2024 January(137)  February(207)  March(430) April(317) May(278)  June(237)  July(216)  August(316) September(186)  October(24) November(114) December(126) | 2025 January   | BATTLEFIELD  UKRAINE (3)

DATE

NAME

CATEGORY

SUBCATE

INFO

10.1.25

CVE-2024-55550 - Mitel MiCollab Path Traversal vulnerability ALERTS VULNEREBILITY VE-2024-55550 is a newly disclosed path traversal vulnerability affecting Mitel MiCollab collaboration tool versions 9.8 SP1 FP2 and earlier.

10.1.25

New variant of Banshee Stealer targets macOS users ALERTS VIRUS A new and updated variant of the macOS-based infostealer malware dubbed Banshee Stealer has been detected in the wild.

10.1.25

Funksec Ransomware ALERTS RANSOM Funksec (aka Funklocker) is another double-extortion ransomware actor that surfaced in late 2024 and allegedly claimed multiple organizations as victims.

10.1.25

Latest HexaLocker ransomware attacks leverage Skuld Stealer for data extractionALERTS RANSOM A new updated variant of the Go-based HexaLocker ransomware has been discovered in the wild. The new strain has the functionality to download infostealer malware called Skuld Stealer, in an effort focused on extraction of confidential data from the infected endpoint.

10.1.25

CVE-2025-0282 - Ivanti Connect Secure vulnerability exploited in zero-day attacksALERTS VULNEREBILITY CVE-2025-0282 is a newly disclosed critical (CVSS score 9.0) stack-based buffer overflow vulnerability affecting Ivanti Connect Secure. If successfully exploited, it could allow unauthenticated attackers to execute arbitrary code on the vulnerable instances.

10.1.25

Old Oracle WebLogic Deserialization vulnerability (CVE-2020-2883) exploited in the wildALERTS VULNEREBILITY CVE-2020-2883 is a 2020 deserialization vulnerability affecting unpatched Oracle WebLogic servers. If successfully exploited, it could allow remote code execution by unauthenticated attackers via specially crafted T3 port network requests.

10.1.25

XWorm Middle East Campaign: Fake Mossad Intelligence Reports Used as LuresALERTS VIRUS As tensions in the Middle East remain high, particularly following recent events in Syria, threat actors are exploiting the volatile situation to target organizations and individuals both within the region and globally, leveraging the allure of sensitive intelligence to entice victims.

10.1.25

FireScam mobile malware ALERTS VIRUS FireScam is a mobile malware variant recently discovered in the wild. The malware is distributed via a phishing website and under the disguise of Telegram Premium app.

10.1.25

KGB Keylogger Targets Companies with Fake Russian Ministry-Themed EmailsALERTS VIRUS During the second half of December 2024, an actor has been targeting companies with malicious emails enticing users with a Ministry of Industry and Trade of the Russian Federation (Минпромторг России) social engineering ploy along with the use of a malicious .scr file (Письмо в МНТЦ и ЦРП.scr).

10.1.25

CVE-2025-0107

VULNEREBILITY VULNEREBILITY (CVSS score: 2.3) - An operating system (OS) command injection vulnerability that enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software

10.1.25

CVE-2025-0106

VULNEREBILITY VULNEREBILITY (CVSS score: 2.7) - A wildcard expansion vulnerability that allows an unauthenticated attacker to enumerate files on the host file system

10.1.25

CVE-2025-0105

VULNEREBILITY VULNEREBILITY (CVSS score: 2.7) - An arbitrary file deletion vulnerability that enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host file system

10.1.25

CVE-2025-0104

VULNEREBILITY VULNEREBILITY (CVSS score: 4.7) - A reflected cross-site scripting (XSS) vulnerability that enables attackers to execute malicious JavaScript code in the context of an authenticated user's browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to browser-session theft

10.1.25

CVE-2025-0103 VULNEREBILITY VULNEREBILITY (CVSS score: 7.8) - An SQL injection vulnerability that enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys, as well as create and read arbitrary files

10.1.25

Scam Imitates CrowdStrike Hiring Process SPAM SPAM A newly discovered phishing campaign uses CrowdStrike recruitment branding to convince victims to download a fake application, which serves as a downloader for the XMRig cryptominer.

10.1.25

FunkSec RANSOMWARE AI FunkSec – Alleged Top Ransomware Group Powered by AI

10.1.25

CVE-2024-49415 VULNEREBILITY VULNEREBILITY Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

10.1.25

RedDelta GROUP GROUP Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain

10.1.25

Banshee Stealer MALWARE MacOS Cracking the Code: How Banshee Stealer Targets macOS Users

10.1.25

MirrorFace GROUP GROUP China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019.

10.1.25

CVE-2024-52875 VULNEREBILITY VULNEREBILITY refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then lead to a cross-site scripting (XSS) flaw.

10.1.25

CVE-2025-0283 VULNEREBILITY VULNEREBILITY A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

10.1.25

CVE-2025-0282 VULNEREBILITY VULNEREBILITY A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

10.1.25

Muddling Malspam SPAM SPAM Muddling Malspam: The Use of Spoofed Domains in Malicious Spam

10.1.25

DNA Sequencer's Vulnerable BIOS VULNEREBILITY VULNEREBILITY Genetic Engineering Meets Reverse Engineering: DNA Sequencer's Vulnerable BIOS

10.1.25

NonEuclid RAT MALWARE RAT The NonEuclid Remote Access Trojan (RAT) is a type of malicious software that enables unauthorised remote access and control of a victim’s computer, often without their awareness.

10.1.25

Gayfemboy BOTNET Botnet Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit.

10.1.25

CVE-2024-41713 VULNEREBILITY VULNEREBILITY (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker to gain unauthorized and unauthenticated access

10.1.25

CVE-2024-55550 VULNEREBILITY VULNEREBILITY (CVSS score: 4.4) - A path traversal vulnerability in Mitel MiCollab that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization

10.1.25

CVE-2020-2883 VULNEREBILITY VULNEREBILITY (CVSS score: 9.8) - A security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3

7.1.25

EAGERBEE MALWARE Backdoor EAGERBEE, with updated and novel components, targets the Middle East

7.1.25

CVE-2024-9140 VULNEREBILITY VULNEREBILITY (CVSS 4.0 score: 9.3) - A vulnerability allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution

7.1.25

CVE-2024-9138 VULNEREBILITY VULNEREBILITY (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain root-level access to the system, leading to system compromise, unauthorized modifications, data exposure, or service disruption

5.1.25

FireScam MALWARE ANDROID Inside FireScam : An Information Stealer with Spyware Capabilities

5.1.25

CVE-2024-43405 VULNEREBILITY VULNEREBILITY Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template.

4.1.25

SECTOR 2024 KONFERENCE KONFERENCE SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences.

4.1.25

BLACK HAT 2024 EU KONFERENCE KONFERENCE

Black Hat Briefings (běžně označované jako Black Hat ) je konference o počítačové bezpečnosti , která poskytuje bezpečnostní konzultace, školení a instruktáže hackerům, korporacím a vládním agenturám po celém světě.

4.1.25

VB2024 KONFERENCE KONFERENCE The annual Virus Bulletin International Conference has been running since 1991, recently celebrating its 25th anniversary. The venue typically alternates between Europe and North America.

4.1.25

hitbsecconf2024bkk KONFERENCE KONFERENCE

HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world.

4.1.25

PLAYFULGHOST MALWARE RAT Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations

4.1.25

Treasury Sanctions Technology Company for Support to Malicious Cyber GroupINCIDENT APT Treasury Sanctions Technology Company for Support to Malicious Cyber Group

4.1.25

SwaetRAT MALWARE RAT We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior and a low Virustotal score (7/61).

3.1.25

Nitrogen Ransomware ALERTS RANSOM The double-extortion ransomware group known as Nitrogen has been very active over the past four months, targeting organizations across diverse sectors such as construction, financial services, manufacturing, and technology.

3.1.25

Bad Likert Judge HACKING AI Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability

3.1.25

CVE-2024-49112 VULNEREBILITY VULNEREBILITY Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

3.1.25

CVE-2024-49113 VULNEREBILITY VULNEREBILITY Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

3.1.25

Critical: .NET Install links are changing VULNEREBILITY VULNEREBILITY We are currently making an unexpected change to the way that .NET installers and archives are distributed.

2.1.25

Microsoft 365 Vulnerability VULNEREBILITY VULNEREBILITY Discovery to Resolution: A Critical Microsoft 365 Vulnerability

2.1.25

Quasar RAT MALWARE RAT Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

1.1.25

DoubleClickjacking ATTACK Web is a new variation on this classic theme: instead of relying on a single click, it takes advantage of a double-click sequence.

31.12.24

SpyMax Targets Uzbek Mobile Users Through Fake Uzum Apps ALERTS VIRUS In 2024, a malicious actor exploited Uzum's brand in a series of campaigns targeting mobile users in Uzbekistan. These campaigns utilized SpyMax, a well-known remote access trojan disguised as a fake Uzum Bank Android application, to compromise victims’ devices and steal sensitive data.

31.12.24

CVE-2024-12686 VULNEREBILITY VULNEREBILITY A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

31.12.24

CVE-2024-12356 VULNEREBILITY VULNEREBILITY A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

31.12.24

Dirty DAG VULNEREBILITY VULNEREBILITY Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration

30.12.24

Ficora and Capsaicin botnets leverage old vulnerabilities for distributionALERTS BOTNET According to the researchers from Fortinet, two Linux botnet variants Ficora and Capsaicin have been distributed in recently observed campaigns. The botnets leverage several old D-Link vulnerabilities affecting the HNAP (Home Network Administration Protocol) interface including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112.

28.12.24

Skuld Infostealer malware continues to target developers via npm registryALERTS VIRUS A malware campaign deploying the Skuld infostealer via the npm registry has been reported, targeting developers with ambiguous packages.

28.12.24

Gosar - a new Golang-based variant of Quasar backdoor ALERTS VIRUS Gosar is a recently identified Golang-based variant of the Quasar backdoor. The malware is spread in campaigns leveraging .

28.12.24

Latest XWorm distribution campaign targets the hospitality sectorALERTS VIRUS A new campaign distributing the XWorm commodity malware has been reported in the wild. The attack targets the hospitality sector in the UK.

28.12.24

Recent I2PRAT malware variant leverages anonymous peer-to-peer network communicationALERTS VIRUS The latest I2PRAT malware variant has been observed to leverage I2P anonymous peer-to-peer network for the purpose of C2 communication.

28.12.24

CVE-2024-12856 VULNEREBILITY VULNEREBILITY The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability.

28.12.24

OtterCookie MALWARE JavaScript OtterCookie, a new malware used by Contagious Interview

28.12.24

Cloud Atlas GROUP GROUP Cloud Atlas seen using a new tool in its attacks

28.12.24

CVE-2024-3393 VULNEREBILITY VULNEREBILITY CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet

28.12.24

CAPSAICIN BOTNET BOTNET Botnets Continue to Target Aging D-Link Vulnerabilities

28.12.24

CVE-2024-52046 VULNEREBILITY VULNEREBILITY The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses.

26.12.24

CVE-2024-47146 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.

26.12.24

CVE-2024-52324 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.

26.12.24

CVE-2024-48874 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.

26.12.24

CVE-2024-46874 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.

26.12.24

CVE-2024-47791 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.

26.12.24

CVE-2024-45722 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.

26.12.24

CVE-2024-47043 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.

26.12.24

CVE-2024-51727 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.

26.12.24

CVE-2024-42494 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services

26.12.24

CVE-2024-47547 VULNEREBILITY VULNEREBILITY Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.

26.12.24

CVE-2024-45387 VULNEREBILITY VULNEREBILITY An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.

26.12.24

BellaCPP MALWARE Malware BellaCPP: Discovering a new BellaCiao variant written in C++

26.12.24

CVE-2021-44207 VULNEREBILITY VULNEREBILITY Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.

26.12.24

CVE-2024-50379 VULNEREBILITY VULNEREBILITY Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).

26.12.24

CVE-2024-56337 VULNEREBILITY VULNEREBILITY Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete.

26.12.24

FlowerStorm PHISHING PHAAS Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces

22.12.24

HeartCrypt MALWARE Crypto HeartCrypt was originally discovered through underground forums and reported by security researchers in February and March 2024.

22.12.24

WezRat MALWARE RAT The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD).
21.12.24 CookiePlus Malware MALWARE Backdoor Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
21.12.24 2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged BOTNET BOTNET On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network. The impacted systems were all using default passwords.
21.12.24 cShell DDoS Bot Attack HACKING HACKING ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous external attacks.
21.12.24 CVE-2023-48788 VULNEREBILITY VULNEREBILITY (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability
21.12.24 CVE-2021-44529 VULNEREBILITY VULNEREBILITY (CVSS score: 9.8) - Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
21.12.24 CVE-2019-7256 VULNEREBILITY VULNEREBILITY (CVSS score: 10.0) - Nice Linear eMerge E3-Series OS Command Injection Vulnerability
21.12.24 CVE-2024-12356 VULNEREBILITY VULNEREBILITY BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
21.12.24 CVE-2024-12727 VULNEREBILITY VULNEREBILITY (CVSS score: 9.8) - A pre-auth SQL injection vulnerability in the email protection feature that could lead to remote code execution, if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
21.12.24 CVE-2024-12728 VULNEREBILITY VULNEREBILITY (CVSS score: 9.8) - A weak credentials vulnerability arising from a suggested and non-random SSH login passphrase for High Availability (HA) cluster initialization that remains active even after the HA establishment process completed, thereby exposing an account with privileged access if SSH is enabled.
21.12.24 CVE-2024-12729 VULNEREBILITY VULNEREBILITY (CVSS score: 8.8) - A post-auth code injection vulnerability in the User Portal that allows authenticated users to gain remote code execution.
21.12.24 CVE-2023-48782 VULNEREBILITY VULNEREBILITY (CVSS score: 8.8), an authenticated command injection flaw that has also been fixed in FortiWLM 8.6.6, to obtain remote code execution in the context of root.
21.12.24 CVE-2023-34990 VULNEREBILITY VULNEREBILITY [FortiWLM] Unauthenticated limited file read vulnerability
18.12.24 HubPhish CAMPAIGN Phishing Effective Phishing Campaign Targeting European Companies and Organizations
18.12.24 CVE-2024-53677 VULNEREBILITY VULNEREBILITY File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
18.12.24 Earth Koshchei APT APT Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
18.12.24 CVE-2024-12356 VULNEREBILITY VULNEREBILITY A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
18.12.24 CryptoRom SPAM SPAM Sha zhu pan scam uses AI chat tool to target iPhone and Android users
18.12.24 DarkGate MALWARE RAT Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
18.12.24 FLUX#CONSOLE MALWARE Backdoor Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads
17.12.2024 TA397 GROUP GROUP Proofpoint observed advanced persistent threat (APT) TA397 targeting a Turkish defense sector organization with a lure about public infrastructure projects in Madagascar.  
17.12.2024 BITTER APT APT APT BITTER APT Targets Chinese Government Agency
17.12.2024 WmRAT  MALWARE RAT Until 2016, the foreign security manufacturer Forcepoint disclosed the existence of the Manlinghua organization for the first time [1] , which had not been discovered before.
17.12.2024 MiyaRAT MALWARE RAT Bitter Group Launches New Trojan Miyarat, Domestic Users Become Primary Ttargets
17.12.2024 CoinLurker MALWARE STEALER CoinLurker: The Stealer Powering the Next Generation of Fake Updates
17.12.2024 Mask APT APT APT Careto is back: what’s new after 10 years of silence?
17.12.2024 CVE-2024-20767 VULNEREBILITY CVE (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel (Patched by Adobe in March 2024)
17.12.2024 CVE-2024-35250 VULNEREBILITY CVE (CVSS score: 7.8) - Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges (Patched by Microsoft in June 2024)
17.12.2024 DrayTek Routers EXPLOIT EXPLOIT DrayTek Routers Exploited in Massive Ransomware Campaign: Analysis and Recommendations
16.12.2024 DeceptionAds CAMPAIGN MALWARETISING “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
16.12.2024 NoviSpy MALWARE ANDROID “A Digital Prison”: Surveillance and the suppression of civil society in Serbia
16.12.2024 Glutton  MALWARE BACKDOOR Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals
16.12.2024 Melofee  MALWARE BACKDOOR New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9
16.12.2024 BADBOX  BOTNET BOTNET BADBOX Botnet Is Back
14.12.2024 Yokai MALWARE BACKDOOR New Yokai Side-loaded Backdoor Targets Thai Officials
14.12.2024 NodeLoader  MALWARE LOADER NodeLoader Exposed: The Node.js Malware Evading Detection
14.12.2024 MUT-1244 GROUP GROUP Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials
13.12.2024 CVE-2024-54143 VULNEREBILITY CVE openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. 
13.12.2024 IOCONTROL MALWARE IoT Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by Iran-affiliated attackers to attack Israel- and U.S.-based OT/IoT devices.
13.12.2024 PUMAKIT  MALWARE ROOTKIT PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers.
12.12.2024 BoneSpy  MALWARE ANDROID Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT
12.12.2024 PlainGnome MALWARE ANDROID Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT
12.12.2024 Gamaredon  GROUP APT Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware.
12.12.2024 CVE-2024-44131 VULNEREBILITY CVE Unauthorized access to iCloud: analyzing an iOS vulnerability that could expose sensitive data to attackers
12.12.2024 CVE-2024-11972 VULNEREBILITY CVE Unauthorized Plugin Installation/Activation in Hunk Companion
11.12.2024 Secret Blizzard GROUP GROUP Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
11.12.2024 Kazuar MALWARE BACKDOOR Upgraded Kazuar Backdoor Offers Stealthy Power
11.12.2024 Windows UI Automation HACKING HACKING Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation
11.12.2024 Microsoft Azure MFA Bypass VULNEREBILITY CVE Oasis Security Research Team Discovers Microsoft Azure MFA Bypass
11.12.2024 Zloader’s  MALWARE TROJAN Inside Zloader’s Latest Trick: DNS Tunneling
11.12.2024 EagleMsgSpy  MALWARE SPYWARE Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus
11.12.2024 Rakshasa  APT APT Likely China-based Attackers Target High-profile Organizations in Southeast Asia
11.12.2024 CVE-2024-11639  VULNEREBILITY CVE (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access
11.12.2024 CVE-2024-11772 VULNEREBILITY CVE (CVSS score: 9.1) - A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution
11.12.2024 CVE-2024-11773  VULNEREBILITY CVE (CVSS score: 9.1) - An SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements
11.12.2024 CVE-2024-11633 VULNEREBILITY CVE (CVSS score: 9.1) - An argument injection vulnerability in Ivanti Connect Secure before version 22.7R2.4 that allows a remote authenticated attacker with admin privileges to achieve remote code execution
11.12.2024 CVE-2024-11634  VULNEREBILITY CVE (CVSS score: 9.1) - A command injection vulnerability in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 that allows a remote authenticated attacker with admin privileges to achieve remote code execution
11.12.2024 CVE-2024-8540  VULNEREBILITY CVE  (CVSS score: 8.8) - An insecure permissions vulnerability in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 that allows a local authenticated attacker to modify sensitive application components
10.12.2024 CVE-2024-55956 VULNEREBILITY CVE In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
10.12.2024 Antidot  MALWARE BANKING AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
10.12.2024 Operation Digital Eye OPERATION APT Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels
10.12.2024 Operation Soft Cell OPERATION APT Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers
10.12.2024 Operation Tainted Love OPERATION APT Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
09.12.2024 Drops Zbot CAMPAIGN RANSOMWARE Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
09.12.2024 Socks5Systemz BOTNET BOTNET PROXY.AM Powered by Socks5Systemz Botnet
07.12.2024 Realst MALWARE STEALER Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows
06.12.2024 Pegasus MALWARE MOBILE iVerify Mobile Threat Investigation Uncovers New Pegasus Samples
06.12.2024 Exploiting ML Clients and “Safe” Model Formats AI   Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats
06.12.2024 CVE-2024-27132 VULNEREBILITY CVE (CVSS score: 7.2) - An insufficient sanitization issue in MLflow that leads to a cross-site scripting (XSS) attack when running an untrusted recipe in a Jupyter Notebook, ultimately resulting in client-side remote code execution (RCE)
06.12.2024 CVE-2024-6960 VULNEREBILITY CVE (CVSS score: 7.5) - An unsafe deserialization issue in H20 when importing an untrusted ML model, potentially resulting in RCE
06.12.2024 CVE-2023-5245 VULNEREBILITY CVE (CVSS score: 7.5) - A path traversal issue in MLeap when loading a saved model in zipped format can lead to a Zip Slip vulnerability, resulting in arbitrary file overwrite and potential code execution
06.12.2024 Venom  MALWARE LOADER Unveiling RevC2 and Venom Loader
06.12.2024 GammaDrop MALWARE DROPPER BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure
06.12.2024 DroidBot MALWARE ANDROID DroidBot: Insights from a new Turkish MaaS fraud operation
06.12.2024 CVE-2024-41713 VULNEREBILITY CVE A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201)
05.12.2024 MOONSHINE  EXPLOIT EXPLOIT KIT MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
05.12.2024 Earth Kasha Spear CAMPAIGN PHISHING Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024
05.12.2024 CVE-2024-51378 VULNEREBILITY CVE (CVSS score: 10.0) - An incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property
05.12.2024 CVE-2023-45727  VULNEREBILITY CVE (CVSS score: 7.5) - An improper restriction of XML External Entity (XXE) reference vulnerability that could allow a remote, unauthenticated attacker to conduct an XXE attack
05.12.2024 CVE-2024-11680 VULNEREBILITY CVE (CVSS score: 9.8) - An improper authentication vulnerability that allows a remote, unauthenticated attacker to create accounts, upload web shells, and embed malicious JavaScript
05.12.2024 CVE-2024-11667  VULNEREBILITY CVE (CVSS score: 7.5) - A path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL
04.12.2024 Snowblind APT APT Snowblind: The Invisible Hand of Secret Blizzard
04.12.2024 Secret Blizzard CAMPAIGN ESPIONAGE Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
04.12.2024 CVE-2024-42448 VULNEREBILITY CVE From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
04.12.2024 CVE-2024-10905 VULNEREBILITY CVE IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.
04.12.2024 ANY.RUN EXPLOIT EXPLOIT The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox 
03.12.2024 CVE-2014-2120 VULNEREBILITY CVE Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
03.12.2024 CVE-2024-5921 VULNEREBILITY CVE (CVSS score: 5.6) - An insufficient certificate validation vulnerability impacting Palo Alto Networks GlobalProtect for Windows, macOS, and Linux that allows the app to be connected to arbitrary servers, leading to the deployment of malicious software (Addressed in version 6.2.6 for Windows)
03.12.2024 CVE-2024-29014  VULNEREBILITY CVE (CVSS score: 7.1) - A vulnerability impacting SonicWall SMA100 NetExtender Windows client that could allow an attacker to execute arbitrary code when processing an End Point Control (EPC) Client update. (Affects versions 10.2.339 and earlier, addressed in version 10.2.341)
03.12.2024 Kimsuky  APT APT Analysis of Kimsuky Threat Actor's Email Phishing Campaign
03.12.2024 NetSupport RAT MALWARE RAT Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
03.12.2024 BurnsRAT MALWARE RAT Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
02.12.2024 SmokeLoader MALWARE LOADER SmokeLoader Attack Targets Companies in Taiwan
02.12.2024 SpyLoan MALWARE SPYWARE SpyLoan: A Global Threat Exploiting Social Engineering