Category: Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to

Read more →

Cybersecurity has been politically agnostic until recently, but with the many rapid changes introduced by the Trump administration, it has become somewhat politicized and fraught with questions and self-examination. Claims on social media, rumors, and information disseminated by questionable sources are having a palpable impact on the security world, even at the highest of levels…

Read more →

CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.

Read more →

Newly discovered vulnerability ZDI-CAN-25373 takes advantage of Windows shortcuts has been exploited by 11 state-sponsored groups since 2017

Read more →

Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company

Read more →

The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month. According to an analysis of the messages…

Read more →

Western Alliance Bank (WAB) has disclosed that a data breach at its third-party vendor’s secure file transfer software has compromised personal information for nearly 22,000 customers. In a letter to potentially affected customers, the Arizona-based regional bank–operating over 50 branches with $80 billion in assets–disclosed that forensic analysis indicated unauthorized access to financial data, social…

Read more →

The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog

Read more →

Gartner has claimed that AI agents will reduce the time it takes to exploit exposed accounts

Read more →

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. “These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote

Read more →

Researchers found a critical vulnerability in the AMI MegaRAC baseband management controller (BMC) used by multiple server manufacturers. The vulnerability could allow attackers to bypass authentication and take control of the vulnerable server over the Redfish management interface. “Exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware,…

Read more →

A critical security vulnerability has been disclosed in AMI’s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. “A local or remote attacker can exploit the vulnerability by accessing the

Read more →

Flashpoint data points to a surge in data breaches fueled by compromised credentials, ransomware and exploits

Read more →

Times are tough for cyber pros, quite literally. Two common malware time scale metrics — dwell time and time to exploit — are rapidly shortening, making it harder for defenders to find and neutralize threats. What is malware dwell time and time to exploit The two metrics are somewhat related. Malware’s dwell time refers to…

Read more →

The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.

Read more →

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions – Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to…

Read more →

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on…

Read more →

Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users’ actions. That’s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim’s security and privacy. “The features available in CSS allow attackers…

Read more →

From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source

Read more →

Widespread flaws in open-source and third-party commercial software along with malicious campaigns targeting AI development pipelines are exacerbating software supply chain security problems. Incidents of exposed development secrets via publicly accessible, open-source packages rose 12% last year compared to 2023, according to ReversingLabs (RL). A scan of 30 of the most popular open-source packages found…

Read more →

The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.

Read more →

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution…

Read more →

iOS 18.3.2 patches actively exploited WebKit flaw, addressing critical security risks for users

Read more →

SAP has patched high-severity vulnerabilities in its Commerce and NetWeaver enterprise software packages. The updates came as part of 25 security patches released on Tuesday for the latest edition of SAP’s monthly patch release cycle. SAP Security Note #3563927 addresses a critical vulnerability in transaction SA38 SAP NetWeaver Application Server ABAP. If successfully exploited, the…

Read more →

In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it’s being used once more for another botnet campaign with its own malware.

Read more →

A Chinese cyberespionage group with a history of exploiting proprietary network-edge devices and developing custom malware for them has also been targeting enterprise and ISP-grade Juniper MX Series routers, according to a report by Google’s Mandiant team. The attackers were able to bypass the file integrity protections of Junos OS, the FreeBSD-based operating system used…

Read more →

Threat intelligence firm GreyNoise is warning of a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. “At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts,” the company said, adding it observed the activity on March 9, 2025. The countries…

Read more →

Apple has rolled out emergency patches for a bug affecting Webkit, the open-source web browser engine used primarily in Safari, against active exploitations in the wild. The vulnerability, CVE-2025024201, was reportedly exploited in zero-day attacks against targeted individuals. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated…

Read more →

Microsoft has fixed seven zero-days this Patch Tuesday, including one not currently being actively exploited

Read more →

Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote…

Read more →

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in “extremely sophisticated” attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker…

Read more →

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see…

Read more →

GUEST OPINION:  Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them.

Read more →

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. “The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet,” security researchers Ofek Vardi and Matan Mittelman said in a…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) has added five new flaws in Ivanti and VeraCore products to its Known Exploited Vulnerabilities catalog

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-57968 – An unrestricted file upload vulnerability in Advantive…

Read more →

The South American-based advanced persistent threat group is using an exploit with a “high infection rate,” according to research from Check Point.

Read more →

SIM swapping fraud surges in the Middle East as cybercriminals exploit websites mimicking legitimate services to steal personal data

Read more →

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together…

Read more →

In a new typosquatting campaign, threat actors are seen using malicious Go packages posing as popular libraries to install malware on unsuspecting Linux and macOS systems. Researchers from the software supply chain cybersecurity platform, Socket, found seven packages impersonating widely used Go libraries like Hypert and Layout to trick developers. “These packages share repeated malicious…

Read more →

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. “The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines,” Cisco Talos researcher Chetan Raghuprasad said in…

Read more →

A China-aligned threat group tracked by Microsoft as Silk Typhoon, two members of which were recently charged by US authorities, has recently shifted its focus to the enterprise IT supply chain by compromising cloud IT services and software providers and then moving downstream to their customers, according to a report from Microsoft. Silk Typhoon, known…

Read more →

Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence

Read more →

The recent order directing US Cyber Command to halt all planning of offensive cyber operations against Russia is more than a tactical shift — it is an outright retreat from deterrence at a time when Russian cyber aggression shows no signs of slowing. In an era where cyber conflict is constant and adversaries push boundaries…

Read more →

Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data

Read more →

The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host.

Read more →