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-47179 | Configuration Manager Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-52565 | container escape due to /dev/console mount and related races | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-52881 | runc: LSM labels can be bypassed with malicious config using dummy procfs files | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59240 | Microsoft Excel Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59499 | Microsoft SQL Server Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59504 | Azure Monitor Agent Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59505 | Windows Smart Card Reader Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59506 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59507 | Windows Speech Runtime Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59508 | Windows Speech Recognition Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59509 | Windows Speech Recognition Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59510 | Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59511 | Windows WLAN Service Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59512 | Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59513 | Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59514 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-59515 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60703 | Windows Remote Desktop Services Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60704 | Windows Kerberos Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60705 | Windows Client-Side Caching Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60706 | Windows Hyper-V Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60707 | Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60708 | Storvsp.sys Driver Denial of Service Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60709 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60710 | Host Process for Windows Tasks Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60713 | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60714 | Windows OLE Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60715 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60716 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60717 | Windows Broadcast DVR User Service Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60718 | Windows Administrator Protection Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60719 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60720 | Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60721 | Windows Administrator Protection Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60722 | Microsoft OneDrive for Android Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60723 | DirectX Graphics Kernel Denial of Service Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60726 | Microsoft Excel Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60727 | Microsoft Excel Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60728 | Microsoft Excel Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-60753 | An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62200 | Microsoft Excel Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62201 | Microsoft Excel Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62202 | Microsoft Excel Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62203 | Microsoft Excel Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62204 | Microsoft SharePoint Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62205 | Microsoft Office Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62206 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62208 | Windows License Manager Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62209 | Windows License Manager Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62210 | Dynamics 365 Field Service (online) Spoofing Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62211 | Dynamics 365 Field Service (online) Spoofing Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62213 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62214 | Visual Studio Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62216 | Microsoft Office Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62218 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62219 | Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62220 | Windows Subsystem for Linux GUI Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62222 | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62449 | Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62452 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-62453 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-64329 | containerd CRI server: Host memory exhaustion through Attach goroutine leak | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-64432 | KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-64433 | KubeVirt Arbitrary Container File Read | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-64434 | KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-64435 | KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-64436 | KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes | VULNEREBILITY | VULNEREBILITY |
| 12.11.2025 | CVE-2025-64437 | KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes | VULNEREBILITY | VULNEREBILITY |
| 12.11.25 | CVE-2025-60716 | Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. |
VULNEREBILITY |
|
| 12.11.25 | CVE-2025-62215 | This vulnerability is already being exploited. It is a privilege escalation vulnerability in the Windows Kernel. These types of vulnerabilities are often exploited as part of a more complex attack chain; however, exploiting this specific vulnerability is likely to be relatively straightforward, given the existence of prior similar vulnerabilities. |
VULNEREBILITY |
|
| 12.11.25 | CVE-2025-60274 | A critical GDI+ remote execution vulnerability. GDI+ parses various graphics files. The attack surface is likely huge, as anything in Windows (Browsers, email, and Office Documents) will use this library at some point to display images. We also have a critical vulnerability in Direct-X CVE-2025-60716. Microsoft classifies this as a privilege escalation issue, yet still rates it as critical. |
VULNEREBILITY |
|
| 12.11.25 | CVE-2025-62199 | A code execution vulnerability in Microsoft Office. Another component with a huge attack surface that is often exploited. |
VULNEREBILITY |
|
| 12.11.25 | CVE-2025-5777 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server |
VULNEREBILITY |
|
| 12.11.25 | CVE-2025-20337 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. |
VULNEREBILITY |
|
| 12.11.25 | Maverick | Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution | MALWARE | Banking Trojan |
| 12.11.25 | Coyote Banking Trojan | Coyote Banking Trojan Extends Reach & Targets Users through WhatsApp | MALWARE | Banking Trojan |
| 12.11.25 | Gootloader | Gootloader Returns: What Goodies Did They Bring? | MALWARE | Loader |
| 11.11.25 | EndClient RAT | New Kimsuky Malware “EndClient RAT”: First Technical Report and IOCs | MALWARE | RAT |
| 11.11.25 | Fantasy Hub | Fantasy Hub: Another Russian Based RAT as M-a-a-S | MALWARE | M-a-a-S |
| 11.11.25 | Comebacker | Lazarus Group targets Aerospace and Defense with new Comebacker variant | MALWARE | Loader |
| 11.11.25 | CVE-2025-12480 | Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. |
VULNEREBILITY |
|
| 10.11.25 | I Paid Twice | Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers | CAMPAIGN | PHISHING |
| 9.11.25 | Vulnerability in expr-eval JavaScript library can lead to remote code execution. | The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input. | ALERT | ALERT |
| 9.11.25 | Line Dancer | In-memory shellcode loader targeting Cisco Adaptive Security Appliance (ASA) devices | MALWARE | Loader |
| 9.11.25 | Line Runner | Persistent webshell targeting Cisco Adaptive Security Appliance (ASA) devices. | MALWARE | Loader |
| 9.11.25 | CVE-2025-20363 | Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.11.25 | CVE-2025-20358 | A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. |
VULNEREBILITY |
|
| 9.11.25 | CVE-2024-20359 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability |
VULNEREBILITY |
|
| 9.11.25 | CVE-2024-20353 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability |
VULNEREBILITY |
|
| 9.11.25 | CVE-2025-6205 - DELMIA Apriso vulnerability exploited in the wild | CVE-2025-6205 is a recently disclosed critical (CVSS score 9.1) missing authorization vulnerability affecting DELMIA Apriso from release 2020 through release 2025. If successfully exploited the flaw might allow attackers to gain privileged access to the vulnerable application instances. This vulnerability has been added just last week to the CISA Known Exploited Vulnerabilities (KEV) Catalog following the reports of the in-the-wild exploitation. | VULNEREBILITY | |
| 9.11.25 | Attackers target cargo and freight companies with RMM tools | Remote monitoring and management (RMM) tools are a common payload in today's threat landscape. A recent report by researchers at Proofpoint details campaigns against cargo and freight companies to attempt cargo theft. | CAMPAIGN | |
| 9.11.25 | BankBot mobile malware | A new variant of the BankBot mobile malware has been reported by the researchers from Cyfirma. This strain implements updated anti-emulation techniques. During initialization, it inspects device attributes like device manufacturer and model identifiers to detect virtualized or sandboxed environments, dynamically altering its behavior to evade automated analysis. | VIRUS | |
| 9.11.25 | Recent activity focusing on organizations influencing U.S. policy | China-linked actors continue to show interest in U.S. organizations with links to or involvement in policy issues, including an intrusion earlier this year into a U.S. non-profit organization that is active in attempting to influence U.S. government policy on international issues. | APT | |
| 9.11.25 | New NGate mobile malware campaign targeting Polish banking users | CERT Polska has uncovered a new mobile malware campaign called NGate that uses an NFC Relay attack to drain cash from victims' bank accounts at ATMs. The attack targets users of Polish banks and starts with a fake security message (email or SMS) concerning a technical issue or incident, tricking the victim into installing a malicious Android app. | VIRUS | |
| 9.11.25 | RMM Abuse Continues — Malicious LogMeIn Resolve Activity on the Rise | In recent weeks we observed a decline in malicious ScreenConnect activity and a concurrent rise in campaigns abusing LogMeIn Resolve RMM (aka GoTo Resolve) – Using the “Unattended Access” feature within Resolve, which allows access to and control of computers or servers without an end user being present. | VIRUS | |
| 9.11.25 | CVE-2025-24893 - XWiki Platform injection vulnerability exploited in the wild | CVE-2025-24893 is a recently disclosed template-injection vulnerability affecting XWiki, which is a open-source wiki software platform. If successfully exploited the flaw might allow unauthenticated attackers to inject and execute arbitrary Groovy code through crafted requests. | VULNEREBILITY | |
| 9.11.25 | Multi-Stage In-Memory Agent Tesla Campaign Targets LATAM | Symantec has identified a new Agent Tesla campaign leveraging business-themed social engineering to target organizations across Latin America, Spain, and other international sectors. The actor impersonates a company that advertises outsourced management, consulting, and facility services. | CAMPAIGN | |
| 9.11.25 | CVE-2025-54247 - Adobe Experience Manager vulnerability | CVE-2025-54247 is a recently disclosed improper input validation vulnerability affecting Adobe Experience Manager versions 6.5.23.0 and earlier. If successfully exploited the flaw might allow low-privileged attackers to bypass security measures and gain unauthorized read access. Product vendor has already released respective security patches to address this vulnerability. | VULNEREBILITY | |
| 9.11.25 | Threat actors spoof Aramex services to steal credentials | Aramex, a global logistics and transportation company based in Dubai, offers services such as express courier delivery, freight forwarding, and supply chain management for businesses and consumers. Symantec has detected a new wave of phishing attacks that mimic Aramex services to steal credentials. | ALERTS | PHISHING |
| 9.11.25 | CVE-2025-54236 - Adobe Commerce and Magento vulnerability | CVE-2025-54236 (aka SessionReaper) is a recently disclosed critical (CVSS score 9.1) improper input validation vulnerability affecting Adobe Commerce and Magento solution. If successfully exploited the flaw might allow an attacker for a session takeover through the Commerce REST API. | VULNEREBILITY | |
| 9.11.25 | CVE-2025-11371 - Gladinet CenterStack LFI vulnerability exploited in the wild | CVE-2025-11371 is a recently disclosed local file inclusion (LFI) vulnerability in Gladinet CenterStack and Triofox platforms, which are self-hosted file sharing solutions. If successfully exploited the flaw might allow attackers to perform unauthenticated remote file inclusion, retrieval of configuration keys and subsequent remote code execution. The vulnerability has been reported as being exploited in the wild. | VULNEREBILITY | |
| 9.11.25 | New phishing campaign targets Tether users with fake anti-money laundering notices | A new phishing campaign has been observed, spoofing Tether and targeting its users with fraudulent anti-money laundering (AML) notice emails. Tether, a widely adopted stablecoin with tokens pegged 1-to-1 to fiat currencies and backed by reserves, is a popular target for such scams. | ALERTS | PHISHING |
| 9.11.25 | Tangerine Turkey, coming from a USB drive near you | Tangerine Turkey is a crypto mining campaign, delivered by the less-than-efficient mechanism of removable USB drives. The USB contains all the necessary components to complete the attack. Execution starts with a .vbs file which drops and executes a .bat. | CRYPTOCURRENCY | |
| 9.11.25 | BlueNoroff targets Crypto Sector with GhostCall and GhostHire campaigns | Two new campaigns by the BlueNoroff APT group, dubbed GhostCall and GhostHire, targeting cryptocurrency and Web3 professionals, have been reported by Kaspersky. In GhostCall, attackers impersonate venture capitalists or startup founders luring victims into fake online meetings via Zoom or Teams and prompting them to install a “security update” that deploys multi-stage malware on macOS or Windows. | ALERTS | CAMPAIGN |
| 9.11.25 | Airstalk malware | Airstalk, a Windows-based malware recently discovered by researchers at Unit42 of Palo Alto Networks. The name is derived from the malware's use of the AirWatch API for mobile device management (MDM) for C2 communications. Variants written in both PowerShell and .NET have been observed, with the .NET variant having more capabilities. | VIRUS | |
| 9.11.25 | Attackers linked to Russia continue activity against Ukraine | Attacks against a large business services organization and a local government organization were recently observed by our Threat Hunter team. Fueled by a heavy reliance on Living-off-the-Land tactics and dual-use tools, the attacker's goal appears to be establishing persistence and theft of sensitive information. | APT | |
| 9.11.25 | CVE-2025-59287: Microsoft WSUS RCE exploited in the wild | Microsoft patched a critical unauthenticated RCE in Windows Server Update Services (CVE‑2025‑59287) with an out-of-band update on Oct 23, 2025, after the initial October Patch Tuesday release proved incomplete. Exploit code and active attacks were observed within hours, prompting warnings from security vendors, incident responders and CISA’s KEV catalog. | VULNEREBILITY | |
| 9.11.25 | GhostGrab Android malware | An advanced Android malware strain named GhostGrab that is actively used to mine cryptocurrency and steal banking credentials from compromised devices has been reported by CYFIRMA. | VIRUS | |
| 9.11.25 | CVE-2025-20343 | Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability |
VULNEREBILITY |
|
| 9.11.25 | CVE-2025-20354 | A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. |
VULNEREBILITY |
|
| 9.11.25 | Death by a Thousand Prompts: Open Model Vulnerability Analysis | Open-weight models provide researchers and developers with accessible foundations for diverse downstream applications. We tested the safety and security postures of eight open-weight large language models (LLMs) models to identify vulnerabilities that may impact subsequent fine-tuning and deployment. | PAPERS | PAPERS |
| 9.11.25 | InputSnatch: Stealing Input in LLM Services via Timing Side-Channel Attacks | Large language models (LLMs) possess extensive knowledge and question-answering capabilities, having been widely deployed in privacy-sensitive domains like finance and medical consultation. During LLM inferences, cache-sharing methods are commonly employed to enhance efficiency by reusing cached states or responses for the same or similar inference requests. | PAPERS | PAPERS |
| 9.11.25 | What Was Your Prompt? A Remote Keylogging Attack on AI Assistan | AI assistants are becoming an integral part of society, used for asking advice or help in personal and confidential issues. In this paper, we unveil a novel side-channel that can be used to read encrypted responses from AI Assistants over the web: the token-length side-channel. | PAPERS | PAPERS |
| 9.11.25 |
WHISPER LEAK: A
SIDE-CHANNEL ATTACK ON LARGE LANGUAGE MODE |
Large Language Models (LLMs) are increasingly deployed in sensitive domains including healthcare, legal services, and confidential communications, where privacy is paramount. This paper introduces Whisper Leak, a side-channel attack that infers user prompt topics from encrypted LLM traffic by analyzing packet size and timing patterns in streaming responses. | PAPERS | PAPERS |
| 8.11.25 | CVE-2025-59287 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 8.11.25 | XLoader 8.0 | Cracking XLoader with AI: How Generative Models Accelerate Malware Analysis | MALWARE | Loader |
| 8.11.25 | Operation Peek-a-Baku | Initial Findings. Technical Analysis. Campaign – I The LNK Way. Malicious SILENT LOADER Malicious LAPLAS Implant – TCP & TLS. Malicious .NET Implant – SilentSweeper Campaign –... | OPERATION | OPERATION |
| 8.11.25 | LANDFALL | LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices | MALWARE | ANDROID |
| 8.11.25 | TOLLBOOTH | REF3927 abuses publicly disclosed ASP.NET machine keys to compromise IIS servers and deploy TOLLBOOTH SEO cloaking modules globally. | MALWARE | FRAMEWORK |
| 8.11.25 | CVE-2017-17562 | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c |
VULNEREBILITY |
|
| 8.11.25 | CVE-2017-9805 | The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. |
VULNEREBILITY |
|
| 8.11.25 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints |
VULNEREBILITY |
|
| 8.11.25 | CVE-2022-26134 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. |
VULNEREBILITY |
|
| 7.11.25 | BLATANTLY MALICIOUS | Ransomvibing appears in VS Code extensions | RANSOMWARE | RANSOMWARE |
| 7.11.25 | ESET APT Activity Report Q2 2025–Q3 2025 | RUSSIA-ALIGNED APTs RAMP UP ATTACKS AGAINST UKRAINE AND ITS STRATEGIC PARTNERS | REPORT | REPORT |
| 7.11.25 | CVE-2025-20362 | Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability |
VULNEREBILITY |
|
| 7.11.25 | CVE-2025-20333 | Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 6.11.25 | Curly COMrades | Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines | GROUP | GROUP |
| 6.11.25 | PROMPTFLUX | GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools | MALWARE | AI |
| 6.11.25 | HackedGPT | HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage | HACKING | AI |
| 5.11.25 | UNK_SmudgedSerpent | Crossed wires: a case study of Iranian espionage and attribution | GROUP | GROUP |
| 5.11.25 | CVE-2025-11371 | (CVSS score: 7.5) - A vulnerability in files or directories accessible to external parties in Gladinet CentreStack and Triofox that could result in unintended disclosure of system files. |
VULNEREBILITY |
|
| 5.11.25 | CVE-2025-48703 | (CVSS score: 9.0) - An operating system command injection vulnerability in Control Web Panel (formerly CentOS Web Panel) that results in unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. |
VULNEREBILITY |
|
| 4.11.25 | CVE-2025-11953 | Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk |
VULNEREBILITY |
|
| 4.11.25 | CVE-2024-38197 | Microsoft Teams for iOS Spoofing Vulnerability |
VULNEREBILITY |
|
| 4.11.25 | CVE-2025-43429 | A buffer overflow vulnerability that may lead to an unexpected process crash when processing maliciously crafted web content (addressed through improved bounds checking) |
VULNEREBILITY |
|
| 4.11.25 | CVE-2025-43430 | An unspecified vulnerability that could result in an unexpected process crash when processing maliciously crafted web content (addressed through improved state management) |
VULNEREBILITY |
|
| 4.11.25 | CVE-2025-43431 | Two unspecified vulnerabilities that may lead to memory corruption when processing maliciously crafted web content (addressed through improved memory handling) |
VULNEREBILITY |
|
| 4.11.25 | CVE-2025-43433 | Two unspecified vulnerabilities that may lead to memory corruption when processing maliciously crafted web content (addressed through improved memory handling) |
VULNEREBILITY |
|
| 4.11.25 | CVE-2025-43434 | A use-after-free vulnerability that may lead to an unexpected Safari crash when processing maliciously crafted web content (addressed through improved state management) |
VULNEREBILITY |
|
| 4.11.25 | SesameOp | SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | MALWARE | Backdoor |
| 4.11.25 | SleepyDuck | SleepyDuck malware invades Cursor through Open VSX | MALWARE | RAT |
| 4.11.25 | HttpTroy | DPRK’s Playbook: Kimsuky’s HttpTroy and Lazarus’s New BLINDINGCAN Variant | MALWARE | Dropper |
| 4.11.25 | BLINDINGCAN | DPRK’s Playbook: Kimsuky’s HttpTroy and Lazarus’s New BLINDINGCAN Variant | MALWARE | Tool |
| 3.11.25 | CVE-2025-61932 | Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets. |
VULNEREBILITY |
|
| 3.11.25 | CN APT | CN APT targets Serbian Government | APT | APT |
| 3.11.25 | Tap-and-Steal | Tap-and-Steal: The Rise of NFC Relay Malware on Mobile Devices | HACKING | Malware |
| 3.11.25 | CVE-2023-20273 | Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature |
VULNEREBILITY |
|
| 3.11.25 | CVE-2024-24919 | Check Point Quantum Security Gateways Information Disclosure Vulnerability |
VULNEREBILITY |
|
| 3.11.25 | CVE-2024-1086 | Linux Kernel Use-After-Free Vulnerability |
VULNEREBILITY |
|
| 3.11.25 | CVE-2024-1086 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. |
VULNEREBILITY |
|
| 3.11.25 | CVE-2025-11705 | Anti-Malware Security and Brute-Force Firewall – Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read – POC |
VULNEREBILITY |
|
| 3.11.25 | BADCANDY | Don’t take BADCANDY from strangers – How your devices could be implanted and what to do about it | EXPLOIT | Shell |
| 2.11.25 | Agenda Ransomware | Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques | RANSOMWARE | RANSOMWARE |
| 2.11.25 | CryptoChameleon | CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack | GROUP | GROUP |
| 2.11.25 | CVE-2024-11972 | The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed. |
VULNEREBILITY |
|
| 2.11.25 | CVE-2024-9707 | The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. |
VULNEREBILITY |
|
| 2.11.25 | CVE-2024-9234 | The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. |
VULNEREBILITY |
|
| 1.11.25 | Minecraft RAT | RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules. | MALWARE | RAT |
| 1.11.25 | Hezi Rash: Rising Kurdish Hacktivist Group Targets Global Sites | GROUP | GROUP | |
| 1.11.25 | APT-C-60 | APT-C-60 intensified operations against Japanese organizations during Q3 2025, deploying three updated SpyGlace backdoor versions with refined tracking mechanisms, modified encryption, and sophisticated abuse of GitHub, StatCounter, and Git for stealthy malware distribution. | APT | APT |
| 1.11.25 | Operation SkyCloak | Authors: Sathwik Ram Prakki and Kartikkumar Jivani Contents Introduction Key Targets Industries Geographical Focus Infection and Decoys Technical Analysis PowerShell Stage Persistence Configuration Infrastructure and Attribution Conclusion SEQRITE Protection IOCs MITRE ATT&CK Introduction SEQRITE Labs has identified a campaign... | OPERATION | OPERATION |
| 1.11.25 | Android/BankBot-YNRK | Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application packages (APKs) | MALWARE | Android |
| 1.11.25 | HijackLoader | The SonicWall Capture Labs threat research team has recently been monitoring new variants of the HijackLoader malware that are being delivered through SVG files. | MALWARE | Loader |
| 1.11.25 | Tangerine Turkey Operations | From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations | OPERATION | OPERATION |
| 1.11.25 | UNC6384 | UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities | GROUP | GROUP |
| 1.11.25 | Airstalk | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack | MALWARE | MALWARE |
| 1.11.25 | CVE-2025-61932 | Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets. |
VULNEREBILITY |
|
| 1.11.25 | BRONZE BUTLER | BRONZE BUTLER exploits Japanese asset management software vulnerability | APT | APT |
| 1.11.25 | gokcpdoor | The sophisticated campaign, observed by Sophos, involved the exploitation of CVE-2025-61932 to deliver a known backdoor referred to as | MALWARE | Backdoor |
| 1.11.25 | CVE-2025-41244 | Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability |
VULNEREBILITY |
|
| 1.11.25 | CVE-2025-24893 | XWiki Platform Eval Injection Vulnerability |
VULNEREBILITY |
|