A week in security (June 30 – July 6)

Last week on Malwarebytes Labs: Drug cartel hacked cameras and phones to spy on FBI and identify witnesses Catwatchful "child monitoring" app exposes victims’ data Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams Qantas: Breach affects 6 million people, "significant"...

CVE-2025-30528

creationtimestamp| type| source ---|---|--- 2025-03-24 14:40:11+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3ll4yegdftk22 2025-03-24 14:48:30+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114217956754829777 2025-03-24 16:39:39+00:00| seen|...

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite ZCS to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in...

CVE-2024-13639

creationtimestamp| type| source ---|---|--- 2025-02-13 08:30:50+00:00| seen| https://infosec.exchange/users/cve/statuses/113995641624064014 2025-02-13 09:15:40+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li2e2anebm2g 2025-02-13 10:09:02+00:00| seen|...

CVE-2024-57052

creationtimestamp| type| source ---|---|--- 2025-01-27 22:58:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113902794945002521 2025-01-27 23:15:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgr32ixnrh2f 2025-01-28 02:04:12+00:00| seen|...

CVE-2025-21524

creationtimestamp| type| source ---|---|--- 2025-01-21 21:17:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrobymzh2j 2025-01-21 21:48:57+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113868546792768210 2025-01-22 15:49:21+00:00| seen|...

CVE-2024-11793

creationtimestamp| type| source ---|---|--- 2024-11-27 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1619/ 2024-11-27 23:57:50+00:00| seen| https://infosec.exchange/users/cve/statuses/113557626580857834 2024-12-03 11:00:00+00:00| seen|...

CVE-2022-20128

creationtimestamp| type| source ---|---|--- 2022-09-11 20:20:47+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6778 2022-09-13 14:05:05+00:00| published-proof-of-concept| https://t.me/CNArsenal/259 2023-03-28 08:55:29+00:00| published-proof-of-concept|...

Threat Source Newsletter (Dec. 2, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. The Thanksgiving holiday in the U.S. didn't slow us down at all, even though we were all still trying to sleep off the food coma from the long weekend. But we came back this week with lots of fun content. Cisco received... This is...

A week in security (Nov 1 – Nov 7)

Last week on Malwarebytes Labs Celebrity jewelry house Graff falls victim to ransomware Lessons from a real-life ransomware attack Is Apples Safari browser the last, best hope for web privacy? What is Twitch? Google patches zero-day vulnerability, and others, in Android Zuckerbergs Metaverse, and...

Announcing the Zero Trust Deployment Center

Organizations have been digitally transforming at warp speed in response to the way businesses operate and how people work. As a result, digital security teams have been under immense pressure to ensure their environments are resilient and secure. Many have turned to a Zero Trust security model t...