Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. "Instead of relying solely on traditional command-and-control C2 servers that...

CVE-2025-22607

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by only knowing the UU...

PT-2025-4593 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.361 Description: The issue is related to missing authorization in Coolify, allowing any authenticated user to access sensitive information, including client id, client secret, and webhook secret, for any...

PT-2021-7106 · Unknown · Ajax.Net Professional

Name of the Vulnerable Software and Affected Versions: Ajax.NET Professional AjaxPro versions prior to 21.12.22.1 Description: The issue relates to JavaScript object injection, which may result in cross-site scripting when leveraged by a malicious user. This occurs due to the deserialization of...