EUVD-2025-2626

Malicious code in bioql PyPI...

EUVD-2024-16001

Malicious code in bioql PyPI...

EUVD-2022-34211

Malicious code in bioql PyPI...

EUVD-2022-30039

Malicious code in bioql PyPI...

EUVD-2023-57398

Malicious code in bioql PyPI...

CVE-2025-7779

CVE-2025-7779: Local privilege escalation due to insecure XPC service configuration. Affects Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, and Acronis True Image for Western Digital (macOS) before build 42197. Remediation: upgrade to bui...

SUSE SLES15 Security Update : nvidia-open-driver-G06-signed (SUSE-SU-2025:03424-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03424-1 advisory. Updated CUDA variant to 580.82.07: - CVE-2025-23277: Fixed access memory outside bounds permitted under normal use cases in NVIDIA...

SUSE-SU-2025:03424-1 Security update for nvidia-open-driver-G06-signed

This update for nvidia-open-driver-G06-signed fixes the following issues: Updated CUDA variant to 580.82.07: - CVE-2025-23277: Fixed access memory outside bounds permitted under normal use cases in NVIDIA Display Driver bsc1247528. - CVE-2025-23278: Fixed improper index validation by issuing a ca...

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks

Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugXaka Korplug or SOGU. "The new variant's features overlap with both the RainyDay and Turian backdoors,...

XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild that introduces further updates and new modules beyond those detailed in our March 2025 blog post. The XCSSET malware is designed to infect Xcode projects, typically used by software developers, and run while an...

SUSE-SU-2025:20741-1 Security update for nvidia-open-driver-G06-signed

This update for nvidia-open-driver-G06-signed fixes the following issues: Update non-CUDA variant to 580.82.07 bsc1249235 Update non-CUDA variant to 580.76.05 bsc1247907 - get rid of rule of older KMPs not to load nvidiadrm module, which are still installed in parallel and therefore still active...

New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site

Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. "The observed campaign uses a highly convincing, multilingual phishing site e.g., fake Facebook Security page, with...

Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds

A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 DDR5 memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix CVE-2025-6202, CVSS score: 7.1, is capable of bypassing...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Linux Distros Unpatched Vulnerability : CVE-2022-30591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go through 0.27.0 allows remote attackers to cause a denial of service CPU consumption via a Slowloris variant in which incomplete QUIC or HTTP/3 requests...

Linux Distros Unpatched Vulnerability : CVE-2021-30470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant and PdfTokenizer::ReadDataType...

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing's strategic interests. "This multi-stage attack chain leverages advanced social engineering including valid code signing...

postMessaged and Compromised

At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the...

COOKIE SPIDER’s Malvertising Drops New SHAMOS macOS Malware

CrowdStrike reports COOKIE SPIDER using malvertising to spread SHAMOS macOS malware a new variant of AMOS infostealer, stealing…...

Fake Copyright Notices Drop New Noodlophile Stealer Variant

Morphisec warns of a new Noodlophile Stealer variant spread via fake copyright phishing emails, using Dropbox links and…...