2024 January(137)  February(207)  March(430) April(317) May(278)  June(237)  July(216)  August(316) September(186)  October(24) November(114) December(126) | 2025 January(141)  February(191) March(0)  April(0) May(0) June(0) July(0) August(0) September(0)

DATE

NAME

CATEGORY

SUBCATE

INFO

13.3.25 DocSwap mobile malware

ALERTS

VIRUS DocSwap is a new mobile malware variant distributed under the disguise of a "document viewing authentication" mobile app.
13.3.25 A new campaign distributing scam crypto investment platforms

ALERTS

CRYPTOCURRENCY A new campaign spreading fraudulent cryptocurrency investment platforms has been reported by researchers from Palo Alto. The attackers leverage websites and Android mobile apps masqueraded as known brands of retail stores, financial institutions or technology companies to lure their victims.
13.3.25 CVE-2025-25181 - Advantive VeraCore SQL Injection vulnerability

ALERTS

VULNEREBILITY CVE-2025-25181 is a SQL Injection vulnerability affecting Advantive VeraCore, which is an order fulfillment and warehouse management software. If successfully exploited, the flaw might allow the remote attackers to execute arbitrary SQL commands via the PmSess1 parameter and gain unauthorized access to sensitive data.
13.3.25 Ballista botnet targets TP-Link Archer routers via vulnerability exploitation

ALERTS

BOTNET A new botnet dubbed Ballista has targeted organizations in Australia, China, Mexico, and the US focusing on healthcare, manufacturing, services, and technology sectors.
13.3.25 Credential Theft Campaign Disguised as Construction Quote Requests

ALERTS

PHISHING An actor has been running a large phishing campaign, targeting businesses with emails disguised as requests for quotations. The emails, sent from multiple Outlook, Live, Hotmail, and MSN addresses, urge recipients to review an attached document, claiming it contains the scope of work for an urgent project.
13.3.25 PlayPraetor mobile malware

ALERTS

VIRUS PlayPraetor is a mobile malware recently distributed via fake Play Store websites. Many of the observed fraudulent domains leverage typo-squatting techniques to lure the unsuspecting victims into downloading the malicious binaries.
13.3.25 CVE-2024-32444 and CVE-2024-32555 - WordPress RealHome and Easy Real Estate Plugin vulnerabilities

ALERTS

VULNEREBILITY CVE-2024-32444 and CVE-2024-32555 are two recently disclosed vulnerabilities affecting WordPress RealHome and WordPress Easy Real Estate Plugin respectively.
13.3.25 Blind Eagle malicious .url files variant

ALERTS

APT Blind Eagle (aka APT-C-36), is a threat actor group that engages in both espionage and cyber-crime. It primarily targets organizations in Colombia and other Latin American countries focusing on government institutions, financial organizations, and critical infrastructure.
13.3.25 Malvertising campaign found in pirate streaming sites leading to infostealers

ALERTS

VIRUS A malvertising campaign has been recently disclosed by Microsoft. The malicious actors start by injecting malvertising redirectors into videos hosted on pirate streaming sites.
13.3.25 Phishing Campaign Impersonates Korean Tax Service

ALERTS

PHISHING A new wave phishing is making rounds in South Korea, disguising itself as an official email from the Korean National Tax Service (NTS). The email claims to contain an electronic tax invoice and includes an HTML attachment named NTS_eTaxInvoice.html.
13.3.25 Malicious operations attributed to the EncryptHub threat actor

ALERTS

RANSOM EncryptHub is a new threat actor engaging in malicious operations distributing ransomware and infostealers (StealC, Rhadamanthys) to the unsuspecting victims.
13.3.25 Leafperforator APT conducts attacks on maritime sector

ALERTS

APT A new malicious campaign targeting the maritime and nuclear energy sector across South and Southeast Asia, the Middle East, and Africa has been attributed to the Leafperforator (also known as SideWinder) APT group.
13.3.25 KoSpy MALWARE Spyware Lookout Discovers New Spyware by North Korean APT37
13.3.25 CVE-2025-25292

VULNEREBILITY

VULNEREBILITY

Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
13.3.25 CVE-2025-25291

VULNEREBILITY

VULNEREBILITY

Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
13.3.25 CVE-2025-27363

VULNEREBILITY

VULNEREBILITY

n out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files.
13.3.25 Actor UNC3886 GROUP GROUP Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers
12.3.25 CVE-2017-0929

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.5) - DotNetNuke
12.3.25 CVE-2020-7796

VULNEREBILITY

VULNEREBILITY

(CVSS score: 9.8) - Zimbra Collaboration Suite
12.3.25 CVE-2021-21973

VULNEREBILITY

VULNEREBILITY

(CVSS score: 5.3) - VMware vCenter
12.3.25 CVE-2021-22054

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.5) - VMware Workspace ONE UEM
12.3.25 CVE-2021-22175

VULNEREBILITY

VULNEREBILITY

(CVSS score: 9.8) - GitLab CE/EE
12.3.25 CVE-2021-22214

VULNEREBILITY

VULNEREBILITY

CVSS score: 8.6) - GitLab CE/EE
12.3.25 CVE-2021-39935

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.5) - GitLab CE/EE
12.3.25 CVE-2023-5830

VULNEREBILITY

VULNEREBILITY

(CVSS score: 9.8) - ColumbiaSoft DocumentLocator
12.3.25 CVE-2024-6587

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.5) - BerriAI LiteLLM
12.3.25 CVE-2024-21893

VULNEREBILITY

VULNEREBILITY

(CVSS score: 8.2) - Ivanti Connect Secure
12.3.25 CVE-2025-24983

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.0) - A Windows Win32 Kernel Subsystem use-after-free (UAF) vulnerability that allows an authorized attacker to elevate privileges locally
12.3.25 CVE-2025-24984

VULNEREBILITY

VULNEREBILITY

(CVSS score: 4.6) - A Windows NTFS information disclosure vulnerability that allows an attacker with physical access to a target device and the ability to plug in a malicious USB drive to potentially read portions of heap memory
12.3.25 CVE-2025-24985

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.8) - An integer overflow vulnerability in Windows Fast FAT File System Driver that allows an unauthorized attacker to execute code locally

12.3.25 CVE-2025-24991

VULNEREBILITY

VULNEREBILITY

(CVSS score: 5.5) - An out-of-bounds read vulnerability in Windows NTFS that allows an authorized attacker to disclose information locally
12.3.25 CVE-2025-24993

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.8) - A heap-based buffer overflow vulnerability in Windows NTFS that allows an unauthorized attacker to execute code locally
12.3.25 CVE-2025-26633

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.0) - An improper neutralization vulnerability in Microsoft Management Console that allows an unauthorized attacker to bypass a security feature locally
12.3.25 Apple security releases VULNEREBILITY Update This document lists security updates and Rapid Security Responses for Apple software.
12.3.25 Blind Eagle: APT APT Blind Eagle: …And Justice for All
11.3.25 New Poco RAT distribution campaign

ALERTS

VIRUS A new campaign distributing Poco RAT to Spanish-speaking users in Latin America has been reported in the wild. The campaign has been attributed to the Darkling APT (aka Dark Caracal). The group is known to leverage Bandook-based backdoors in their attacks.
11.3.25 CVE-2024-13159 - Ivanti Endpoint Manager (EPM) Absolute Path Traversal vulnerability

ALERTS

VULNEREBILITY CVE-2024-13159 is a critical (CVSS score 9.8) absolute path traversal vulnerability affecting the Ivanti Endpoint Manager (EPM) software. If successfully exploited, the flaw might allow a remote unauthenticated attacker to leak sensitive information.
11.3.25 Ballista Botnet BOTNET BOTNET Cato CTRL™ Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers
11.3.25 SideWinder APT APT SideWinder targets the maritime and nuclear sectors with an updated toolset
11.3.25 CVE-2024-57968

VULNEREBILITY

VULNEREBILITY

An unrestricted file upload vulnerability in Advantive VeraCore that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx
11.3.25 CVE-2025-25181

VULNEREBILITY

VULNEREBILITY

An SQL injection vulnerability in Advantive VeraCore that allows a remote attacker to execute arbitrary SQL commands
11.3.25 CVE-2024-13159

VULNEREBILITY

VULNEREBILITY

An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information
11.3.25 CVE-2024-13160

VULNEREBILITY

VULNEREBILITY

An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information
11.3.25 CVE-2024-13161

VULNEREBILITY

VULNEREBILITY

An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information
11.3.25 CVE-2024-12297

VULNEREBILITY

VULNEREBILITY

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation.
10.3.25 Strela Stealer targets MS Outlook users credentials

ALERTS

VIRUS Strela Stealer is a malware infostealer typically distributed through phishing campaigns affecting users in Italy, Germany, Spain, and Ukraine. It is designed to target specific email clients (notably Microsoft Outlook and Mozilla Thunderbird) and exfiltrate email login credentials.
10.3.25 Boramae Ransomware

ALERTS

RANSOM Boramae is a new ransomware discovered just recently in the threat landscape and a suspected variant of the Beast aka BlackLockbit malware family. The malware encrypts user files and appends ".boramae" to them.
10.3.25 Phantom-Goblin operation spreading infostealers to victims

ALERTS

OPERATION Phantom-Goblin is the name of a malicious infostealing campaign recently identified in the wild. The attackers responsible are leveraging social engineering techniques luring victims into execution of malicious .LNK files.
10.3.25 Ebyte Ransomware

ALERTS

RANSOM

Desert Dexter is a recently reported malicious operation targeting users based in Middle East and North Africa. The responsible threat actors are distributing malicious binaries hosted on legitimate file-sharing portals or via seemingly harmless Telegram channels.
10.3.25 Polymorphic Extensions HACKING HACKING Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension
10.3.25 Desert Dexter. Attacks CAMPAIGN Malware Desert Dexter. Attacks on Middle Eastern countries
10.3.25 SilentCryptoMiner CRYPTOCURRENCY CRYPTOCURRENCY Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool
9.3.25 CVE-2025-27840

VULNEREBILITY

VULNEREBILITY

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
9.3.25 CVE-2025-1316

VULNEREBILITY

VULNEREBILITY

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

8.3.25

BADBOX 2.0 MALWARE Android Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes

8.3.25

Phishing Campaign Using Private Video Sharing CAMPAIGN PHISHING We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization.

8.3.25

Snail Mail Fail CAMPAIGN Ransom Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear

8.3.25

Zloader 2.9.4.0

MALWARE

Loader

Inside Zloader’s Latest Trick: DNS Tunneling

8.3.25

Skuld stealer

MALWARE

Stealer

TMPN (Skuld) Stealer: The dark side of open source

8.3.25

Trojan-Downloader.Win32.TookPS

MALWARE

AI

Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

8.3.25

LARVA-208

GROUP

GROUP

(EncryptHub) is a threat actor that has come to the forefront with highly sophisticated spear-phishing attacks since 26 June 2024. In the attacks it has carried out, it exhibits a different operational strategy by carrying out all the processes necessary to obtain initial access through personalized SMS (smishing) or by calling the person directly (vishing) and tricking the victim into installing remote monitoring and management (RMM) software.

8.3.25

Ragnar Loader

MALWARE

Loader

(a.k.a Sardonic Backdoor) is a sophisticated toolkit of the Monstrous Mantis

7.3.25

Desert Dexter malicious campaign

ALERTS

CAMPAIGN

Desert Dexter is a recently reported malicious operation targeting users based in Middle East and North Africa. The responsible threat actors are distributing malicious binaries hosted on legitimate file-sharing portals or via seemingly harmless Telegram channels.

7.3.25

Latest Njrat variant uses Microsoft Dev Tunnels for C2 communications

ALERTS

VIRUS

A new variant of the NjRAT malware has been reported in the wild. NjRAT (also known as Bladabindi or Ratenjay) is an older but still widely used Remote Access Trojan (RAT). This malware is often used to extract data from the compromised endpoints, send commands via remote shell, manipulate the registry as well as download additional payloads.

7.3.25

Medusa ransomware activity on the rise

ALERTS

RANSOM

Medusa ransomware attacks jumped by 42% between 2023 and 2024. This increase in activity continues to escalate, with almost twice as many Medusa attacks observed in January and February 2025 as in the first two months of 2024.

7.3.25

A new campaign targeting ISP infrastructure with infostealers

ALERTS

VIRUS

A new campaign targeting ISP (Internet service providers) infrastructure with infostealers and cryptocurrency miners has been reported in the wild. In the initial attack stages the threat actors are leveraging brute force attacks to access the vulnerable environments.

7.3.25

Cobalt Strike kit

MALWARE

Kit

Unmasking the new persistent attacks on Japan

7.3.25

CVE-2024-4577

VULNEREBILITY

VULNEREBILITY

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions

7.3.25

Medusa ransomware

RANSOMWARE

RANSOMWARE

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024.

7.3.25

CVE-2025-25012

VULNEREBILITY

VULNEREBILITY

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role

7.3.25

EncryptRAT

MALWARE

RAT

Unveiling EncryptHub: Analysis of a multi-stage malware campaign

7.3.25

JavaScript Backdoors Enabling Persistent Attacker Access

ATTACK

JavaScript

Thousands of websites hit by four backdoors in 3rd party JavaScript attack

6.3.25

Silk Typhoon

GROUP

APT

Silk Typhoon targeting IT supply chain

6.3.25

Poco RAT

MALWARE

RAT

The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT

6.3.25

Dark Caracal

GROUP

APT

The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT

6.3.25

Lotus Panda

GROUP

APT

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

5.3.25

Phishing campaign used to deliver Havoc malware

ALERTS

CAMPAIGN

In a new report, researchers at Fortinet have detailed a phishing campaign that was used to deliver Havoc malware. Havoc is a malicious framework, akin to Cobalt Strike, that is actively leveraged to compromise victims.

5.3.25

Danger & Loches - recent Globeimposter ransomware variants seen in the wild

ALERTS

RANSOM

Dange and Loches are the two most recently identified variants of the Globeimposter ransomware family. The malware will encrypt user data and append .danger or .loches extension to the locked files respectively.

5.3.25

GrassCall malware campaign spreads infostealers to job seekers

ALERTS

VIRUS

GrassCall is a recently identified campaign attributed to the threat group known as Crazy Evil. The attack has been targeting job seekers with fake job interviews in efforts to distribute malicious executables used for infostealing.

5.3.25

CVE-2024-12356 - BeyondTrust PRA and RS vulnerability

ALERTS

VULNEREBILITY

CVE-2024-12356  is a critical (CVSS score 9.8) command injection vulnerability affecting the BeyondTrust Privileged Remote Access (PRA) and BeyondTrust Remote Support (RS) software. If successfully exploited, the flaw might allow an unauthenticated attacker to inject commands that are run as a site user.

5.3.25

Leveraging malicious LNK files and Null-AMSI tool to deliver AsyncRAT

ALERTS

VIRUS

A malware campaign using malicious LNK files disguised as wallpapers to lure users has been observed. As part of the attack vector, the open-source Null-AMSI tool is employed to bypass malware scanning interfaces (AMSI) and Event Tracing for Windows (ETW).

5.3.25

Attackers spread Winos4.0 malware using taxation as a lure

ALERTS

VIRUS

The Winos4.0 malware framework has been used by threat groups to perpetrate attacks against intended victims. In a recent report from Fortinet, they have outlined an attack observed against users in Taiwan, using a tax related lure to distribute Winos4.0 malware.

5.3.25

Fake browser updates being distributed through malicious redirects

ALERTS

VIRUS

Security researchers have observed recent malware campaigns utilizing web-based malware distribution via compromised sites rather than relying solely on email-based attacks to spread malicious links.

5.3.25

Typosquatted

MALWARE

Go

Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems

5.3.25

Black Basta and Cactus Ransomware

RANSOMWARE

RANSOMWARE

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

5.3.25

BackConnect

MALWARE

Stealer

Qbot is Back.Connect

5.3.25

CVE-2025-22224

VULNEREBILITY

VULNEREBILITY

(CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with local administrative privileges on a virtual machine could exploit to execute code as the virtual machine's VMX process running on the host

5.3.25

CVE-2025-22225

VULNEREBILITY

VULNEREBILITY

(CVSS score: 8.2) - An arbitrary write vulnerability that a malicious actor with privileges within the VMX process could exploit to result in a sandbox escape

5.3.25

CVE-2025-22226

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.1) - An information disclosure vulnerability due to an out-of-bounds read in HGFS that a malicious actor with administrative privileges to a virtual machine could exploit to leak memory from the vmx process

5.3.25

Polyglot Malware

MALWARE

Go

Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware

5.3.25

clipper malware

MALWARE

Infostealer

Infostealer Campaign against ISPs

4.3.25

CVE-2023-20118

VULNEREBILITY

VULNEREBILITY

(CVSS score: 6.5) - A command injection vulnerability in the web-based management interface of Cisco Small Business RV Series routers that allows an authenticated, remote attacker to gain root-level privileges and access unauthorized data (Unpatched due to the routers reaching end-of-life status)

4.3.25

CVE-2022-43939

VULNEREBILITY

VULNEREBILITY

(CVSS score: 8.6) - An authorization bypass vulnerability in Hitachi Vantara Pentaho BA Server that stems from the use of non-canonical URL paths for authorization decisions (Fixed in August 2024 with versions 9.3.0.2 and 9.4.0.1)

4.3.25

CVE-2022-43769

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.8) - An improper resource shutdown or release vulnerability in Microsoft Windows Win32k that allows for local, authenticated privilege escalation, and running arbitrary code in kernel mode (Fixed in December 2018)

4.3.25

CVE-2018-8639

VULNEREBILITY

VULNEREBILITY

(CVSS score: 7.8) - An improper resource shutdown or release vulnerability in Microsoft Windows Win32k that allows for local, authenticated privilege escalation, and running arbitrary code in kernel mode (Fixed in December 2018)

4.3.25

CVE-2024-4885

VULNEREBILITY

VULNEREBILITY

(CVSS score: 9.8) - A path traversal vulnerability in Progress WhatsUp Gold that allows an unauthenticated attacker to achieve remote code execution (Fixed in version 2023.1.3 in June 2024)

4.3.25

CVE-2024-43093

VULNEREBILITY

VULNEREBILITY

A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective sub-directories.

4.3.25

CVE-2024-50302

VULNEREBILITY

VULNEREBILITY

A privilege escalation flaw in the HID USB component of the Linux kernel that could lead to a leak of uninitialized kernel memory to a local attacker through specially crafted HID reports.

4.3.25

JavaGhost’s

GROUP

GROUP

JavaGhost’s Persistent Phishing Attacks From the Cloud

4.3.25

Havoc

MALWARE

Loader

Havoc: SharePoint with Microsoft Graph API turns into FUD C2

4.3.25

CVE-2025-0285

VULNEREBILITY

VULNEREBILITY

An arbitrary kernel memory mapping vulnerability in version 7.9.1 caused by a failure to validate user-supplied data lengths. Attackers can exploit this flaw to escalate privileges.

4.3.25

CVE-2025-0286

VULNEREBILITY

VULNEREBILITY

An arbitrary kernel memory write vulnerability in version 7.9.1 due to improper validation of user-supplied data lengths.

4.3.25

CVE-2025-0287

VULNEREBILITY

VULNEREBILITY

A null pointer dereference vulnerability in version 7.9.1 caused by the absence of a valid MasterLrp structure in the input buffer.

4.3.25

CVE-2025-0288

VULNEREBILITY

VULNEREBILITY

An arbitrary kernel memory vulnerability in version 7.9.1 caused by the memmove function, which fails to sanitize user-controlled input.

4.3.25

CVE-2025-0289

VULNEREBILITY

VULNEREBILITY

An insecure kernel resource access vulnerability in version 17 caused by failure to validate the MappedSystemVa pointer before passing it to HalReturnToFirmware.

4.3.25

Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks

ALERT

ALERT

Paragon Partition Manager's BioNTdrv.sys driver, versions prior to 2.0.0, contains five vulnerabilities.

3.3.25

Vo1d Botnet

BOTNET

BOTNET

Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally

1.3.25

LCRYX Ransomware

ALERTS

RANSOM

LCRYX is a VBScript-based ransomware discovered in the wild last year. The malware encrypts user data, appends ‘.lcryx’ to the locked files and demands ransom payment in the Bitcoin cryptocurrency.

1.3.25

New Squidoor backdoor variant distributed in latest campaigns

ALERTS

VIRUS

Squidoor is a modular multi-platform backdoor variant supporting both Windows and Linux platforms. According to the researchers from Palo Alto, the newest strain of this malware is distributed in attacks associated with suspected Chinese threat actors.

1.3.25

Bank of Yokohama users targeted with new phishing emails

ALERTS

PHISHING

In Japan, the Bank of Yokohama is the largest regional bank headquartered in Yokohama.

1.3.25

Billbug (aka Lotus Blossom) threat group uses Sagerunex malware to target numerous victims

ALERTS

APT

The Billbug (aka Lotus Blossom) threat group has been observed leveraging Sagerunex malware, along with other hacking tools, to target numerous victims across industries.

1.3.25

CVE-2024-53197

VULNEREBILITY

VULNEREBILITY

(CVSS score: N/A) - An out-of-bounds access vulnerability for Extigy and Mbox devices

1.3.25

CVE-2024-50302

VULNEREBILITY

VULNEREBILITY

(CVSS score: 5.5) - A use of an uninitialized resource vulnerability that could be used to leak kernel memory