Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 — FortiWeb Critical SQL Injection Vulnerability...

XZ Utils Backdoored, A Supply Chain Nightmare

Summary: Multiple Linux distributions face a potential supply chain threat due to the introduction of malicious code into a widely-used library. A backdoor was discovered within the XZ Utils library, inserted roughly a month ago. This compromise allows attackers to manipulate and intercept data...

Google Patches Critical Zero-Day Exploits Found at Pwn2Own

Summary: Google patched two zero-day vulnerabilities in Chrome CVE-2024-2886, CVE-2024-2887 from Pwn2Own Vancouver 2024, allowing arbitrary code execution. Updating Chrome is essential to ensure youre protected. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download th...

StrelaStealer Resurfaces with Upgraded Attack Chain

Summary: A recent wave of phishing attacks has been detected, targeting over 100 organizations across the United States and the European Union. These attacks aim to distribute StrelaStealer, a dynamic information-stealing malware. The attackers employ spam emails containing attachments that...

Evil Ant The Python-Powered Ransomware

Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...

Unveiling AcidPour Evolution of Destructive Malware Targeting Ukraine

Summary: AcidPour, a variant of the destructive AcidRain wiper malware previously used during the Russia-Ukraine conflict, signals a heightened threat to Ukraines critical infrastructure. By targeting Linux UBI and DM logic, AcidPour poses a significant risk to large storage devices and RAID...

Critical Flaw In Ivanti Standalone Sentry Leads To Remote Code Execution

Summary: Ivanti Standalone Sentry has been identified as vulnerable to a critical remote code execution flaw, tracked as CVE-2023-41724. Exploiting this vulnerability, a remote attacker could gain unauthorized access to the target system and execute arbitrary commands. Threat Level - Red |...

From Observer to Asuka – The Reinvention of Stealer

Summary: A malware-as-a-service MaaS called AsukaStealer, advertised on a Russian-language cybercrime forum by the alias breakcore, has surfaced. Priced at $80 per month, AsukaStealer is written in C++ and features customizable configurations and a user-friendly interface designed for harvesting...

Unveiling BunnyLoader 3.0 Enhanced Malware Capabilities

Summary: BunnyLoader 3.0, which has been active since September 2023, is a malicious malware variant known for its enhanced data theft and advanced keylogging capabilities. This modular malware provides attackers with flexibility and presents challenges in terms of detection. Despite its global...

Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover

Summary: A critical security vulnerability, identified as CVE-2024-2172 in WordPress, urges users utilizing miniOranges Malware Scanner and Web Application Firewall plugins to uninstall these plugins from their websites. This vulnerability enables unauthorized attackers to gain administrative...

Evasive Panda China-Linked Cyberespionage Targeting Tibetans

Summary: Evasive Panda, a threat actor associated with China, has masterminded an intricate cyberespionage campaign targeting Tibetan users since at least September 2023. This operation employs both watering hole and supply chain attacks to achieve its objectives. Threat Level - Red | Attack Repo...

Critical VMware Vulnerabilities Leading To Sandbox Escape

Summary: Critical vulnerabilities tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 have been addressed by Vmware. These vulnerabilities allow attackers to bypass virtual machines and execute commands on the host machine. Workstation, Fusion, Cloud Foundation, and VMwa...

SapphireStealer’s Stealthy Invasion via Deceptive Legal Documents

Summary: An intricate campaign aimed at Russian individuals has emerged, showcasing the SapphireStealer malware, a publicly available information-stealing tool introduced in December 2022. The incorporation of social engineering techniques significantly enhances the efficacy of these campaigns,...

Misconfigured Servers Targeted with New Golang Malwares

Summary: In a newly observed malware campaign, threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services. The campaign aims to deliver a cryptocurrency miner and establish a reverse shell for persistent remote...

Apple Rolls Out Critical Updates to Address Zero-Day Flaws

Summary: Apple has addressed two zero-day vulnerabilities in iOS, namely CVE-2024-23225 and CVE-2024-23296. These vulnerabilities were exploited in attacks targeting Mobile devices, providing attackers with arbitrary kernel read and write privileges, enabling them to bypass kernel memory...

CHAVECLOAK Banking Trojan Sneaks into Brazil’s Financial Hub

Summary: The CHAVECLOAK banking trojan is purposefully crafted to target the banking credentials of individuals in Brazil, highlighting the ongoing focus of cyber criminals on the nations financial sector. Threat Level - Amber | Attack Report For a detailed threat advisory, download the pdf file...

Ivanti Gateways Under Attack by Cybercriminals Patch Now

Summary: Cyber threat actors have been exploiting vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways, including CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, which allow them to bypass authentication and execute arbitrary commands with elevated privileges. Despite...

BlackCat’s Resurgence Despite Law Enforcement Disruptions

Summary: Blackcat, a sophisticated Ransomware-as-a-Service operation, infiltrates networks using advanced social engineering and remote access tools, offering triple extortion tactics and cyber remediation advice for ransom payment, and resurged after a December 2023 disruption, causing widesprea...

Unmasking Doppelgänger: Russia’s Disinformation Campaign Revealed

Summary: Doppelgänger, a suspected Russia-aligned influence operation network targeting German audiences with propaganda and disinformation, potentially aiming to sway opinions ahead of elections. Doppelgänger employs coordinated social media activities and a dynamic infrastructure to maximize it...

Abyss Locker’s Substantial Threat Explored

Summary: Abyss Locker ransomware surfaced in July 2023, deriving from the HelloKitty ransomware source code, indicating a lineage predating its official release. Similar to other ransomware variants, Abyss Locker infiltrates corporate networks, exfiltrates data for extortion, and encrypts devices...