PT-2026-48334

Check Point warns that outdated IKEv1 VPN protocol vulnerabilities are actively exploited in ransomware-linked attacks, urging organizations to implement emergency hotfixes. Key Points: - Vulnerabilities in the outdated IKEv1 VPN protocol are being actively exploited. - Attackers can bypass...

Why Outdated Maintenance Software Is a Growing Ransomware Risk

Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers...

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control C2 framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner...

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Dock...

PT-2026-1644

Veeam Backup & Replication and Affected Versions Veeam Backup & Replication versions 13.0.1.180 and earlier Description A critical remote code execution RCE vulnerability exists in Veeam Backup & Replication software. This flaw, tracked as CVE-2025-59470, has a CVSS score of 9.0 and allows a user...

EUVD-2020-5022

Malware in sbrugna...

EUVD-2023-34457

Malicious code in bioql PyPI...

New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack

Red Canary uncovers 'Mocha Manakin,' a new threat using paste and runs to deliver custom NodeInitRAT malware, potentially leading to ransomware. Learn to protect your systems...

GHSA-M37H-8R48-2CXJ H2O Vulnerable to Execution of Arbitrary Files

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

CVE-2024-6863 Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0, which stems from a custom encryption tool endpoint that does not restrict encrypted files, potentially leading to ransomware behavior...

PT-2025-9250

Name of the Vulnerable Software and Affected Versions Paragon Partition Manager version 7.9.1 Description The issue concerns an arbitrary kernel memory vulnerability facilitated by the memmove function, which does not validate or sanitize user-controlled input, allowing an attacker to write...

Fixed vulnerabilities in several Veeam products.

Veeam has fixed vulnerabilities in several products, including Backup & Replication, ONE, Service Provider Console and Agent. UPDATE: POC code is now available online and CVE-2024-40711 has recently been actively abused to roll out ransomware. A malicious party can exploit the vulnerabilities to...

PT-2023-22514 · Magicjack · Magicjack A921 Usb Phone Jack

Name of the Vulnerable Software and Affected Versions: MagicJack A921 USB Phone Jack versions prior to Rev 3.0 V1.4 Description: The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can...

CVE-2023-30024

The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer...

The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late

Here's a hard question to answer: 'How many service accounts do you have in your environment?'. A harder one is: 'Do you know what these accounts are doing?'. And the hardest is probably: 'If any of your service account was compromised and used to access resources would you be able to detect and...

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

In this blog entry, we present a case study that illustrates how data-science techniques can be used to gain valuable insights about ransomware groups' targeting patterns as detailed in our research paper, “What Decision-Makers Need to Know About Ransomware Risk.”...

Unitrends Backup elevation of privilege vulnerability (CNVD-2021-95944)

Unitrends Backup is designed to eliminate data loss, ransomware and risk. An elevation of privilege vulnerability exists in versions of Unitrends Backup prior to 10.5.5, which originates from the creation of arbitrary writable files on a privileged vault server, and can be exploited by an attacke...

Unitrends Backup Arbitrary File Read Vulnerability

Unitrends Backup is designed to eliminate data loss, ransomware and risk. An arbitrary file read vulnerability exists in versions of Unitrends Backup prior to 10.5.5, which can be exploited by an attacker to read arbitrary files on the system...

Unspecified Vulnerability in Unitrends Backup

Unitrends Backup is designed to eliminate data loss, ransomware and risk. A security vulnerability exists in versions of Unitrends Backup prior to 10.5.5, which can be exploited by an attacker to write malicious files with elevated privileges...