112 matches found
Unmasking the new XorDDoS controller and infrastructure
Cisco Talos observed an existing distributed denial-of-service DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the United States from Nov. 2023 to Feb. 2025. Th...
CVE-2025-30730
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object...
Oracle Linux 9 : nginx:1.22 (ELSA-2025-3261)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3261 advisory. - Resolves: RHEL-84486 - nginx:1.22/nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 - Resolves: RHEL-12737 - nginx:1.22/nginx: HTTP/...
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 CVSS v4 score: 9.3, a critical operating system command injection flaw that a...
X users report login troubles as Dark Storm claims cyberattack
In the early morning hours of March 10, thousands of users on X formerly Twitter began having trouble logging into the platform. It was only the first service blip of at least three to come that same day and, if one cybercriminal group is to be believed, it was all on purpose. “Twitter has been...
Linux Distros Unpatched Vulnerability : CVE-2025-24356
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd wil...
Linux Distros Unpatched Vulnerability : CVE-2020-14312
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it...
CVE-2025-24356
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast...
CVE-2025-24356 UDP traffic amplification via fastd's fast reconnect feature
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast...
CVE-2025-24356 UDP traffic amplification via fastd's fast reconnect feature
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast...
CVE-2025-24356 UDP traffic amplification via fastd's fast reconnect feature
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast...
CVE-2025-24356
The CVE-2025-24356 affects the fastd VPN daemon. When fastd receives a data packet from an unknown IP/port, it may assume a peer moved and trigger a fast-reconnect handshake (~150 bytes of UDP payload), creating an amplification factor of about 12–13 for UDP traffic. This can be exploited by spoo...
Misskey 安全漏洞
Misskey is a permanently free open source federated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 2024.10.1 and earlier, which stems from an undetected proxy loop that allows a remote participant to perform a self-propagating...
German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested
German law enforcement authorities have announced the disruption of a criminal service called dstat.cc that made it possible for other threat actors to easily mount distributed denial-of-service DDoS attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those...
Ransomware Groups Demystified: CyberVolk Ransomware
As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024. Unlike traditional ransomware groups, CyberVolk initially positione...
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...
RHEL 5 : dnsmasq (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attack...
Distributed Denial Of Service (DDoS)
silverstripe/graphql is vulnerable to Distributed Denial Of Service attacks. The vulnerability is due to publicly exposed graphql schemas because it does not properly validate recursive queries, allowing an attacker to send recursive queries into the system...
CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...
CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...