Category: Security Affairs

Experts warn that the carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards. D3 Lab researchers reported that on February 19, 2025, the carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards.…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Craft CMS and Palo Alto Networks PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known…

Read more →

Australian software firm Atlassian patched 12 critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira. Software firm Atlassian released security patches to address 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira products. The most…

Read more →

China-linked cyber espionage group Salt Typhoon uses custom malware JumbledPath to on spy U.S. telecom providers. Cisco Talos researchers reported that China-linked APT group Salt Typhoon uses a custom-built utility, dubbed JumbledPath, to spy on network traffic of U.S. telecommunication providers.…

Read more →

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. Orange Cyberdefense CERT uncovered a malware campaign, tracked as The Green Nailao campaign, that targeted European organizations, including healthcare, in late 2024, using ShadowPad,…

Read more →

Microsoft addressed a privilege escalation vulnerability in Power Pages, the flaw is actively exploited in attacks. Microsoft has addressed two critical vulnerabilities, tracked as CVE-2025-21355 (CVSS score: 8.6) and CVE-2025-24989 (CVSS score: 8.2), respectively impacting Bing and Power Pages. CVE-2025-21355 is a…

Read more →

Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) impacting NetScaler Console (formerly NetScaler ADM) and NetScaler…

Read more →

Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Palo Alto Networks warns that threat actors are chaining the vulnerability CVE-2025-0111 with two other vulnerabilities, tracked as CVE-2025-0108 with CVE-2024-9474,…

Read more →

Russia-linked threat actors exploit Signal ‘s “linked devices” feature to hijack accounts, per Google Threat Intelligence Group. Google Threat Intelligence Group (GTIG) researchers warn of multiple Russia-linked threat actors targeting Signal Messenger accounts used by individuals of interest to Russian…

Read more →

Venture capital firm Insight Partners suffered a cyberattack involving unauthorized access to its information systems. A cyber attack hit venture capital firm Insight Partners, threat actors gained unauthorized access to its information systems. Venture Capital (VC) is a form of…

Read more →

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions. The Qualys Threat Research Unit (TRU) has discovered two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465 (CVSS score: 6.8) can be exploited by an attacker to conduct…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its…

Read more →

Juniper Networks has addressed a critical vulnerability, tracked as CVE-2025-21589, impacting the Session Smart Router. Juniper Networks addressed a critical authentication bypass vulnerability, tracked as CVE-2025-21589 (CVSS score of 9.8), affecting its Session Smart Router product. “An Authentication Bypass Using an…

Read more →

China-linked threat actor Winnti targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024 as part of a campaign dubbed RevivalStone. Researchers from cybersecurity firm LAC uncovered a new cyberespionage campaign, tracked as RevivalStone, carried out by the…

Read more →

Xerox VersaLink C7025 Multifunction printer flaws could allow attackers to capture authentication credentials via pass-back attacks via LDAP and SMB/FTP services. Rapid7 researchers discovered vulnerabilities in Xerox Versalink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials…

Read more →

Microsoft discovered a new variant of the Apple macOS malware XCSSET that was employed in limited attacks in the wild. Microsoft Threat Intelligence discovered a new variant of the macOS malware XCSSET in attacks in the wild. XCSSET is a sophisticated modular…

Read more →

Dutch police seized 127 servers of the bulletproof hosting service Zservers/XHost after government sanctions. On February 11, 2025, the US, UK, and Australia sanctioned a Russian bulletproof hosting services provider and two Russian administrators because they supported Russian ransomware LockBit…

Read more →

Netskope Threat Labs researchers discovered a Golang-based backdoor using Telegram for C2 communication, possibly of Russian origin. Netskope Threat Labs found a Golang-based backdoor using Telegram for C2. The malware, still in development but functional, exploits cloud apps to evade…

Read more →

Pro-Russia collective NoName057(16) launched DDoS attacks on Italian sites, targeting airports, the Transport Authority, major ports, and banks. The pro-Russia hacker group NoName057(16) launched a new wave of DDoS attacks this morning against multiple Italian entities. The group targeted the…

Read more →

Researchers warn that the whoAMI attack lets attackers publish an AMI with a specific name to execute code in an AWS account. Cybersecurity researchers at Datadog Security Labs devised a new name confusion attack technique, called whoAMI, that allows threat…

Read more →

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. Microsoft Threat Intelligence researchers warn that threat actor Storm-2372, likely linked to Russia, has been targeting governments, NGOs, and…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach Google Tag Manager Skimmer Steals Credit Card Info From Magento Site …

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities…

Read more →

Threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls. Researchers warn that threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls. The Shadowserver Foundation researchers…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SimpleHelp vulnerability, tracked as CVE-2024-57727, to its Known Exploited Vulnerabilities (KEV) catalog. At the end…

Read more →

China-linked APT Salt Typhoon has breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. China-linked APT group Salt Typhoon is still targeting telecommunications providers worldwide, and according to a new report published by Recorded Future’s Insikt Group,…

Read more →

Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7. Rapid7 researchers discovered a high-severity SQL injection flaw, tracked as CVE-2025-1094, in PostgreSQL’s psql tool. The experts discovered the flaw while investigating…

Read more →

Valve removed a game from Steam because it contained malware, the company also warned affected users to reformat their operating systems. Valve removed the game PirateFi from the Steam video game platform because it contained a Windows malicious code to…

Read more →

Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies. Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies. That was especially notable during active periods of local conflicts, including…

Read more →

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed…

Read more →

A subgroup of the Russia-linked Seashell Blizzard APT group (aka Sandworm) ran a global multi-year initial access operation called BadPilot. Microsoft shared findings on research on a subgroup of the Russia-linked APT group Seashell Blizzard behind the global BadPilot campaign,…

Read more →

The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no…

Read more →

Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel, a Trump administration source told CNN. The New York Times first reported that Alexander Vinnik, a Russian money laundering suspect, is being released from U.S.…

Read more →

Microsoft Threat Intelligence has observed North Korea-linked APT Emerald Sleet using a new tactic, tricking targets into running PowerShell. Microsoft Threat Intelligence researchers spotted North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA) using a new…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-40891 is a…

Read more →

Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office…

Read more →

Fortinet warned of attacks using a now-patched zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls. Fortinet warned that threat actors are exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in FortiOS and FortiProxy to…

Read more →

OpenSSL patched the vulnerability CVE-2024-12797, a high-severity flaw found by Apple that enables man-in-the-middle attacks. The OpenSSL Project addressed a high-severity vulnerability, tracked as CVE-2024-12797, in its secure communications library.  The OpenSSL software library allows secure communications over computer networks against eavesdropping…

Read more →

Progress Software fixed multiple vulnerabilities in its LoadMaster software, which could be exploited to execute arbitrary system commands. Progress Software has addressed multiple high-severity security vulnerabilities (CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, CVE-2024-56135) in its LoadMaster software. Progress Software’s LoadMaster is a high-performance load…

Read more →

Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. Artificial intelligence (AI) is transforming industries and redefining how organizations protect their data in today’s fast-paced digital world. With over…

Read more →

Sucuri researchers observed threat actors leveraging Google Tag Manager (GTM) to install e-skimmer software on Magento-based e-stores. Sucuri researchers found threat actors using Google Tag Manager (GTM) to deploy e-skimmer malware on a Magento eCommerce site. Google Tag Manager (GTM)…

Read more →

Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The police took down the dark web data leak and…

Read more →

Apple released iOS and iPadOS updates to address a zero-day likely exploited in extremely sophisticated attacks targeting specific individuals. Apple released emergency security updates to address a zero-day vulnerability, tracked as CVE-2025-24200, that the company believes was exploited in “extremely…

Read more →

Hewlett Packard Enterprise (HPE) has begun notifying individuals affected by a December 2023 attack carried out by Russia-linked threat actors. Hewlett Packard Enterprise has started notifying individuals whose personal information was exposed in a December 2023 cyber attack. In January…

Read more →

The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks. A recent investigation by researchers from Intezer and Solis Security shed light on the recent operations of the XE Group. Active since…

Read more →

UK secretly demands Apple create an iCloud backdoor via a Technical Capability Notice, raising privacy concerns over end-to-end encryption. The UK demands Apple to create a backdoor to access any iCloud backups, the request raises concerns about user privacy and…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Malicious packages deepseeek and deepseekai published in Python Package Index   Coyote Banking Trojan: A Stealthy Attack via LNK Files  The Mac…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. PlayStation Network outage…

Read more →

PlayStation Network has been down for nearly a day, with little communication from Sony, leaving players frustrated. PlayStation Network has been down for almost a day all over the world, Sony confirmed it is aware of the global outage, but has…

Read more →

Researchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black…

Read more →

Russia’s intelligence recruits Ukrainians for terror attacks via messaging apps and forums, offering quick pay, Ukraine’s law enforcement warns. According to Ukraine’s law enforcement, Russian intelligence is using messaging apps and forums to recruit Ukrainians for terrorist attacks, offering quick…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trimble Cityworks vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Trimble Cityworks vulnerability, tracked as CVE-2025-0994, to its Known Exploited Vulnerabilities (KEV) catalog. Trimble…

Read more →

The cyberattack on Hospital Sisters Health System in 2023 compromised the personal information of 883,000 individuals. The cyberattack that hit the infrastructure of the Hospital Sisters Health System (HSHS) in August 2023 impacted the personal information of 882,782 individuals. The…

Read more →

Microsoft researchers warn that threat actors are delivering the Godzilla framework using a static ASP.NET machine. In December 2024, Microsoft Threat Intelligence researchers spotted a threat actor using a public ASP.NET machine key to deploy Godzilla malware, exploiting insecure key…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The…

Read more →

Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes. Cisco addressed multiple vulnerabilities, including two critical remote code execution flaws, tracked as CVE-2025-20124 (CVSS score of 9.9) and CVE-2025-20125 (CVSS score of 9.1), in…

Read more →

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S.. Targe including the U.S.…

Read more →

The North Korea-linked APT group Lazarus uses a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Bitdefender researchers reported that the North Korea-linked Lazarus group uses fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Linux kernel vulnerability, tracked as CVE-2024-53104, to its Known Exploited Vulnerabilities (KEV) catalog. The February…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited…

Read more →

In late 2024, Kaspersky experts discovered a malicious campaign, called SparkCat, spreading malware to target crypto wallets. In March 2023, ESET found malware in modified versions of messengers using OCR to scan the victim’s gallery for images with recovery phrases…

Read more →

The International Civil Aviation Organization (ICAO) is investigating a data breach affecting system and employee security. The International Civil Aviation Organization (ICAO), a specialized agency of the United Nations, is investigating a significant data breach that has raised concerns about…

Read more →

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. …

Read more →

Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them. Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117, impacting multiple WiFi router models and urged customers to install the latest firmware.…

Read more →

AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked as CVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV). An…

Read more →

Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Threat actors target Brazilian users by stealing…

Read more →

The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104, which is actively exploited in attacks in…

Read more →

Casio Website Infected With Skimmer  A threat actor has installed a web skimmer on all pages of the Casio UK’s website, except the checkout page. Jscrambler researchers uncovered a web skimmer campaign targeting multiple websites, including Casio one (casio.co.uk). The…

Read more →

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to…

Read more →

US Sen. Ron Wyden warns of national security risks after Elon Musk ’s DOGE was given full access to sensitive Treasury systems. Sen. Ron Wyden warned of national security risks after Elon Musk ’s team, Department of Government Efficiency (DOGE),…

Read more →

Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks. Texas Governor Greg Abbott banned Chinese AI company DeepSeek and Chinese-owned social media apps Xiaohongshu (RedNote) and Lemon8 from all state-issued devices. The AI-powered…

Read more →

U.S. and Dutch authorities seized 39 domains and servers linked to the HeartSender cybercrime group based in Pakistan. A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling  MintsLoader: StealC and BOINC Delivery   Cloud Ransomware Developments | The Risks of Customer-Managed…

Read more →

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A ransomware attack…

Read more →

Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies, a Tata Motors subsidiary, suspended some IT services following a ransomware attack. The company, which is engaged in product engineering, provides services to automotive and aerospace original…

Read more →

The New York Blood Center faced a ransomware attack on Sunday, forcing the healthcare organization to reschedule appointments. The New York Blood Center suffered a ransomware attack on Sunday, causing appointment rescheduling. The New York Blood Center (NYBC) is a…

Read more →

The U.S. CISA and the FDA warned of a hidden backdoor in Contec CMS8000 and Epsimed MN-120 patient monitors. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) warned that three flaws in Contec CMS8000…

Read more →

Community Health Center (CHC) data breach impacted over 1 million patients in Connecticut, the healthcare provider started notifying them. Community Health Center (CHC) is a leading healthcare provider based in Connecticut, offering primary care, dental, behavioral health, and specialty services.…

Read more →

Italy’s data protection authority Garante blocked the DeepSeek AI service due to insufficient transparency regarding user data process. Italy’s data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek ‘s chatbot service within the country, citing a lack of information on…

Read more →

Broadcom patched five flaws in VMware Aria Operations and Aria Operations for Logs that could lead to privilege escalation and credential theft. Broadcom addressed the following vulnerabilities in VMware Aria Operations and Aria Operations for Logs: The above vulnerabilities impact…

Read more →

Chinese AI platform DeepSeek has publicly exposed two databases containing highly sensitive user and backend details. Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek, exposing chat history, secret keys, and backend details. After responsible disclosure, DeepSeek promptly…

Read more →

An international law enforcement operation targeted several major cybercrime websites, including Cracked, Nulled, Sellix, and StarkRDP.  An international law enforcement operation led by Europol, code-named Operation Talent, dismantled several major cybercrime sites, including Cracked, Nulled, Sellix, and StarkRDP.  The message…

Read more →

TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications. TeamViewer released security patches for a high-severity elevation of privilege vulnerability, tracked as CVE-2025-0065 (CVSS score of 7.8), in its remote access solutions for Windows.…

Read more →

The open-source PHP package Voyager is affected by three vulnerabilities that could be exploited to achieve one-click remote code execution on affected instances. Voyager is a popular open-source PHP package for managing Laravel applications, offering an admin interface, BREAD operations, media, and…

Read more →

Italy’s data privacy regulator Garante has requested information from Chinese AI company DeepSeek regarding its data practices. Italy’s Data Protection Authority Garante has asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing…

Read more →

A new variant of the Mirai-based botnet Aquabot targets vulnerable Mitel SIP phones to recruit them into a DDoS botnet. Akamai researchers spotted a new variant of the Mirai-based botnet Aquabot that is targeting vulnerable Mitel SIP phones. Aquabot is…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple Multiple Products Use-After-Free Vulnerability, tracked as CVE-2025-24085, to its Known Exploited Vulnerabilities (KEV) catalog. This…

Read more →

A critical flaw in Cacti open-source network monitoring and fault management framework that could allow remote code execution. Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management framework for users. A critical vulnerability, tracked…

Read more →

Experts warn that threat actors are actively exploiting critical zero-day vulnerability, tracked as CVE-2024-40891, in Zyxel CPE Series devices. GreyNoise researchers are observing active exploitation attempts targeting a zero-day, tracked as CVE-2024-40891, in Zyxel CPE Series devices. The vulnerability is a command…

Read more →

Threat actors exploit recently fixed SimpleHelp RMM software vulnerabilities to breach targeted networks, experts warn. Horizon3 researchers discovered three vulnerabilities, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, that could be used to compromise a SimpleHelp server, as well as clients machines…

Read more →

VMware fixed a high-risk blind SQL injection vulnerability in Avi Load Balancer, allowing attackers to exploit databases via crafted queries. VMware warns of a high-risk blind SQL injection vulnerability, tracked as CVE-2025-22217 (CVSS score of 8.6), in Avi Load Balancer,…

Read more →

ENGlobal reported to the SEC that personal information was compromised in a ransomware attack that took place in November 2024. ENGlobal disclosed a ransomware attack that occurred in November, in a SEC filing the company confirmed that threat actors gained access to…

Read more →

The EU sanctioned three members of Russia’s GRU Unit 29155 for cyberattacks on Estonia’s government agencies in 2020. The European Union announced sanctions for three members (Nikolay Korchagin, Vitaly Shevchenko, and Yuriy Denisov) of Unit 29155 of Russia’s military intelligence…

Read more →

Chinese AI company DeepSeek has disabled registrations for its DeepSeek-V3 chat platform following a “large-scale” cyberattack. DeepSeek has designed a new AI platform that quickly gained attention over the past week primarily due to its significant advancements in artificial intelligence…

Read more →

Apple addressed the first zero-day vulnerability of 2025, which is actively exploited in attacks in the wild aimed at iPhone users. Apple released security updates to address 2025’s first zero-day vulnerability, tracked as CVE-2025-24085, actively exploited in attacks targeting iPhone users.…

Read more →

UK telecommunications firm TalkTalk disclosed a data breach after a threat actor announced the hack on a cybercrime forum. UK telecommunications company TalkTalk confirmed a data breach after a threat actor claimed responsibility for the cyber attack on a cybercrime…

Read more →

Vulnerabilities in the Git credential retrieval protocol could have allowed threat actors to access user credentials. Security researcher RyotaK from GMO Flatt Security Inc discovered multiple vulnerabilities in the Git credential retrieval protocol that could have allowed threat actors to…

Read more →

New threat actor GamaCopy mimics Russia-linked Gamaredon APT in attacks on Russian-speaking targets. The Knownsec 404 Advanced Threat Intelligence team recently analyzed attacks on Russian-speaking targets using military-themed bait, 7z SFX for payloads, and UltraVNC, mimicking Gamaredon’s TTPs. The researchers…

Read more →