Category: Exploits

North Korea-linked Contagious Interview campaign is now luring developers with trojanized coding tasks and pulling obfuscated payloads from public JSON-storage services like JSON Keeper, JSONSilo, and npoint.io. An NVISO Labs analysis of the campaign shows threat actors sending fake recruiter messages and demo projects that include configuration values pointing to JSON storage URLs. Those JSON…

Read more →

Like many have reported, we too noticed exploit attempts for CVE-2025-64446 in our honeypots. These are POST requests to this path: With this User Agent String: And this is the data of the POST request: This creates a new admin user (profile: prof_admin). You can find this JSON data back in this PoC.   Didier Stevens…

Read more →

A coordinated token farming campaign continues to flood the open source npm registry, with tens of thousands of infected packages created almost daily to steal tokens from unsuspecting developers using the Tea Protocol to reward coding work. On Thursday, researchers at Amazon said there were over 150,000 packages in the campaign. But in an interview…

Read more →

You probably know what are the Russian or Matryoshka dolls. It’s a set of wooden dolls of decreasing size placed one inside another[1]. I found an interesting Microsoft Office document that behaves like this. There was a big decrease in malicious Office documents due to the new Microsoft rules to prevent automatic VBA macros execution. But they remain used, especially RTF…

Read more →

Cybersecurity researchers have uncovered a chain of critical remote code execution (RCE) vulnerabilities in major AI inference server frameworks, including those from Meta, Nvidia, Microsoft, and open-source projects such as vLLM and SGLang. According to Oligo Security, these vulnerabilities stand out for the way they propagated. Developers copied code containing insecure patterns across projects, effectively…

Read more →

I recently gave a presentation at SecTor on proactive threat hunting, which sparked some meaty conversations afterward on the show floor. On the expo floor, surrounded by “AI-first” security vendors, the CISOs and threat hunters I spoke with were worried. They’re worried because AI can elevate script kiddies into elite hackers with advanced capabilities and…

Read more →

Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device. “The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet’s FortiWeb product,” Benjamin Harris,

Read more →

New research released Thursday by Rubrik Zero Labs finds that the AI wave, and in particular agentic AI, has created a “troubling gap between the expanding identity attack surface and organizations’ ability to recover from resulting compromises.” According to the report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, the result is a surge…

Read more →

The Amazon Threat Intelligence team has now disclosed an advanced persistent threat (APT) campaign that exploited vulnerabilities in Citrix systems and Cisco’s Identity Service Engine (ISE), allowing hackers to breach critical identity infrastructure even before the flaws were made publicly known. According to Amazon’s findings, attackers had exploited “insufficient input validation” in a public API…

Read more →

The Race for Every New CVE Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited Vulnerabilities Catalog as a reference, hundreds of software flaws are now confirmed as actively targeted within days of public disclosure. Each new…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including

Read more →

Google is asking to a US court for help in dismantling the infrastructure behind the Lighthouse phishing-as-a-service operation, the latest effort by a technology company to use the legal system to put a dent in cybercrime. Whether it will do more than that is an open question. In a blog Monday, Google’s general counsel Halimah…

Read more →

A dusty driver inside Microsoft Windows, shipping for years and years and no doubt on your own Windows PC right now, has erupted into a serious security threat. CVE-2025-24990 has been added to CISA’s known exploited vulnerabilities list, with Microsoft confirming active exploitation in the wild.

Read more →

Amazon’s threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware. “This discovery highlights the trend of threat actors focusing on critical identity and network access control…

Read more →

Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution,…

Read more →

Microsoft has patched a zero-day vulnerability in the Windows Kernel under active exploitation by threat actors

Read more →

Today’s Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical. Notable Vulnerabilities: %%cve:2025-62215%%: This vulnerability is already being exploited. It is a privilege escalation vulnerability in the Windows Kernel. These types of vulnerabilities are often exploited as part of a more…

Read more →

A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs

Read more →

Qilin group ransomware incidents have surged in SMBs, exploiting security gaps and collaborating with Scattered Spider threat group

Read more →

GUEST OPINION:  Microsoft is publishing 66 new vulnerabilities, which is far fewer than we’ve come to expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet. Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as…

Read more →

Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers

Read more →

Pervasive, evasive malware thought to have been eliminated has wormed its way back into development environments. Just a little over two weeks after GlassWorm was declared “fully contained and closed” by the open source OpenVSX project, the self-propagating worm is once again targeting Visual Studio Code extensions, add-ons that enhance open source VS Code, providing…

Read more →

Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.  The

Read more →

Researchers at Microsoft have revealed a new side channel attack named Whisper Leak that can reveal the topic of encrypted conversations between users and language models, even without access to the underlying text. The discovery highlights a growing blind spot in AI security where encryption alone no longer guarantees privacy in model interactions. Microsoft’s Security…

Read more →

AI chatbots have opened a new frontier of attack vectors against users and their data, and not even industry leaders are immune. Following recent flaws discovered in Google’s Gemini and Anthropic’s Claude, it’s now ChatGPT’s turn. Researchers from security firm Tenable discovered seven ways attackers could trick ChatGPT into disclosing private information from users’ chat…

Read more →

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary

Read more →

For years, organizations have relied on passwords and multi-factor authentication (MFA) based on shared secrets like SMS codes and one-time passwords (OTPs) as the foundation of identity security. The rise of computer-using agents (CUAs) will accelerate attackers’ ability to automate and scale phishing and credential-stuffing attacks with minimal effort. As a result, adopting phishing-resistant credentials…

Read more →

Japanese media company Nikkei has confirmed that a security breach of its Slack accounts has potentially leaked highly sensitive information from more than 17,000 of its users. Consultants point to the incident as yet another reminder of the dangers when non-corporate devices are allowed to access confidential corporate data.  “An employee’s personal computer was infected…

Read more →

Experts have uncovered large-scale phishing exploiting Booking.com, Airbnb and Expedia accounts, targeting hotels and customers

Read more →