2024 January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(316) September(186) October(24) November(114) December(126) | 2025 January(141) February(191) March(0) April(0) May(0) June(0) July(0) August(0) September(0)
DATE |
NAME |
CATEGORY |
SUBCATE |
INFO |
13.3.25 | DocSwap mobile malware | VIRUS | DocSwap is a new mobile malware variant distributed under the disguise of a "document viewing authentication" mobile app. | |
13.3.25 | A new campaign distributing scam crypto investment platforms | CRYPTOCURRENCY | A new campaign spreading fraudulent cryptocurrency investment platforms has been reported by researchers from Palo Alto. The attackers leverage websites and Android mobile apps masqueraded as known brands of retail stores, financial institutions or technology companies to lure their victims. | |
13.3.25 | CVE-2025-25181 - Advantive VeraCore SQL Injection vulnerability | VULNEREBILITY | CVE-2025-25181 is a SQL Injection vulnerability affecting Advantive VeraCore, which is an order fulfillment and warehouse management software. If successfully exploited, the flaw might allow the remote attackers to execute arbitrary SQL commands via the PmSess1 parameter and gain unauthorized access to sensitive data. | |
13.3.25 | Ballista botnet targets TP-Link Archer routers via vulnerability exploitation | BOTNET | A new botnet dubbed Ballista has targeted organizations in Australia, China, Mexico, and the US focusing on healthcare, manufacturing, services, and technology sectors. | |
13.3.25 | Credential Theft Campaign Disguised as Construction Quote Requests | PHISHING | An actor has been running a large phishing campaign, targeting businesses with emails disguised as requests for quotations. The emails, sent from multiple Outlook, Live, Hotmail, and MSN addresses, urge recipients to review an attached document, claiming it contains the scope of work for an urgent project. | |
13.3.25 | PlayPraetor mobile malware | VIRUS | PlayPraetor is a mobile malware recently distributed via fake Play Store websites. Many of the observed fraudulent domains leverage typo-squatting techniques to lure the unsuspecting victims into downloading the malicious binaries. | |
13.3.25 | CVE-2024-32444 and CVE-2024-32555 - WordPress RealHome and Easy Real Estate Plugin vulnerabilities | VULNEREBILITY | CVE-2024-32444 and CVE-2024-32555 are two recently disclosed vulnerabilities affecting WordPress RealHome and WordPress Easy Real Estate Plugin respectively. | |
13.3.25 | Blind Eagle malicious .url files variant | APT | Blind Eagle (aka APT-C-36), is a threat actor group that engages in both espionage and cyber-crime. It primarily targets organizations in Colombia and other Latin American countries focusing on government institutions, financial organizations, and critical infrastructure. | |
13.3.25 | Malvertising campaign found in pirate streaming sites leading to infostealers | VIRUS | A malvertising campaign has been recently disclosed by Microsoft. The malicious actors start by injecting malvertising redirectors into videos hosted on pirate streaming sites. | |
13.3.25 | Phishing Campaign Impersonates Korean Tax Service | PHISHING | A new wave phishing is making rounds in South Korea, disguising itself as an official email from the Korean National Tax Service (NTS). The email claims to contain an electronic tax invoice and includes an HTML attachment named NTS_eTaxInvoice.html. | |
13.3.25 | Malicious operations attributed to the EncryptHub threat actor | RANSOM | EncryptHub is a new threat actor engaging in malicious operations distributing ransomware and infostealers (StealC, Rhadamanthys) to the unsuspecting victims. | |
13.3.25 | Leafperforator APT conducts attacks on maritime sector | APT | A new malicious campaign targeting the maritime and nuclear energy sector across South and Southeast Asia, the Middle East, and Africa has been attributed to the Leafperforator (also known as SideWinder) APT group. | |
13.3.25 | KoSpy | MALWARE | Spyware | Lookout Discovers New Spyware by North Korean APT37 |
13.3.25 | CVE-2025-25292 |
VULNEREBILITY |
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) | |
13.3.25 | CVE-2025-25291 |
VULNEREBILITY |
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) | |
13.3.25 | CVE-2025-27363 |
VULNEREBILITY |
n out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. | |
13.3.25 | Actor UNC3886 | GROUP | GROUP | Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers |
12.3.25 | CVE-2017-0929 |
VULNEREBILITY |
(CVSS score: 7.5) - DotNetNuke | |
12.3.25 | CVE-2020-7796 |
VULNEREBILITY |
(CVSS score: 9.8) - Zimbra Collaboration Suite | |
12.3.25 | CVE-2021-21973 |
VULNEREBILITY |
(CVSS score: 5.3) - VMware vCenter | |
12.3.25 | CVE-2021-22054 |
VULNEREBILITY |
(CVSS score: 7.5) - VMware Workspace ONE UEM | |
12.3.25 | CVE-2021-22175 |
VULNEREBILITY |
(CVSS score: 9.8) - GitLab CE/EE | |
12.3.25 | CVE-2021-22214 |
VULNEREBILITY |
CVSS score: 8.6) - GitLab CE/EE | |
12.3.25 | CVE-2021-39935 |
VULNEREBILITY |
(CVSS score: 7.5) - GitLab CE/EE | |
12.3.25 | CVE-2023-5830 |
VULNEREBILITY |
(CVSS score: 9.8) - ColumbiaSoft DocumentLocator | |
12.3.25 | CVE-2024-6587 |
VULNEREBILITY |
(CVSS score: 7.5) - BerriAI LiteLLM | |
12.3.25 | CVE-2024-21893 |
VULNEREBILITY |
(CVSS score: 8.2) - Ivanti Connect Secure | |
12.3.25 | CVE-2025-24983 |
VULNEREBILITY |
(CVSS score: 7.0) - A Windows Win32 Kernel Subsystem use-after-free (UAF) vulnerability that allows an authorized attacker to elevate privileges locally | |
12.3.25 | CVE-2025-24984 |
VULNEREBILITY |
(CVSS score: 4.6) - A Windows NTFS information disclosure vulnerability that allows an attacker with physical access to a target device and the ability to plug in a malicious USB drive to potentially read portions of heap memory | |
12.3.25 | CVE-2025-24985 |
VULNEREBILITY |
(CVSS score: 7.8) - An integer overflow vulnerability in Windows Fast FAT File System Driver that allows an unauthorized attacker to execute code locally |
|
12.3.25 | CVE-2025-24991 |
VULNEREBILITY |
(CVSS score: 5.5) - An out-of-bounds read vulnerability in Windows NTFS that allows an authorized attacker to disclose information locally | |
12.3.25 | CVE-2025-24993 |
VULNEREBILITY |
(CVSS score: 7.8) - A heap-based buffer overflow vulnerability in Windows NTFS that allows an unauthorized attacker to execute code locally | |
12.3.25 | CVE-2025-26633 |
VULNEREBILITY |
(CVSS score: 7.0) - An improper neutralization vulnerability in Microsoft Management Console that allows an unauthorized attacker to bypass a security feature locally | |
12.3.25 | Apple security releases | VULNEREBILITY | Update | This document lists security updates and Rapid Security Responses for Apple software. |
12.3.25 | Blind Eagle: | APT | APT | Blind Eagle: …And Justice for All |
11.3.25 | New Poco RAT distribution campaign | VIRUS | A new campaign distributing Poco RAT to Spanish-speaking users in Latin America has been reported in the wild. The campaign has been attributed to the Darkling APT (aka Dark Caracal). The group is known to leverage Bandook-based backdoors in their attacks. | |
11.3.25 | CVE-2024-13159 - Ivanti Endpoint Manager (EPM) Absolute Path Traversal vulnerability | VULNEREBILITY | CVE-2024-13159 is a critical (CVSS score 9.8) absolute path traversal vulnerability affecting the Ivanti Endpoint Manager (EPM) software. If successfully exploited, the flaw might allow a remote unauthenticated attacker to leak sensitive information. | |
11.3.25 | Ballista Botnet | BOTNET | BOTNET | Cato CTRL™ Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers |
11.3.25 | SideWinder | APT | APT | SideWinder targets the maritime and nuclear sectors with an updated toolset |
11.3.25 | CVE-2024-57968 |
VULNEREBILITY |
An unrestricted file upload vulnerability in Advantive VeraCore that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx | |
11.3.25 | CVE-2025-25181 |
VULNEREBILITY |
An SQL injection vulnerability in Advantive VeraCore that allows a remote attacker to execute arbitrary SQL commands | |
11.3.25 | CVE-2024-13159 |
VULNEREBILITY |
An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information | |
11.3.25 | CVE-2024-13160 |
VULNEREBILITY |
An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information | |
11.3.25 | CVE-2024-13161 |
VULNEREBILITY |
An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information | |
11.3.25 | CVE-2024-12297 |
VULNEREBILITY |
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. | |
10.3.25 | Strela Stealer targets MS Outlook users credentials | VIRUS | Strela Stealer is a malware infostealer typically distributed through phishing campaigns affecting users in Italy, Germany, Spain, and Ukraine. It is designed to target specific email clients (notably Microsoft Outlook and Mozilla Thunderbird) and exfiltrate email login credentials. | |
10.3.25 | Boramae Ransomware | RANSOM | Boramae is a new ransomware discovered just recently in the threat landscape and a suspected variant of the Beast aka BlackLockbit malware family. The malware encrypts user files and appends ".boramae" to them. | |
10.3.25 | Phantom-Goblin operation spreading infostealers to victims | OPERATION | Phantom-Goblin is the name of a malicious infostealing campaign recently identified in the wild. The attackers responsible are leveraging social engineering techniques luring victims into execution of malicious .LNK files. | |
10.3.25 | Ebyte Ransomware | Desert Dexter is a recently reported malicious operation targeting users based in Middle East and North Africa. The responsible threat actors are distributing malicious binaries hosted on legitimate file-sharing portals or via seemingly harmless Telegram channels. | ||
10.3.25 | Polymorphic Extensions | HACKING | HACKING | Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension |
10.3.25 | Desert Dexter. Attacks | CAMPAIGN | Malware | Desert Dexter. Attacks on Middle Eastern countries |
10.3.25 | SilentCryptoMiner | CRYPTOCURRENCY | CRYPTOCURRENCY | Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool |
9.3.25 | CVE-2025-27840 |
VULNEREBILITY |
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). | |
9.3.25 | CVE-2025-1316 |
VULNEREBILITY |
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device | |
8.3.25 | BADBOX 2.0 | MALWARE | Android | Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes |
8.3.25 | Phishing Campaign Using Private Video Sharing | CAMPAIGN | PHISHING | We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. |
8.3.25 | Snail Mail Fail | CAMPAIGN | Ransom | Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear |
8.3.25 | Zloader 2.9.4.0 |
Loader |
Inside Zloader’s Latest Trick: DNS Tunneling | |
8.3.25 |
Stealer |
TMPN (Skuld) Stealer: The dark side of open source |
||
8.3.25 |
AI |
Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity |
||
8.3.25 |
GROUP |
(EncryptHub) is a threat actor that has come to the forefront with highly sophisticated spear-phishing attacks since 26 June 2024. In the attacks it has carried out, it exhibits a different operational strategy by carrying out all the processes necessary to obtain initial access through personalized SMS (smishing) or by calling the person directly (vishing) and tricking the victim into installing remote monitoring and management (RMM) software. |
||
8.3.25 |
Loader |
(a.k.a Sardonic Backdoor) is a sophisticated toolkit of the Monstrous Mantis |
||
7.3.25 |
Desert Dexter is a recently reported malicious operation targeting users based in Middle East and North Africa. The responsible threat actors are distributing malicious binaries hosted on legitimate file-sharing portals or via seemingly harmless Telegram channels. |
|||
7.3.25 |
Latest Njrat variant uses Microsoft Dev Tunnels for C2 communications |
A new variant of the NjRAT malware has been reported in the wild. NjRAT (also known as Bladabindi or Ratenjay) is an older but still widely used Remote Access Trojan (RAT). This malware is often used to extract data from the compromised endpoints, send commands via remote shell, manipulate the registry as well as download additional payloads. |
||
7.3.25 |
Medusa ransomware attacks jumped by 42% between 2023 and 2024. This increase in activity continues to escalate, with almost twice as many Medusa attacks observed in January and February 2025 as in the first two months of 2024. |
|||
7.3.25 |
A new campaign targeting ISP infrastructure with infostealers |
A new campaign targeting ISP (Internet service providers) infrastructure with infostealers and cryptocurrency miners has been reported in the wild. In the initial attack stages the threat actors are leveraging brute force attacks to access the vulnerable environments. |
||
7.3.25 |
Kit |
Unmasking the new persistent attacks on Japan |
||
7.3.25 |
VULNEREBILITY |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions |
||
7.3.25 |
RANSOMWARE |
The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. |
||
7.3.25 |
VULNEREBILITY |
Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role |
||
7.3.25 |
RAT |
Unveiling EncryptHub: Analysis of a multi-stage malware campaign |
||
7.3.25 |
JavaScript |
Thousands of websites hit by four backdoors in 3rd party JavaScript attack |
||
6.3.25 |
APT |
Silk Typhoon targeting IT supply chain |
||
6.3.25 |
RAT |
The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT |
||
6.3.25 |
APT |
The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT |
||
6.3.25 |
APT |
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools |
||
5.3.25 |
In a new report, researchers at Fortinet have detailed a phishing campaign that was used to deliver Havoc malware. Havoc is a malicious framework, akin to Cobalt Strike, that is actively leveraged to compromise victims. |
|||
5.3.25 |
Danger & Loches - recent Globeimposter ransomware variants seen in the wild |
Dange and Loches are the two most recently identified variants of the Globeimposter ransomware family. The malware will encrypt user data and append .danger or .loches extension to the locked files respectively. |
||
5.3.25 |
GrassCall malware campaign spreads infostealers to job seekers |
GrassCall is a recently identified campaign attributed to the threat group known as Crazy Evil. The attack has been targeting job seekers with fake job interviews in efforts to distribute malicious executables used for infostealing. |
||
5.3.25 |
CVE-2024-12356 is a critical (CVSS score 9.8) command injection vulnerability affecting the BeyondTrust Privileged Remote Access (PRA) and BeyondTrust Remote Support (RS) software. If successfully exploited, the flaw might allow an unauthenticated attacker to inject commands that are run as a site user. |
|||
5.3.25 |
Leveraging malicious LNK files and Null-AMSI tool to deliver AsyncRAT |
A malware campaign using malicious LNK files disguised as wallpapers to lure users has been observed. As part of the attack vector, the open-source Null-AMSI tool is employed to bypass malware scanning interfaces (AMSI) and Event Tracing for Windows (ETW). |
||
5.3.25 |
The Winos4.0 malware framework has been used by threat groups to perpetrate attacks against intended victims. In a recent report from Fortinet, they have outlined an attack observed against users in Taiwan, using a tax related lure to distribute Winos4.0 malware. |
|||
5.3.25 |
Fake browser updates being distributed through malicious redirects |
Security researchers have observed recent malware campaigns utilizing web-based malware distribution via compromised sites rather than relying solely on email-based attacks to spread malicious links. |
||
5.3.25 |
Go |
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems |
||
5.3.25 |
RANSOMWARE |
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal |
||
5.3.25 |
Stealer |
Qbot is Back.Connect |
||
5.3.25 |
VULNEREBILITY |
(CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with local administrative privileges on a virtual machine could exploit to execute code as the virtual machine's VMX process running on the host |
||
5.3.25 |
VULNEREBILITY |
(CVSS score: 8.2) - An arbitrary write vulnerability that a malicious actor with privileges within the VMX process could exploit to result in a sandbox escape |
||
5.3.25 |
VULNEREBILITY |
(CVSS score: 7.1) - An information disclosure vulnerability due to an out-of-bounds read in HGFS that a malicious actor with administrative privileges to a virtual machine could exploit to leak memory from the vmx process |
||
5.3.25 |
Go |
Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware |
||
5.3.25 |
Infostealer |
Infostealer Campaign against ISPs |
||
4.3.25 |
VULNEREBILITY |
(CVSS score: 6.5) - A command injection vulnerability in the web-based management interface of Cisco Small Business RV Series routers that allows an authenticated, remote attacker to gain root-level privileges and access unauthorized data (Unpatched due to the routers reaching end-of-life status) |
||
4.3.25 |
VULNEREBILITY |
(CVSS score: 8.6) - An authorization bypass vulnerability in Hitachi Vantara Pentaho BA Server that stems from the use of non-canonical URL paths for authorization decisions (Fixed in August 2024 with versions 9.3.0.2 and 9.4.0.1) |
||
4.3.25 |
VULNEREBILITY |
(CVSS score: 7.8) - An improper resource shutdown or release vulnerability in Microsoft Windows Win32k that allows for local, authenticated privilege escalation, and running arbitrary code in kernel mode (Fixed in December 2018) |
||
4.3.25 |
VULNEREBILITY |
(CVSS score: 7.8) - An improper resource shutdown or release vulnerability in Microsoft Windows Win32k that allows for local, authenticated privilege escalation, and running arbitrary code in kernel mode (Fixed in December 2018) |
||
4.3.25 |
VULNEREBILITY |
(CVSS score: 9.8) - A path traversal vulnerability in Progress WhatsUp Gold that allows an unauthenticated attacker to achieve remote code execution (Fixed in version 2023.1.3 in June 2024) |
||
4.3.25 |
VULNEREBILITY |
A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective sub-directories. |
||
4.3.25 |
VULNEREBILITY |
A privilege escalation flaw in the HID USB component of the Linux kernel that could lead to a leak of uninitialized kernel memory to a local attacker through specially crafted HID reports. |
||
4.3.25 |
GROUP |
JavaGhost’s Persistent Phishing Attacks From the Cloud |
||
4.3.25 |
Loader |
Havoc: SharePoint with Microsoft Graph API turns into FUD C2 |
||
4.3.25 |
VULNEREBILITY |
An arbitrary kernel memory mapping vulnerability in version 7.9.1 caused by a failure to validate user-supplied data lengths. Attackers can exploit this flaw to escalate privileges. |
||
4.3.25 |
VULNEREBILITY |
An arbitrary kernel memory write vulnerability in version 7.9.1 due to improper validation of user-supplied data lengths. |
||
4.3.25 |
VULNEREBILITY |
A null pointer dereference vulnerability in version 7.9.1 caused by the absence of a valid MasterLrp structure in the input buffer. |
||
4.3.25 |
VULNEREBILITY |
An arbitrary kernel memory vulnerability in version 7.9.1 caused by the memmove function, which fails to sanitize user-controlled input. |
||
4.3.25 |
VULNEREBILITY |
An insecure kernel resource access vulnerability in version 17 caused by failure to validate the MappedSystemVa pointer before passing it to HalReturnToFirmware. |
||
4.3.25 |
ALERT |
Paragon Partition Manager's BioNTdrv.sys driver, versions prior to 2.0.0, contains five vulnerabilities. |
||
3.3.25 |
BOTNET |
Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally |
||
1.3.25 |
LCRYX is a VBScript-based ransomware discovered in the wild last year. The malware encrypts user data, appends ‘.lcryx’ to the locked files and demands ransom payment in the Bitcoin cryptocurrency. |
|||
1.3.25 |
New Squidoor backdoor variant distributed in latest campaigns |
Squidoor is a modular multi-platform backdoor variant supporting both Windows and Linux platforms. According to the researchers from Palo Alto, the newest strain of this malware is distributed in attacks associated with suspected Chinese threat actors. |
||
1.3.25 |
In Japan, the Bank of Yokohama is the largest regional bank headquartered in Yokohama. |
|||
1.3.25 |
Billbug (aka Lotus Blossom) threat group uses Sagerunex malware to target numerous victims |
The Billbug (aka Lotus Blossom) threat group has been observed leveraging Sagerunex malware, along with other hacking tools, to target numerous victims across industries. |
||
1.3.25 |
VULNEREBILITY |
(CVSS score: N/A) - An out-of-bounds access vulnerability for Extigy and Mbox devices |
||
1.3.25 |
VULNEREBILITY |
(CVSS score: 5.5) - A use of an uninitialized resource vulnerability that could be used to leak kernel memory |