2025 January(141)  February(191) March(268) April(349) May(260) June(502) July(25) August(0) September(0) 

DATE

NAME

INFO

CATEGORY

SUBCATE

5.7.25 ZDI-25-472 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-471 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-470 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-469 Delta Electronics CNCSoft Screen Editor DPB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-468 GFI Archiver Telerik Web UI Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 ZDI-25-467 GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZERO-DAY

ZERO-DAY

5.7.25 CVE-2025-20309 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, VULNEREBILITY VULNEREBILITY
5.7.25 CVE-2025-6463 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including, 1.44.2. VULNEREBILITY VULNEREBILITY
5.7.25 FileFix (Part 2) Last week I released the FileFix attack blog post which is an alternative to the traditional ClickFix attack. This blog post explores another variation to the original FileFix attack. ATTACK ATTACK
5.7.25 Chisel Chisel is an open-source project by Jaime Pillora (jpillora) that allows tunneling TCP and UDP connections via HTTP. It is available across platforms and written in Go. While benign in itself, Chisel has been utilized by multiple threat actors. It was for example observed by SentinelOne during a PYSA ransomware campaign to achieve persistence and used as backdoor. MALWARE Backdoor
5.7.25 CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines VULNEREBILITY VULNEREBILITY
5.7.25 CVE-2025-32463 (CVSS score: 9.3) - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option VULNEREBILITY VULNEREBILITY
4.7.25 The Continuous Evolution of Ad Fraud Exploiting App Stores as a Front  The IAS Threat Lab has uncovered "Kaleidoscope," an insidiously adaptive Android ad fraud operation that employs legitimate-looking apps hosted on Google Play as a deceptive façade, while its malicious duplicate counterparts, distributed predominantly through third-party app stores, drive fraudulent ad supply. REPORT REPORT
3.7.25 HOUKEN SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS REPORT REPORT
3.7.25 CVE-2025-20309 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. VULNEREBILITY VULNEREBILITY
3.7.25 NimDoor macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware MALWARE macOS
2.7.25 Braodo infostealer hosts downloaded components on GitHub A recently observed campaign involving Braodo stealer malware leveraged GitHub to house multiple components downloaded in the attack chain. ALERTS VIRUS
2.7.25 CVE-2025-4322: WordPress Motors theme privilege escalation vulnerability CVE-2025-4322 is a critical unauthenticated privilege escalation vulnerability (CVSS 9.8) affecting the WordPress Motors theme in versions up to 5.6.67.

ALERTS

VULNEREBILITY
2.7.25 EmailJS and HubSpot Abused in CCMA Phishing Scheme A new phishing campaign is circulating under the guise of a legal summons from South Africa’s Commission for Conciliation, Mediation and Arbitration (CCMA), leveraging urgency and fear to pressure recipients into action.

ALERTS

PHISHING
2.7.25 Nebulous Mantis (a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is a Russian-speaking cyber espionage group that has actively deployed the RomCom remote access trojan (RAT) and Hancitor loader in targeted campaigns since mid-2019. CAMPAIGN CAMPAIGN
2.7.25 TransferLoader Zscaler ThreatLabz has identified a new malware loader that we have named TransferLoader, which has been active since at least February 2025. MALWARE LOADER
2.7.25 DAMASCENED PEACOCK A lightweight, staged downloader targeting Windows, delivered via spear-phishing. MALWARE DOWNLOADER
2.7.25 CVE-2025-49596 The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio VULNEREBILITY VULNEREBILITY
1.7.25 CVE-2025-6554 Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) VULNEREBILITY VULNEREBILITY
1.7.25 Iranian Cyber Actors May Target Vulnerable
US Networks and Entities of Interest
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) (hereafter referred to as the authoring agencies) strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors. REPORT REPORT