ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Cybersecurity researchers have detailed the activities of an initial access broker IAB dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning...

Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs

In 2023, Cisco Talos discovered an extensive compromise in a critical infrastructure enterprise consisting of a combination of threat actors. From initial access to double extortion, these actors slowly and steadily compromised a multitude of hosts in the network using a combination of various...

CVAD - Published app in windowed mode disappears offscreen when minimized

After launching non-seamless app, if the app gets minimized, the user unable to restore it back. The non-seamless app minimizes and disappears and cannot be retrieved unless the user invokes the task switcher with hotkey combinations. The issue also occurs when using RDP initial app testing...

Vulnerability of the lpfc_initial_flogi() function in the drivers/scsi/lpfc/lpfc_els.c module – The SCSI device support driver for the Linux operating system, which allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the lpfcinitialflogi function in the drivers/scsi/lpfc/lpfcels.c module – The Linux SCSI device driver relies on the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

Initial Access Brokers Shift Tactics, Selling More for Less

What are IABs? Initial Access Brokers IABs specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like soci...

SUSE CVE-2025-0927

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAPSYSADMIN in the initial user namespace. That includes delegated mounting...

Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker

A new investigation has unearthed nearly 200 unique command-and-control C2 domains associated with a malware called Raspberry Robin. "Raspberry Robin also known as Roshtyak or Storm-0856 is a complex and evolving threat actor that provides initial access broker IAB services to numerous criminal...

CVE-2025-0927

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAPSYSADMIN in the initial user namespace. That includes delegated mounting...

SUSE CVE-2022-49085

In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...

DEBIAN-CVE-2022-49615

In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe function. But, the rt711-component doesn't be assigned yet. If IO error happened during initial...

DEBIAN-CVE-2022-49085

In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...

CVE-2022-49085

In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...

PT-2025-7889 · O Ran · O-Ran Near Realtime Ric

Name of the Vulnerable Software and Affected Versions: O-RAN Near Realtime RIC I-Release affected versions not specified Description: An issue was discovered that allows an attacker to disrupt the initial connection between a gNB and the Near RT-RIC. This can be achieved by sending a high volume ...

postgresql:16 security update

pgaudit pgrepack 1.5.1-1 - Update to v1.5.1 pgvector 0.6.2-1 - Initial packaging postgres-decoderbufs postgresql 16.8-1 - Update to 16.8 - Fix CVE-2025-1094...

postgresql:16 security update

pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1 postgres-decoderbufs 2.4.0-1.Final - Initial import for postgresql 16 stream - Related: RHEL-3636 postgresql 16.8-1 - Update to 16.8 - Fix CVE-2025-10...

UBUNTU-CVE-2025-0927

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAPSYSADMIN in the initial user namespace. That includes delegated mounting...

Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries

A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enabl...

CVE-2024-56921

An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmmstateexception function upon receipt of the NausfUEAuthenticationAuthenticate response...

Open5GS Denial of Service Vulnerability (CNVD-2025-03154)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited to cause a denial of service by an attacker who sends an "Initial UE Message" that lacks the required...

Open5GS Denial of Service Vulnerability (CNVD-2025-03148)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited to cause a denial of service by an attacker who would send an initial UE message'' message that lacks th...