State-sponsored threats: Different objectives, similar access paths

Across the Talos 2025 Year in Review, state-sponsored threat activity from China, Russia, North Korea, and Iran all had varying motivations, such as espionage, disruption, financial gain, and geopolitical influence. But when you look at how these operations actually unfold, similar tactics,...

EUVD-2020-4707

Malware in sbrugna...

EUVD-2002-2016

Malware in sbrugna...

EUVD-2023-1270

Malicious code in bioql PyPI...

The 0.6% That Actually Matters

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Your security team is drowning in...

PT-2025-18918 · Undefined · Undefined

ParsedReport CompletenessHigh 01-05-2025 Investigating Iranian Intrusion into Strategic Middle East Critical Infrastructure https://www.fortinet.com/content/dam/fortinet/assets/reports/report-incident-response-middle-east.pdf Report completeness: High Actors/Campaigns: Fox kitten Bohrium Unc1878...

ORing IAP-420

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these...

Rockwell Automation DataMosaix Private Cloud

RISK EVALUATION Successful exploitation of these vulnerabilities could overwrite reports, including user projects. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

Androxgh0st Botnet Targets IoT Devices, Exploiting 27 Vulnerabilities

Androxgh0st, a botnet targeting web servers since January 2024, is also deploying IoT-focused Mozi payloads, reveals CloudSEK’s latest research...

Rockwell Automation PowerMonitor 1000 Remote

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform factory reset, execute arbitrary code, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures...

Rockwell Automation Arena (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control...

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact...

Fedora 38 : python3.6 (2022-17bc21cf38)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-17bc21cf38 advisory. Security fix for CVE-2022-37454. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

CVE-2018-11686

creationtimestamp| type| source ---|---|--- 2024-10-14 22:49:33+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/548 2024-11-02 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-02 2024-12-01 00:00:00+00:00| seen| The Shadowserver...

Amazon Linux 2 : vim (ALAS-2023-2353)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2353 advisory. Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be...

Adobe Releases Security Updates for ColdFusion

On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software. Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system. CISA urges organizations to review Adobe ColdFusion security...

CVE-2023-29357

creationtimestamp| type| source ---|---|--- 2023-06-14 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1041 2023-06-14 07:30:34+00:00| seen| https://t.me/cibsecurity/65185 2023-06-14 10:24:46+00:00| seen| https://t.me/kasperskyb2b/694 2023-06-14 13:25:38+00:00| seen|...

CVE-2022-2488

creationtimestamp| type| source ---|---|--- 2022-07-20 16:20:00+00:00| seen| https://t.me/cibsecurity/46642 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-31 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-31...

Automated remediation level 2: Best practices

A low-impact workaround When it comes to automating remediation, the second level we’ll discuss takes a bit of additional planning. This is so that users will see little to no impact in the account fundamentals automation process. This framework aligns with the Center for Internet Security Amazon...

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices

A new ransomware family has been found targeting Linux-based Network Attached Storage NAS devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file...