2025 January(141)  February(191) March(268) April(349) May(260) June(502) July(25) August(0) September(0)  THREATS YEARS

DATE

NAME

INFO

CATEGORY

SUBCATE
11.7.25 CVE-2025-25257 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2024-45434 Use-After-Free in AVRCP service VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2024-45431 Improper validation of an L2CAP channel's remote CID VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2024-45433 Incorrect function termination in RFCOMM VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2024-45432 Function call with incorrect parameter in RFCOMM VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2025-47812 In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2025-5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server VULNEREBILITY VULNEREBILITY
11.7.25 CVE-2025-6514 Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients VULNEREBILITY VULNEREBILITY
11.7.25 PerfektBlue PerfektBlue is the industry-wide critical over-the-air attack chain affecting millions of devices in automotive and other industries. ATTACK bluetooth
10.7.25 macOS.ZuRu macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App MALWARE MacOS
10.7.25 CVE-2024-36349 (CVSS score: 3.8) - A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage VULNEREBILITY VULNEREBILITY
10.7.25 CVE-2024-36348 (CVSS score: 3.8) - A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP[3] feature is enabled, potentially resulting in information leakage VULNEREBILITY VULNEREBILITY
10.7.25 CVE-2024-36357 (CVSS score: 5.6) - A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries VULNEREBILITY VULNEREBILITY
10.7.25 CVE-2024-36350 (CVSS score: 5.6) - A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information VULNEREBILITY VULNEREBILITY
10.7.25 AMD Transient Scheduler Attacks AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft® report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks”. ATTACK CPU
10.7.25 CVE-2025-3648 CVE-2025-3648 - Data Inference in Now Platform via Conditional ACLs VULNEREBILITY VULNEREBILITY
9.7.25 ZDI-25-587 Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-586 Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-585 Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-584 Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-583 Microsoft Windows Startup Folder SmartScreen Bypass Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-582 (Pwn2Own) Microsoft SharePoint DataSetSurrogateSelector Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-581 (Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-580 Microsoft PC Manager Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-579 Microsoft Windows win32kfull Integer Overflow Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-578 Microsoft Windows AppX Deployment Service Link Following Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-577 Siemens SINEC NMS uploadFWBinary Directory Traversal Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-576 Siemens SINEC NMS unZipJarFilestoLocation Directory Traversal Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-575 Siemens SINEC NMS reqToChangePassword Authentication Bypass Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-574 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-573 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-572 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-571 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-570 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-569 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-568 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-567 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-566 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-565 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-564 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-563 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-562 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-561 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-560 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-559 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-558 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-557 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-556 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-555 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-554 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-553 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-552 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-551 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-550 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-549 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-548 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-547 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-546 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-545 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-543 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-542 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-541 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-540 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-539 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-538 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-537 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-536 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-535 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-534 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-533 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-532 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-531 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-530 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-529 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-528 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-527 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-526 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-525 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-524 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-523 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-522 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-521 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-520 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-519 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-518 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-517 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-516 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-515 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-514 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-513 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-512 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-511 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-510 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-509 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-508 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-507 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-506 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-505 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-504 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-503 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-502 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-501 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-500 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-499 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-498 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-497 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-496 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-495 IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-494 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-493 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-492 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-491 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-490 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-489 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-488 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-487 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-486 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-485 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-484 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-483 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-482 (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-481 (0Day) INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-480 (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-479 (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-478 (0Day) INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-477 (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-476 (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-475 (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-474 (0Day) INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 ZDI-25-473 Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

ZERO-DAY

ZERO-DAY
9.7.25 NordDragonScan infostealer NordDragonScan is a new Windows-based infostealing malware variant identified by the researchers from Fortinet. Recently observed campaigns leverage malicious .HTA files in order to deliver infostealing payload to the intended victims. ALERTS VIRUS
9.7.25 RondoDox botnet RondoDox is new botnet identified recently by the researchers from Fortinet. RondoDox has been reported to leverage two high severity vulnerabilities for spreading: CVE-2024-3721 and CVE-2024-12856.

ALERTS

 BOTNET
9.7.25 Datebug APT attacks against BOSS Linux systems Datebug threat group (also known as APT36 or Transparent Tribe) has been reported to conduct a new campaign targeting the BOSS Linux systems.

ALERTS

 APT
9.7.25 NimDoor - a Nim-based malware for macOS NimDoor is a newly identified macOS malware variant for the macOS platform. Compiled in the Nim programming language, the malware targets Web3 and Cryptocurrency-related platforms. The attackers leverage social engineering tactics to approach their victims.

ALERTS

 VIRUS
9.7.25 SHELLTER Taking SHELLTER: a commercial evasion framework abused in- the- wild MALWARE INFOSTEALER
9.7.25 Anatsa Anatsa Targets North America; Uses Proven Mobile Campaign Process MALWARE Mobil
8.7.25 NordDragonScan NordDragonScan: Quiet Data-Harvester on Windows MALWARE INFOSTEALER
8.7.25 CVE-2024-12856 The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. VULNEREBILITY VULNEREBILITY
8.7.25 CVE-2024-3721 A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. VULNEREBILITY VULNEREBILITY
8.7.25 RondoDox RondoDox Unveiled: Breaking Down a New Botnet Threat BOTNET BOTNET
8.7.25 Batavia Batavia spyware steals data from Russian organizations MALWARE SPYWARE
8.7.25 CVE-2019-9621 (CVSS score: 7.5) - A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could result in unauthorized access to internal resources and remote code execution VULNEREBILITY VULNEREBILITY
8.7.25 CVE-2019-5418 (CVSS score: 7.5) - A path traversal vulnerability in Ruby on Rails' Action View that could cause contents of arbitrary files on the target system's file system to be exposed VULNEREBILITY VULNEREBILITY
8.7.25 CVE-2016-10033 (CVSS score: 9.8) - A command injection vulnerability in PHPMailer that could allow an attacker to execute arbitrary code within the context of the application or result in a denial-of-service (DoS) condition VULNEREBILITY VULNEREBILITY
8.7.25 CVE-2014-3931 (CVSS score: 9.8) - A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory write and memory corruption VULNEREBILITY VULNEREBILITY
8.7.25 DRAT V2 DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal MALWARE RAT
6.7.25 Malicious Abuse of ConnectWise (ScreenConnect) Over the past several months, we have observed a sharp increase in the malicious use of the popular Remote Monitoring and Management (RMM) tool ConnectWise by ransomware operators, Initial Access Brokers, APTs, and other eCrime actors. ALERTS APT
6.7.25 Remcos malspam campaign starts with a tar archive A recently observed Remcos campaign began with a malicious email containing a .tar archive attachment. The archive contains a .lnk file which launches PowerShell to download the Remcos payload.

ALERTS

 CAMPAIGN
6.7.25 Janela RAT delivered in a recent campaign Janela RAT (Remote Access Trojan) is a modified variant of a malware known as BX RAT. Janela RAT has been previously seen spread in campaigns targeting banking users from the LATAM region.

ALERTS

 VIRUS
6.7.25 Blackmoon’s expanding arsenal The Blackmoon banking trojan, known for targeting users of online financial services, particularly in South Korea, has evolved into a more deceptive and multi-functional threat.

ALERTS

 VIRUS
6.7.25 DEVMAN - a new DragonForce ransomware variant DEVMAN is a new customized ransomware variant from the DragonForce malware family. The malware encrypts data and appends .DEVMAN extension to locked files.

ALERTS

 RANSOM
6.7.25 GIFTEDCROOK malware upgraded for document theft via Telegram An enhanced version of the GIFTEDCROOK malware, operated by the UAC-0226 threat group has been reported, marking a significant upgrade from its earlier capabilities first observed in February 2025.

ALERTS

 VIRUS
5.7.25 ZDI-25-472 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
5.7.25 ZDI-25-471 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
5.7.25 ZDI-25-470 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
5.7.25 ZDI-25-469 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
5.7.25 ZDI-25-468 GFI Archiver Telerik Web UI Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
5.7.25 ZDI-25-467 GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY
5.7.25 CVE-2025-20309 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, VULNEREBILITY VULNEREBILITY
5.7.25 CVE-2025-6463 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including, 1.44.2. VULNEREBILITY VULNEREBILITY
5.7.25 FileFix (Part 2) Last week I released the FileFix attack blog post which is an alternative to the traditional ClickFix attack. This blog post explores another variation to the original FileFix attack. ATTACK ATTACK
5.7.25 Chisel Chisel is an open-source project by Jaime Pillora (jpillora) that allows tunneling TCP and UDP connections via HTTP. It is available across platforms and written in Go. While benign in itself, Chisel has been utilized by multiple threat actors. It was for example observed by SentinelOne during a PYSA ransomware campaign to achieve persistence and used as backdoor. MALWARE Backdoor
5.7.25 CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines VULNEREBILITY VULNEREBILITY
5.7.25 CVE-2025-32463 (CVSS score: 9.3) - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option VULNEREBILITY VULNEREBILITY
4.7.25 The Continuous Evolution of Ad Fraud Exploiting App Stores as a Front  The IAS Threat Lab has uncovered "Kaleidoscope," an insidiously adaptive Android ad fraud operation that employs legitimate-looking apps hosted on Google Play as a deceptive façade, while its malicious duplicate counterparts, distributed predominantly through third-party app stores, drive fraudulent ad supply. REPORT REPORT
3.7.25 HOUKEN SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS REPORT REPORT
3.7.25 CVE-2025-20309 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. VULNEREBILITY VULNEREBILITY
3.7.25 NimDoor macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware MALWARE macOS
2.7.25 Braodo infostealer hosts downloaded components on GitHub A recently observed campaign involving Braodo stealer malware leveraged GitHub to house multiple components downloaded in the attack chain. ALERTS VIRUS
2.7.25 CVE-2025-4322: WordPress Motors theme privilege escalation vulnerability CVE-2025-4322 is a critical unauthenticated privilege escalation vulnerability (CVSS 9.8) affecting the WordPress Motors theme in versions up to 5.6.67.

ALERTS

 VULNEREBILITY
2.7.25 EmailJS and HubSpot Abused in CCMA Phishing Scheme A new phishing campaign is circulating under the guise of a legal summons from South Africa’s Commission for Conciliation, Mediation and Arbitration (CCMA), leveraging urgency and fear to pressure recipients into action.

ALERTS

 PHISHING
2.7.25 Nebulous Mantis (a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is a Russian-speaking cyber espionage group that has actively deployed the RomCom remote access trojan (RAT) and Hancitor loader in targeted campaigns since mid-2019. CAMPAIGN CAMPAIGN
2.7.25 TransferLoader Zscaler ThreatLabz has identified a new malware loader that we have named TransferLoader, which has been active since at least February 2025. MALWARE LOADER
2.7.25 DAMASCENED PEACOCK A lightweight, staged downloader targeting Windows, delivered via spear-phishing. MALWARE DOWNLOADER
2.7.25 CVE-2025-49596 The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio VULNEREBILITY VULNEREBILITY
1.7.25 CVE-2025-6554 Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) VULNEREBILITY VULNEREBILITY
1.7.25 Iranian Cyber Actors May Target Vulnerable
US Networks and Entities of Interest		 The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) (hereafter referred to as the authoring agencies) strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors. REPORT REPORT