334 matches found
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment...
Dissecting PipeMagic: Inside the architecture of a modular backdoor framework
Among the plethora of advanced attacker tools that exemplify how threat actors continuously evolve their tactics, techniques, and procedures TTPs to evade detection and maximize impact, PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Deskto...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 WinRAR Proof of Concept PoC-Exploit !PoCht...
Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors
The Dutch National Cyber Security Centre NCSC-NL has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC products to breach organizations in the country. The NCSC-NL said it discovered the exploitation of CVE-2025-6543 targeting several...
Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls
Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform OTP SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology OT networks. The vulnerability in questio...
Linux Distros Unpatched Vulnerability : CVE-2024-27059
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: usb-storage: Prevent divide-by-0 error in isd200atacommand The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information...
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were...
UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns
Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 aka Unknown Group 0002 as part of a broader cyber espionage campaign. "This threat entity demonstrates a strong preference for using shortcut files LNK, VBScript, and...
Lessons for Cybersecurity from the American Public Health System
The United States needs national institutions and frameworks to systematically collect cybersecurity data, measure outcomes, and coordinate responses across government and private sectors, similar to how public health systems track and address disease outbreaks...
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than...
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Executive summary: Void Blizzard is a new threat actor Microsoft Threat Intelligence has observed conducting espionage operations primarily targeting organizations that are important to Russian government objectives. These include organizations in government, defense, transportation, media, NGOs,...
CVE-2021-26951
An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...
CVE-2021-1983
Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables...
DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics
Russian companies have been targeted as part of a large-scale phishing campaign that's designed to deliver a known malware called DarkWatchman. Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnolog...
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt...
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities...
CVE-2025-21874
In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journalsectors is zero. Calculating the journal watermark requires dividing by journalsectors, which should be done only...
SUSE CVE-2025-21874
In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journalsectors is zero. Calculating the journal watermark requires dividing by journalsectors, which should be done only...
CVE-2025-21874
CVE-2025-21874 is a Linux kernel vulnerability in dm-integrity, where in Inline mode the journal is unused and journal_sectors can be zero. Calculating the journal watermark divides by journal_sectors, which can trigger an OOPS during a simple dmsetup table query. The issue was observed on some s...
CVE-2025-21874 dm-integrity: Avoid divide by zero in table status in Inline mode
In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journalsectors is zero. Calculating the journal watermark requires dividing by journalsectors, which should be done only...