2025 January(141) February(191) March(268) April(349) May(260) June(60) July(0) August(0) September(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 21.6.25 | Amatera Stealer | Amatera is a recently identified infostealer variant believed to be an evolution of the older ACR Stealer malware. It has been reported as being offered for sale via the malware-as-a-service (MaaS) model. | VIRUS | |
| 21.6.25 | CVE‑2025‑49113 – Post‑Auth Remote Code Execution vulnerability in Roundcube | CVE-2025-4123 is a recently disclosed critical (CVSS score 9.9) Post‑Auth Remote Code Execution (RCE) vulnerability affecting Roundcube, which is a free and open-source webmail application. | VULNEREBILITY | |
| 21.6.25 | Discord Vanity Link Flaw Exploited in New Malware Campaign Dropping AsyncRAT and Skuld Stealer | A new sophisticated malware campaign aimed at financial gain from cryptocurrency users is exploiting a subtle weakness in Discord's invitation system to distribute an information stealer called Skuld and the AsyncRAT. Targeted victims have been identified primarily in Austria, France, Germany, Slovakia, Vietnam, the Netherlands, the United States, and the United Kingdom. | EXPLOIT | |
| 21.6.25 | Stargazers malware campaign targets Minecraft players via fake mods | A large-scale malware campaign operated by the Stargazers Ghost Network is actively targeting Minecraft players, according to a recent report from Checkpoint. | CAMPAIGN | |
| 21.6.25 | Modified XWorm RAT distributed through trojanized MSI | A China-linked threat actor distributing a trojanized MSI installer posing as a WhatsApp setup to deliver a customized XWorm Remote Access Trojan (RAT) has been reported targeting users in East and Southeast Asia. | VIRUS | |
| 21.6.25 | New variant of the Godfather mobile malware employs virtualization techniques | A new variant of the Godfather Android banking malware has been discovered in the wild. The malware leverages on-device virtualization techniques to hijack several legitimate applications. | ||
| 21.6.25 | CVE-2023-0386 - Linux Kernel Improper Ownership Management vulnerability exploited in the wild | CVE-2023-0386 is a high severity (CVSS score 7.8) Improper Ownership Management vulnerability affecting the Linux Kernel. | VULNEREBILITY | |
| 21.6.25 | FIN7-linked GrayAlpha uses PowerShell loaders and TDS to spread NetSupport RAT | GrayAlpha, a cybercriminal group associated with FIN7, has been reported conducting a sophisticated malware campaign using multiple infection vectors to distribute NetSupport RAT via custom PowerShell loaders, PowerNet and MaskBat. | APT | |
| 21.6.25 | New Librarian Ghouls Campaign | A new cyber espionage campaign by APT group "Librarian Ghouls" (also known as Rare Werewolf and Rezet) was observed targeting organizations primarily in Russia, Belarus and Kazakhstan focusing on industrial organizations and engineering schools, along with sectors like rocket, aviation, space, defense, and petrochemical industries. | CAMPAIGN | |
| 21.6.25 | HijackLoader campaign delivers DeerStealer payload | A recent campaign leveraging the HijackLoader malware has been observed to distribute the DeerStealer malicious payload. | CAMPAIGN | |
| 21.6.25 | Threat Actors Abuse Paste.ee and use Unicode Deception to Deploy XWorm RAT | A sophisticated malware campaign initiated by a deceptively named JavaScript file designed to download a malicious payload was observed. | VIRUS | |
| 21.6.25 | XDSpy campaign employs whitespace-obfuscated LNK files | A new XDSpy malware campaign, attributed to the SadFuture threat actor, has been observed targeting Eastern European and Russian government entities. | VIRUS | |
| 21.6.25 | Financial communications lead to malware downloads for Taiwanese users | A threat actor has been targeting users in Taiwan through campaigns masquerading as communications from official financial entities. | VIRUS | |
| 21.6.25 | CVE-2025-48828 - a new vBulletin RCE vulnerability | CVE-2025-48828 is a recently disclosed critical (CVSS score 9.0) template engine vulnerability affecting vBulletin, which is a commercial forum software platform. | VULNEREBILITY | |
| 21.6.25 | MintsLoader Malware Campaign Hits Italian PEC Users | A new MintsLoader malware campaign has targeted Italy, showcasing the attacker's strategy of adapting to the local Italian work calendar. | VIRUS | |
| 21.6.25 | Pickai Backdoor | A new backdoor malware dubbed Pickai (AI Pickpocket) has been observed spreading through vulnerabilities in the popular ComfyUI framework. Written in C++, Pickai spreads through innocuous-looking configuration files like JSON and TMUX settings. | VIRUS | |
| 21.6.25 | Hackers Weaponize Legitimate 'Netbird' Tool in Phishing Campaign Targeting CFOs | A new fake recruiter spear-phishing campaign has been observed targeting high-level financial executives at banks, energy companies, insurers, and investment firms across Africa, Canada, Europe, the Middle East, and South Asia. | PHISHING | |
| 21.6.25 | CVE-2025-4123 - Grafana XSS and Full-Read SSRF vulnerability | CVE-2025-4123 is a recently discovered high severity (CVSS score 7.6) open redirect vulnerability affecting Grafana, which is an open-source data visualization platform. | VULNEREBILITY | |
| 21.6.25 | Masslogger | During our recent investigation at Seqrite Labs, we identified a sophisticated variant of Masslogger credential stealer malware spreading through .VBE (VBScript Encoded) files | MALWARE | VBE |
| 21.6.25 | Amatera Stealer | Proofpoint has been closely monitoring a stealer malware formerly known as ACR Stealer. In 2025, Proofpoint analysts identified a new, unnamed malware exhibiting significant code overlap, shared features, and capabilities with ACR Stealer. | MALWARE | STEALER |
| 21.6.25 | VMDetector | VMDetector-Based Loader Abuses Steganography to Deliver Infostealers | MALWARE | STEALER |
| 21.6.25 | Prometei | Resurgence of the Prometei Botnet | BOTNET | BOTNET |
| 21.6.25 | PylangGhost | Famous Chollima deploying Python version of GolangGhost RAT | MALWARE | RAT |
| 20.6.25 | Shadow Vector | Shadow Vector targets Colombian users via privilege escalation and court-themed SVG decoys | CAMPAIGN | CAMPAIGN |
| 20.6.25 | Stargazers Ghost Network Campaigns | Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader. | CAMPAIGN | CAMPAIGN |
| 20.6.25 | AntiDot | is an Android botnet malware that lets cybercriminals control their victim devices with high capability. LARVA-398 operates and sells this botnet as a Malware as a Service (MaaS) on underground forums. | BOTNET | BOTNET |
| 20.6.25 | Blue(Noroff) | Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion | GROUP | GROUP |
| 20.6.25 | APT29 | What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | APT | APT |
| 20.6.25 | CVE-2025-6018 | A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). | VULNEREBILITY | VULNEREBILITY |
| 20.6.25 | CVE-2025-6019 | A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. | VULNEREBILITY | VULNEREBILITY |
| 20.6.25 | SERPENTINE#CLOUD | Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware | CAMPAIGN | CAMPAIGN |
| 20.6.25 | KimJongRAT | Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation | MALWARE | STEALER |
| 18.6.25 | CVE-2023-0386 | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. | VULNEREBILITY | VULNEREBILITY |
| 18.6.25 | CVE-2025-23121 | A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. | VULNEREBILITY | VULNEREBILITY |
| 18.6.25 | CVE-2025-2783 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) | VULNEREBILITY | VULNEREBILITY |
| 18.6.25 | CVE-2025-3248 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | VULNEREBILITY | VULNEREBILITY |
| 18.6.25 | CVE-2023-33538 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | ZDI-25-380 | Trend Micro Maximum Security Platinum Host Service Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-379 | (Pwn2Own) Ubiquiti Networks AI Bullet Insufficient Firmware Update Validation Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-378 | (Pwn2Own) Ubiquiti Networks UniFi Console Missing Authentication for Critical Function Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-377 | (Pwn2Own) Ubiquiti Networks AI Bullet Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-376 | (Pwn2Own) Ubiquiti Networks AI Bullet Improper Certificate Validation Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-375 | Trend Micro Endpoint Encryption ProcessWhereClause SQL Injection Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-374 | Trend Micro Endpoint Encryption ValidateToken Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-373 | Trend Micro Endpoint Encryption DbAppDomain Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-372 | Trend Micro Endpoint Encryption GetGroupFilteredUsers SQL Injection Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-371 | Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-370 | Trend Micro Endpoint Encryption PolicyServerWindowsService Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-369 | Trend Micro Endpoint Encryption PolicyValueTableSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-368 | Trend Micro Endpoint Encryption BuildEnterpriseSearchString SQL Injection Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-367 | Trend Micro Apex Central ConvertFromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-366 | Trend Micro Apex Central GetReportDetailView Deserialization of Untrusted Data Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-365 | Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-364 | Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-363 | Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-362 | Trend Micro Apex One Data Loss Prevention Uncontrolled Search Path Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-361 | Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-360 | Trend Micro Worry-Free Business Security Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-359 | Microsoft Visual Studio initializeCommand Insufficient UI Warning Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-358 | (Pwn2Own) Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-357 | (Pwn2Own) Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-356 | (Pwn2Own) Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-355 | (Pwn2Own) Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-354 | (Pwn2Own) Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-353 | (Pwn2Own) Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-352 | Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-351 | Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-350 | Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-349 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-348 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-347 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-346 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-345 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-344 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-343 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-342 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-341 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-340 | (Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-339 | JupyterLab Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-338 | Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-337 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-336 | Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-335 | Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-334 | Microsoft Windows Remote Desktop Gateway Service Null Pointer Dereference Denial-of-Service Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-333 | Microsoft Windows Installer Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | ZDI-25-332 | Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 15.6.25 | SmartAttack: Air-Gap Attack via Smartwatches | Air-gapped systems are considered highly secure against data leaks due to their physical isolation from external networks. | PAPERS | PAPERS |
| 15.6.25 | CVE-2025-49220 | A pre-auth RCE in Apex Central in the ConvertFromJson method. Improper input validation during deserialization lets attackers execute arbitrary code remotely without authentication. (CVSS 9.8) | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49219 | A pre-authentication RCE flaw in the GetReportDetailView method of Apex Central caused by insecure deserialization. Exploiting this allows unauthenticated attackers to execute code in the context of NETWORK SERVICE. (CVSS 9.8) | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49217 | A pre-authentication RCE vulnerability in the ValidateToken method, triggered by unsafe deserialization. While slightly harder to exploit, it still allows unauthenticated attackers to run code as SYSTEM | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49216 | An authentication bypass flaw in the DbAppDomain service due to a broken auth implementation. Remote attackers can fully bypass login and perform admin-level actions without credentials | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49213 | A pre-authentication remote code execution vulnerability in the PolicyServerWindowsService class, stemming from deserialization of untrusted data. Attackers can run arbitrary code as SYSTEM with no authentication required | VULNEREBILITY | VULNEREBILITY |
| 15.6.25 | CVE-2025-49212 | A pre-authentication remote code execution flaw caused by insecure deserialization in the PolicyValueTableSerializationBinder class. Remote attackers can exploit it to execute arbitrary code as SYSTEM without requiring login | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-33073 | Windows SMB Client Elevation of Privilege Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-33053 | External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | DanaBleed | DanaBleed: DanaBot C2 Server Memory Leak Bug | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-3052 | CVE-2025-3052 InsydeH2O Secure Boot Bypass | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable | UEFI firmware applications DTBios and BiosFlashShell from DTResearch contain a vulnerability that allows Secure Boot to be bypassed using a specially crafted NVRAM variable. | ALERT | ALERT |
| 14.6.25 | Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation | An out-of-bounds (OOB) read vulnerability has been identified in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.83 (March 2024). | ALERT | ALERT |
| 14.6.25 | A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable | A vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. | ALERT | ALERT |
| 14.6.25 | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-22455 | A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2025-5353 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | 2024 INTERNET CRIME REPORT | 2024 INTERNET CRIME REPORT | REPORT | REPORT |
| 14.6.25 | 2023 INTERNET CRIME REPORT | 2023 INTERNET CRIME REPORT | REPORT | REPORT |
| 14.6.25 | CVE-2025-49113 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | CVE-2024-3721 | A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. | VULNEREBILITY | VULNEREBILITY |
| 14.6.25 | JSFireTruck | JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique | CAMPAIGN | CyberCrime |
| 14.6.25 | Skuld | The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets. | MALWARE | STEALER |
| 14.6.25 | APT PROFILE – MISSION2025 | MISSION2025 is a Chinese state-sponsored advanced persistent threat (APT) group linked to APT41. Active since at least 2012, the group has conducted cyberespionage and | APT | APT |
| 13.6.25 | CyberEye RAT | CyberEye is a modular Remote Access Trojan that relies on Telegram for its C2 communications. Using a publicly available builder, its implants can be customized to include features like anti-analysis, cryptocurrency hijacking, and persistence. | VIRUS | |
| 13.6.25 | Spectra Ransomware | Spectra is a new ransomware variant found in the wild just this year. The malware belongs to the well known Chaos ransomware family. | RANSOM | |
| 13.6.25 | Stealth Falcon exploits Zero-Day Vulnerability CVE-2025-33053 | As reported by Check Point, the APT group Stealth Falcon has been observed exploiting a zero-day vulnerability (CVE-2025-33053) in a new malware campaign. | VULNEREBILITY | |
| 13.6.25 | Unusual Fog ransomware activity | In a recent report, the Symantec and Carbon Black Threat Hunter Team analyzed a Fog ransomware attack that targeted a financial institution in Asia. | RANSOM | |
| 13.6.25 | FIN6 abuses Job Portals and Cloud Infrastructure to evade detection | A malware campaign attributed to the threat actor FIN6, posing as job applicants on platforms like LinkedIn and Indeed, has been observed in the wild. Once a target is lured, the threat actor sends phishing emails containing non-clickable URLs that lead to cloud-hosted “resume” sites on AWS. | GROUP | |
| 13.6.25 | Chinese threat actor groups target cybersecurity vendor |
According to a recent report from SentinelLabs, China-backed
threat actors have deployed ShadowPad and PurpleHaze malware in global
campaigns.
|
GROUP | |
| 13.6.25 | Myth Stealer malware | Myth is a new Rust-based infostealing malware discovered recently in the wild. The malware has been previously advertised on various Telegram groups and lately reported as being distributed via fraudulent gaming websites and online portals offering software cracks, among others. | VIRUS | |
| 13.6.25 | CVE-2024-57727 | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. | VULNEREBILITY | VULNEREBILITY |
| 13.6.25 | CVE-2025-43200 | iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. | VULNEREBILITY | VULNEREBILITY |
| 13.6.25 | TokenBreak Attack | Manipulating tokens to get past the security guard | ATTACK | ATTACK |
| 13.6.25 | CVE-2025-32711 | M365 Copilot Information Disclosure Vulnerability | VULNEREBILITY | VULNEREBILITY |
| 11.6.25 | Exploitaiton of Wazuh CVE-2025-24016 vulnerability leads to Mirai botnet distribution | New campaigns distributing variants of the popular Mirai botnet have been reported in the wild. The attackers have been exploiting critical (CVSS score 9.9) CVE-2025-24016 deserialization vulnerability affecting Wazuh Server which might allow for a remote code execution on the vulnerable devices. | BOTNET | |
| 11.6.25 | Datarip - a new MedusaLocker ransomware variant | Datarip ransomware is a new malware strain from the MedusaLocker ransomware family recently seen in the wild. The malware encrypts sensitive data while appending ".datarip" extension to the locked files. | RANSOM | |
| 11.6.25 | DuplexSpy RAT | DuplexSpy is a new Remote Access Trojan (RAT) variant identified in the wild. The malware is written in C#, has modular architecture and uses DLL injection technique for in-memory payload execution. | VIRUS | |
| 11.6.25 | DragonClone malicious operation | DragonClone is a new malicious campaign identified in the wild. The attackers have been targeting the Chinese Telecom Industry and distributing Veletrix and VShell malware implants as payloads. | OPERATION | |
| 11.6.25 | Golden Piranha - a new banking threat | Golden Piranha is the name of an emerging banking trojan identified by the researchers from SCILabs. The malware is leveraging Google Chrome browser extensions in order to steal banking related inputs from miscellaneous banking website forms. | ||
| 11.6.25 | SinoTrack GPS Receiver | Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface. | VULNEREBILITY | VULNEREBILITY |
| 11.6.25 | Microsft June 2025 Security Updates | This release consists of the following 68 Microsoft CVEs: | VULNEREBILITY | VULNEREBILITY |
| 11.6.25 | Adobe Security Bulletin June | Security updates available for Adobe Experience Manager | VULNEREBILITY | VULNEREBILITY |
| 11.6.25 | Salesforce Industry Clouds: Low-Code, High Stakes |
Salesforce industry clouds are a suite of Salesforce
solutions, each of which enables organizations to build industry-specific applications and workflows in a simplified low-code manner. |
REPORT | REPORT |
| 11.6.25 | FIN6 | Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery | GROUP | GROUP |
| 11.6.25 | Rust Based InfoStealer | Demystifying Myth Stealer: A Rust Based InfoStealer | MALWARE | STEALER |
| 10.6.25 | Rare Werewolf | Sleep with one eye open: how Librarian Ghouls steal data by night | APT | APT |
| 10.6.25 | CVE-2025-32433 | (CVSS score: 10.0) - A missing authentication for a critical function vulnerability in the Erlang/OTP SSH server that could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution. |
VULNEREBILITY |
|
| 10.6.25 | CVE-2024-42009 | (CVSS score: 9.3) - A cross-site scripting (XSS) vulnerability in RoundCube Webmail that could allow a remote attacker to steal and send emails of a victim via a crafted email message by taking advantage of a desanitization issue in program/actions/mail/show.php. |
VULNEREBILITY |
|
| 10.6.25 | CVE-2025-24016 | Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). |
VULNEREBILITY |
|
| 10.6.25 | Disrupting malicious uses of AI: June 2025 | Our mission is to ensure that artificial general intelligence benefits all of humanity. We advance this mission by deploying our innovations to build AI tools that help people solve really hard problems. | REPORT | REPORT |
| 8.6.25 | Sakura RAT | A simple customer query leads to a rabbit hole of backdoored malware and game cheats | MALWARE | RAT |
| 8.6.25 | AS-REP Roasting Attack Explained | In the MITRE ATT&CK Framework, the AS-REP Roasting attack is categorized as T1558.004 under the 'Steal or Forge Kerberos Tickets' attack technique. | ATTACK | ATTACK |
| 8.6.25 | StopRansomware: Play Ransomware update | The advisory was updated to reflect new TTPs employed by Play ransomware group, as well as provide current IOCs/remove outdated IOCs for effective threat hunting | RANSOMWARE | RANSOMWARE |
| 8.6.25 | ZDI-25-331 | Autodesk Revit RFA File Parsing Use-After-Free Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-330 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-329 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-328 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-327 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-326 | (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | ZDI-25-325 | Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 8.6.25 | REVIEW OF THE ATTACKS ASSOCIATED WITH LAPSUS$ AND RELATED THREAT GROUPS | Beginning in late 2021 and continuing late into 2022, a globally active, extortion-focused cyber threat actor group attacked dozens of well-known companies and government agencies around the world. | REPORT | REPORT |
| 8.6.25 | Infostealer Pipeline | The Infostealer Pipeline: How Russian Market Fuels Credential-Based Attacks | REPORT | REPORT |
| 8.6.25 | CVE-2025-48828 | Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. |
VULNEREBILITY |
|
| 8.6.25 | CVE-2025-48827 | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025. |
VULNEREBILITY |
|
| 8.6.25 | Operation Phantom Enigma | A malicious campaign discovered by Positive Technologies specialists is primarily targeting residents of Brazil. Attacks have been detected since the beginning of 2025. | OPERATION | OPERATION |
| 7.6.25 | Interlock ransomware group deploys a new RAT named "NodeSnake" | Interlock ransomware group has been observed deploying a new RAT named "NodeSnake" and targeting educational institutions. | RANSOM | |
| 7.6.25 | APT41 using custom malware "TOUGHPROGRESS" to exploit Google Calendar | Threat Actor group APT41 has been observed using custom malware named TOUGHPROGRESS, which leverages Google Calendar events as its C2 channel, allowing it to hide malicious commands in seemingly benign public calendar entries. | APT | |
| 7.6.25 | Cheating in games might get you Blitz'ed | Blitz is a multi-stage malware composed of downloader and botnet components. A recent report by researchers at Palo Alto Networks provides details of campaigns attempting to proliferate this malware | VIRUS | |
| 7.6.25 | Android malware targets users in India by pretending to be a government app | In some recently observed malicious activity, a fake government application was found to be targeting Android users in India. | VIRUS | |
| 7.6.25 | Chaos RAT malware | A new Golang-based 5.0.3 variant of the Chaos RAT (Remote Access Trojan) has been recently discovered in the wild. | VIRUS | |
| 7.6.25 | Increased activity of DCRAT malware in Latin America | DCRAT (aka Dark Crystal RAT) is a modular RAT (Remote Access Trojan) offered for sale in form of Malware-as-a-Service (MaaS) model for last several years. | VIRUS | |
| 7.6.25 | AMOS malware for macOS spread via Clickfix social engineering techniques | A new campaign delivering the AMOS malware for macOS has been reported to leverage Clickfix social engineering techniques. | VIRUS | |
| 7.6.25 | Fake CAPTCHAs deliver multi-stage PowerShell downloaders | CAPTCHAs are used to determine whether a website visitor is human versus a bot. Malware campaigns have introduced fake CAPTCHAs into the attack chain to encourage interaction by the proposed victim. ClickFix is a name often given to such behavior. | VIRUS | |
| 7.6.25 | ViperSoftX activities continues via fake software | According to recent reports ViperSoftX continues to circulate widely across the globe, with a noticeable uptick in South Korea. | VIRUS | |
| 7.6.25 | CVE-2025-27920 - Srimax Output Messenger Directory Traversal vulnerability | CVE-2025-27920 is a recently discovered directory traversal vulnerability affecting Srimax Output Messenger software. | VULNEREBILITY | |
| 7.6.25 | AMOS update | AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers | MALWARE | Stealer |
| 6.6.25 | DuplexSpy | DuplexSpy RAT: Stealthy Windows Malware Enabling Full Remote Control and Surveillance | MALWARE | RAT |
| 6.6.25 | PathWiper | Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine | MALWARE | Wipper |
| 5.6.25 | ZDI-25-324 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-323 | Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-322 | 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-321 | GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-320 | SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-319 | Hewlett Packard Enterprise StoreOnce VSA getServerCertificate Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-318 | Hewlett Packard Enterprise StoreOnce VSA getServerPayload Directory Traversal Information Disclosure Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-317 | Hewlett Packard Enterprise StoreOnce VSA deletePackages Directory Traversal Arbitrary File Deletion Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-316 | Hewlett Packard Enterprise StoreOnce VSA Authentication Bypass Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-315 | Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-314 | Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-313 | Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability |
ZERO-DAY |
|
| 5.6.25 | ZDI-25-312 | Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability |
ZERO-DAY |
|
| 5.6.25 |
BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool |
In 2016, a sophisticated malware campaign targeting Pakistani nationals made headlines. Dubbed Bitter[4], the Advanced Persistent Threat group (also known as APT-C-08 [5]) has been active both in desktop and mobile malware campaigns for quite a long time, as their activity seems to date back to 2014. | REPORT | REPORT |
| 5.6.25 | Bitter Group | Bitter Group Distributes CHM Malware to Chinese Organizations | GROUP | GROUP |
| 5.6.25 | BladedFeline | ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig | APT | APT |
| 5.6.25 | Vishing Threats | Hello, Operator? A Technical Analysis of Vishing Threats | PHISHING | Vishing |
| 5.6.25 | UNC6040 | The Cost of a Call: From Voice Phishing to Data Extortion | GROUP | GROUP |
| 5.6.25 | CVE-2025-20286 | A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. |
VULNEREBILITY |
|
| 4.6.25 | New campaigns delivering Crocodilus mobile malware | A new variant of the Crocodilus mobile malware has been spread in recent campaigns targeting users in Europe and South America. | CAMPAIGN | |
| 4.6.25 | CVE-2023-38950 - ZKTeco BioTime Path Traversal vulnerability | CVE-2023-38950 is a path traversal vulnerability affecting ZKTeco BioTime which is a web-based time and attendance management software. | VULNEREBILITY | |
| 4.6.25 | Exploiting the hype around popular AI tools to distribute various malware via fraudulent installers | Threat Actors are exploiting the hype around AI to distribute various malware strains. By capitalizing on the public's eagerness to access popular AI tools (such as ChatGPT, Copilot, DALL-E, Gemini, Midjourney, and Sora) Threat Actors are creating convincing but fraudulent installers. | AI | |
| 4.6.25 | Telegram-Based Email Credential Theft – Fake FedEx Invoice Campaign | Shipping companies are frequently exploited in social engineering attacks due to their global recognition, trusted brand image, and association with package notifications, invoices, and delivery updates—topics that easily trigger urgency, curiosity, and user interaction. These characteristics make them prime targets for phishing and credential theft campaigns. | CAMPAIGN | |
| 4.6.25 | EddieStealer delivered through ClickFix | EddieStealer is a Rust-based information stealer malware which has recently been observed as the payload of ClickFix campaigns. | VIRUS | |
| 4.6.25 | Latest PureHVNC RAT deployment campaigns | New campaigns delivering the PureHVNC RAT have been reported in the wild. The threat actors conduct multi stage operations and make use of miscellaneous components in their attacks including malicious .lnk files, PowerShell code, JavaScript, AutoIt, etc. | CAMPAIGN | |
| 4.6.25 | Python-based Lyrix Ransomware | Lyrix ransomware is a new Python based ransomware discovered in underground forums. It behaves in a manner similar to most current ransomware families | RANSOM | |
| 4.6.25 | New Katz Stealer malware-as-a-service compromises Web browsers | Katz Stealer operates as a multi-feature credential-stealing Malware-as-a-Service, designed for extensive system reconnaissance and data theft. It targets a vast array of sensitive information, including saved passwords, cookies, and session tokens from popular web browsers (Chrome, Edge, Brave, Firefox), cryptocurrency wallet files, and private keys via keyword matching. | VIRUS | |
| 4.6.25 | Earth Lamia exploits various SQL injection vulnerabilities | APT threat actor Earth Lamia exploits vulnerabilities in web applications to gain access to organizations, using various SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations for data exfiltration. | APT | |
| 4.6.25 | Recent VenomRAT activity |
A recent activity attributed to the VenomRAT malware has
been spotted in the wild. Malware is spread from a phishing website
disguised as AV software download page.
|
VIRUS | |
| 4.6.25 | PumaBot - a new botnet on the rise | PumaBot is a new Go-based botnet strain identified recently in the wild. Unlike some more common botnet variants, PumaBot does not rely on scanning the Internet for vulnerable devices but instead targets very specific ones via a list of IP addresses retrieved from the attacker C2 servers. | BOTNET | |
| 4.6.25 | Zanubis mobile malware latest activity | Zanubis is an Android banking malware active in the threat landscape since at least 2022. The malware has been known to mostly target banks and financial entities in South America but also expanding over time and adding theft of virtual cards and cryptocurrency to its portfolio. | ||
| 4.6.25 | AsyncRAT malspam campaigns observed | We've recently observed some malspam campaigns leveraging multiple downloads, starting with box.com, to deliver an AsyncRAT payload. | VIRUS | |
| 4.6.25 | Fancy Bear spearphishing exploiting CVE-2024-11182 to deliver SpyPress | Fancy Bear (aka APT28, Sofacy, Pawn Storm, Sednit, STRONTIUM, Tsar Team, and Threat Group-4127) is a Russian Threat Actor group that uses spearphishing to deliver SpyPress, a malicious JavaScript payload, by exploiting cross-site scripting (XSS) vulnerabilities in webmail interfaces to exfiltrate sensitive email data from high-value webmail servers. | ALERTS | PHISHING |
| 4.6.25 | Bofamet Stealer malware | Bofamet is a new Python-based infostealer found in the wild. The malware collects miscellaneous information from the compromised endpoints including: credentials, system information, browser cookies, Telegram session data, Discord tokens, screenshots, Steam configuration files, etc. | VIRUS | |
| 4.6.25 | Chaos RAT | From open-source to open threat: Tracking Chaos RAT’s evolution | MALWARE | RAT |
| 4.6.25 | CVE-2025-37093 | An authentication bypass vulnerability exists in HPE StoreOnce Software. |
VULNEREBILITY |
|
| 3.6.25 | JINX-0132 | The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul. | GROUP | GROUP |
| 3.6.25 | CVE-2025-49113 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. |
VULNEREBILITY |
|
| 3.6.25 | Crocodilus | Crocodilus Mobile Malware: Evolving Fast, Going Global | MALWARE | Android |
| 3.6.25 | CVE-2025-5419 | Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
VULNEREBILITY |
|
| 3.6.25 | CVE-2024-13917 | (CVSS score: 8.3) - A pre-installed "com.pri.applock" application on Kruger&Matz smartphones exposed an "com.pri.applock.LockUI" activity that allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2024-13916 | (CVSS score: 6.9) - A pre-installed "com.pri.applock" application on Kruger&Matz smartphones allows a user to encrypt any application using user-provided PIN code or by using biometric data. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2024-13915 | (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone and Krüger&Matz smartphones exposes a "com.pri.factorytest.emmc.FactoryResetService" service that allows any installed application to perform a factory reset of the device. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2025-27038 | Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2025-21480 | Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. |
VULNEREBILITY |
|
| 3.6.25 | CVE-2025-21479 | Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. |
VULNEREBILITY |
|
| 1.6.25 | Browser in the Middle (BiTM) | An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access. | HACKING | HACKING |
| 1.6.25 | Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites | Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular those tools which can be used to generate videos based on user prompts. | HACKING | HACKING |
| 1.6.25 | Infrastructure Used to Manage Domains Related to Cryptocurrency Investment Fraud Scams between October 2023 and April 2025 | The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to Funnull Technology Inc. (Funnull). | REPORT | REPORT |
| 1.6.25 | NodeSnake Malware Campaign | Threat Intelligence NodeSnake Malware Campaign | REPORT | REPORT |
| 1.6.25 | ASUS Routers campaign | GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers | CAMPAIGN | CAMPAIGN |
| 1.6.25 | Poseidon Stealer and Payday Loader | Dark Partners: The crypto heist adventure of Poseidon Stealer and Payday Loader | MALWARE | MALWARE |
| 1.6.25 | PumaBot | PumaBot: Novel Botnet Targeting IoT Surveillance Devices | BOTNET | BOTNET |
| 1.6.25 | CVE-2023-39780 | On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. |
VULNEREBILITY |
|
| 1.6.25 | CVE-2025-5054 | (CVSS score: 4.7) - A race condition in Canonical apport package up to and including 2.32.0 that allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces |
VULNEREBILITY |
|
| 1.6.25 | CVE-2025-4598 | (CVSS score: 4.7) - A race condition in systemd-coredump that allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process |
VULNEREBILITY |