Category: Exploits

Amnesty International said Serbian police used an exploit chain in tandem with legitimate mobile extraction dongle from vendor Cellebrite in an attack that brings up questions around ethical technology development.

Read more →

Whenever I think of a problem, I ask myself “Why now?”. Why is now the time for this idea? Why is now the time for this startup? Why is now the time for the buyer to start caring? In my opinion, “Why now?” is the most important question a startup founder can answer. It is…

Read more →

Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild

Read more →

Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows – CVE-2025-22224 (CVSS score: 9.3) – A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious…

Read more →

CISA has added five more CVEs into its known exploited vulnerabilities catalog

Read more →

Enterprise security budgets are expected to increase 15% in 2025, from an estimated $184 billion in 2024 to $212 billion, according to Gartner. That’s good news for CISOs because it provides additional resources in the ongoing battle against cyberattacks. “The continued heightened threat environment, cloud movement, and talent crunch are pushing security to the top…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2023-20118 (CVSS score: 6.5) – A command injection

Read more →

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below – CVE-2024-43093 – A privilege escalation flaw in the Framework component that could result in unauthorized access…

Read more →

Phishing attack exploits social engineering techniques alongside Microsoft Teams and remote access software to deploy BackConnect malware

Read more →

Threat actors have been exploiting a security vulnerability in Paragon Partition Manager’s BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). “These include arbitrary kernel memory mapping and

Read more →

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that…

Read more →

Threat actors are exploiting a zero-day bug in Paragon Partition Manager’s BioNTdrv.sys driver during ransomware attacks

Read more →

Microsoft has filed a civil lawsuit against an international gang of cybercriminals that exploited stolen credentials to access generative AI services, including its own. The gang, tracked as Storm-2139, used the stolen credentials along with AI jailbreaking techniques to set up paid services of their own capable of generating content that bypassed built-in ethical safeguards…

Read more →

A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. “The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite,” the international…

Read more →

Four in ten flaws exploited by threat actors in 2024 were from 2020 or earlier, with some dating back to the 1990s, according to a GreyNoise report

Read more →

Schwachstellen zu managen, muss keine Schwerstarbeit sein. Wenn Sie die richtigen Tools einsetzen. Das sind die besten in Sachen Vulnerability Management. Foto: eamesBot – shutterstock.com Nicht nur das Vulnerability Management hat sich im Laufe der Jahre erheblich verändert, sondern auch die Systeme, auf denen Schwachstellen identifiziert und gepatcht werden müssen. Systeme für das Schwachstellen-Management fokussieren…

Read more →

Ransomware attacks continue to be one of the most significant cybersecurity threats organizations and cybersecurity leaders face. Attacks lead to wide-scale disruptions, large data breaches, huge payouts and millions of dollars in costs to businesses. In response, large, coordinated law enforcement operations have targeted major ransomware groups and disrupted operations, dismantled data leak sites and…

Read more →

There’s an untapped universe of exploitable drivers in the wild today. By exploiting just one of them, attackers were able to defeat security tools and infect Asian citizens with Gh0stRAT.

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows – CVE-2024-49035 (CVSS score: 8.7) – An improper access control

Read more →

Attacks against operational technology (OT) networks are on the rise, fueled by geopolitical tensions and conflicts, as OT security fast becomes a mainstream concern. Two new threat groups emerged in 2024, joining seven other active attackers of OT systems, and two new malware families targeting industrial control systems (ICS) were added to the attackers’ arsenals…

Read more →

The threat actors are exploiting non-interactive sign-ins, an authentication feature that security teams don’t typically monitor.

Read more →

61% of hackers use new exploit code within 48 hours, ransomware remains top threat in 2024

Read more →

Nearly a third of organizations have an operational system connected to the Internet with a known exploited vulnerability, as attacks by state and non-state actors increase.

Read more →

The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments. NetSupport RAT Exploiting the ClickFix Technique In early 2025, threat actors began exploiting a…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting

Read more →

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory about the activities of a ransomware group from China dubbed Ghost, which has compromised organizations in over 70 countries over the past four years. The Ghost group began its activities in early 2021, but attacks have…

Read more →

A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was…

Read more →

Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances

Read more →

Verizon There are some very good reasons why non-human identities (NHI) have landed among the most-discussed cybersecurity topics in the last few years — it’s estimated that for every 1,000 human users in an enterprise network, there are 10,000 non-human connections or credentials. Some estimates peg that ratio even higher at 10 to 50 times…

Read more →

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below – CVE-2025-21355 (CVSS score: 8.6) – Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) – Microsoft Power Pages Elevation of Privilege Vulnerability…

Read more →

Russian advanced persistent threat (APT) groups are increasingly launching phishing attacks aimed at tricking users of the Signal messaging app into giving attacker-controlled devices access to their accounts and the encrypted communications within. The attacks typically masquerade as Signal group chat invites that, in reality, abuse the device linking functionality. “Signal’s popularity among common targets…

Read more →

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below – CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto…

Read more →

OpenSSH, the most widely used tool for remotely managing Linux and BSD systems, received patches for two vulnerabilities. One of the flaws could allow attackers to perform a man-in-the-middle attack against OpenSSH clients with a certain configuration and impersonate a server to intercept sensitive communications. While the second vulnerability can lead to CPU resource exhaustion.…

Read more →

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below – CVE-2025-26465 – The OpenSSH client

Read more →

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. “An Authentication…

Read more →

Security watchers warn of a three-fold increase in malware that targets credential stores, such as password managers and browser-stored login data. The study by Picus Security, which was based on analysis of 1 million real-world malware samples, also found that 93% of all malicious actions mapped to just 10 MITRE ATT&CK techniques. Password store security…

Read more →

Vulnerabilities in firewalls from Palo Alto Networks and SonicWall are currently under active exploitation

Read more →

Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage…

Read more →

Thousands of active AWS accounts are vulnerable to a cloud image name confusion attack that could allow attackers to execute codes within those accounts. According to DataDog research, vulnerable patterns exist in the way multiple software projects retrieve Amazon Machine Image (AMIs) IDs to create Amazon elastic compute cloud (EC2) instances. “The vulnerable pattern allows…

Read more →

Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: ‘As technology continues to evolve, so do cybercriminals’ tactics.’ This article explores some of the impacts of this GenAI-fueled acceleration.…

Read more →

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.…

Read more →

Attackers who exploited a zero-day vulnerability in BeyondTrust Privileged Remote Access and Remote Support products in December likely also exploited a previously unknown SQL injection flaw in PostgreSQL, a widely used open-source object-relational database system. The PostgreSQL issue was fixed on Thursday and users are advised to upgrade their database servers as soon as possible.…

Read more →

FBI and CISA have issued a joint advisory to warn software developers against building codes with Buffer Overflow vulnerabilities in them, calling them “unforgivable” mistakes. Tagging the advisory as part of their ongoing “Secure by Design” efforts, the authorities said these vulnerabilities are prevalent in software, including vendors like Microsoft, VMware, and Ivanti, that lead…

Read more →