2025 January(141) February(191) March(268) April(349) May(260) June(502) July(25) August(0) September(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
5.7.25 | ZDI-25-472 | Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-471 | Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-470 | Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-469 | Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-468 | GFI Archiver Telerik Web UI Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | ZDI-25-467 | GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
ZERO-DAY |
|
5.7.25 | CVE-2025-20309 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, | VULNEREBILITY | VULNEREBILITY |
5.7.25 | CVE-2025-6463 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including, 1.44.2. | VULNEREBILITY | VULNEREBILITY |
5.7.25 | FileFix (Part 2) | Last week I released the FileFix attack blog post which is an alternative to the traditional ClickFix attack. This blog post explores another variation to the original FileFix attack. | ATTACK | ATTACK |
5.7.25 | Chisel | Chisel is an open-source project by Jaime Pillora (jpillora) that allows tunneling TCP and UDP connections via HTTP. It is available across platforms and written in Go. While benign in itself, Chisel has been utilized by multiple threat actors. It was for example observed by SentinelOne during a PYSA ransomware campaign to achieve persistence and used as backdoor. | MALWARE | Backdoor |
5.7.25 | CVE-2025-32462 | (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines | VULNEREBILITY | VULNEREBILITY |
5.7.25 | CVE-2025-32463 | (CVSS score: 9.3) - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option | VULNEREBILITY | VULNEREBILITY |
4.7.25 | The Continuous Evolution of Ad Fraud Exploiting App Stores as a Front | The IAS Threat Lab has uncovered "Kaleidoscope," an insidiously adaptive Android ad fraud operation that employs legitimate-looking apps hosted on Google Play as a deceptive façade, while its malicious duplicate counterparts, distributed predominantly through third-party app stores, drive fraudulent ad supply. | REPORT | REPORT |
3.7.25 | HOUKEN | SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS | REPORT | REPORT |
3.7.25 | CVE-2025-20309 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. | VULNEREBILITY | VULNEREBILITY |
3.7.25 | NimDoor | macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware | MALWARE | macOS |
2.7.25 | Braodo infostealer hosts downloaded components on GitHub | A recently observed campaign involving Braodo stealer malware leveraged GitHub to house multiple components downloaded in the attack chain. | ALERTS | VIRUS |
2.7.25 | CVE-2025-4322: WordPress Motors theme privilege escalation vulnerability | CVE-2025-4322 is a critical unauthenticated privilege escalation vulnerability (CVSS 9.8) affecting the WordPress Motors theme in versions up to 5.6.67. | VULNEREBILITY | |
2.7.25 | EmailJS and HubSpot Abused in CCMA Phishing Scheme | A new phishing campaign is circulating under the guise of a legal summons from South Africa’s Commission for Conciliation, Mediation and Arbitration (CCMA), leveraging urgency and fear to pressure recipients into action. | PHISHING | |
2.7.25 | Nebulous Mantis | (a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is a Russian-speaking cyber espionage group that has actively deployed the RomCom remote access trojan (RAT) and Hancitor loader in targeted campaigns since mid-2019. | CAMPAIGN | CAMPAIGN |
2.7.25 | TransferLoader | Zscaler ThreatLabz has identified a new malware loader that we have named TransferLoader, which has been active since at least February 2025. | MALWARE | LOADER |
2.7.25 | DAMASCENED PEACOCK | A lightweight, staged downloader targeting Windows, delivered via spear-phishing. | MALWARE | DOWNLOADER |
2.7.25 | CVE-2025-49596 | The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio | VULNEREBILITY | VULNEREBILITY |
1.7.25 | CVE-2025-6554 | Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | VULNEREBILITY | VULNEREBILITY |
1.7.25 |
Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest |
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) (hereafter referred to as the authoring agencies) strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors. | REPORT | REPORT |