ESET Threat Report H2 2025

This is the H2 2025 issue of the ESET Threat Report. It covers everything from AI malware to NFC threat trends. The threat statistics and trends presented in this report are based on global telemetry data from ESET...

CVE-2025-54470

Summary: CVE-2025-54470 affects NeuVector telemetry sender when the “Report anonymous cluster data” option is enabled. The root cause is failure to verify the telemetry server’s TLS certificate and hostname, enabling MITM attacks, and unbounded in-memory loading of the server response, enabling p...

SUSE CVE-2025-54470

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in transmission of telemetry data. An attacker can perform a man-in-the-middle attack to intercept or modify data in transit. Additionally, they can exhaust system memory by returning oversized responses...

NeuVector telemetry sender is vulnerable to MITM and DoS

Impact This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server at https://upgrades.neuvector-upgrade-responder.livestock.rancher.io. In affected...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

EUVD-2025-34617

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain encrypted application metadata, including device information, geolocation, and telemetry data...

CVE-2025-6026

CVE-2025-6026 concerns Lenovo Universal Device Client (UDC). The issue is improper certificate validation that could allow an attacker capable of intercepting network traffic to access application metadata, including device information, geolocation, and telemetry data. The security details indica...

EUVD-2024-2648

Malicious code in bioql PyPI...

EUVD-2023-43720

Malicious code in bioql PyPI...

EUVD-2023-28562

Malicious code in bioql PyPI...

EUVD-2023-2660

Malicious code in bioql PyPI...

CVE-2025-10542

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...

Security Bulletin: Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured tokens, affects watsonx.data

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. This impacts anyone using the bearertokenauth server authenticator. Malicious clients with network access to the collector may perform a...

[SECURITY] Fedora 42 Update: qt6-qtmqtt-6.9.1-1.fc42

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

Malicious code in stubsoutagn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d6fba8f0ef8a9e8c54dd8fd281d9202994fc306f4bb614f6cf3ace71fff6164 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...

Stay Ahead of Cyber Threats Sweeping Container Telemetry data

Threat Intelligence Sweeping starts to support sweep container security telemetry data. It helps identify possible attacks happened based on TI intelligence in container environment. The trigger events are visible in workbench alert...

CVE-2023-24546

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts...