SECURITY 70

• Follow-Up Cisco Updates Advisory with Additional Maximum Severity Unauthenticated RCE in ISE and ISE-PIC (CVE-2025-20337) Jul 18, 2025
• The Linuxsys Cryptominer Jul 17, 2025
• Mobile Forensics Tool Used by Chinese Law Enforcement Dissected Jul 17, 2025
• Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts Jul 17, 2025
• Tracking Protestware Spread 28 npm Packages Affected by Payload Targeting Russian-Language Users Jul 15, 2025
• Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects Jul 15, 2025
• Google Gemini Tricked Into Showing Phishing Message Hidden in Email Jul 14, 2025
• Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Jul 14, 2025
• Nvidia warns its GPUs – even Blackwells – need protection against Rowhammer attacks Jul 13, 2025
• Ransomware Delivered Through GitHub A PowerShell-Powered Attack Jul 10, 2025
• Fix the Click Preventing the ClickFix Attack Vector Jul 10, 2025
• AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs Jul 10, 2025
• PerfektBlue 1-click RCE attack Jul 9, 2025
• Critical RCE Vulnerability in mcp-remote CVE-2025-6514 Threatens LLM Clients Jul 9, 2025
• Attackers Inject Code into WordPress Theme to Redirect Visitors Jul 9, 2025
• Malicious pull request infects VS Code extension Jul 8, 2025
• Animation-Driven Tapjacking on Android Jul 8, 2025
• Hackers abuse leaked Shellter red team tool to deploy infostealers Jul 7, 2025
• Ingram Micro outage caused by SafePay ransomware attack Jul 5, 2025
• Critical Sudo bugs expose major Linux distros to local Root exploits Jul 4, 2025
• Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones Jul 2, 2025
• Okta observes v0 AI tool used to build phishing sites Jul 1, 2025
• Critical ICS vulnerabilities threaten Mitsubishi Electric and TrendMakers hardware across commercial facilities Jun 27, 2025
• Zero-day Bluetooth gap turns millions of headphones into listening stations Jun 26, 2025
• Taking the shine off BreachForums Jun 26, 2025
• Supply Chain Incident Imperils Glasgow Council Services and Data Jun 26, 2025
• Gogs Remote Command Execution Vulnerability (CVE-2024-56731) Jun 26, 2025
• Decrement by one to rule them all AsIO3.sys driver exploitation Jun 26, 2025
• Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands Jun 26, 2025
• Realtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During Pairing Jun 25, 2025
• Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack Jun 24, 2025
• Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector Jun 24, 2025
• SparkKitty, SparkCat’s little brother A new Trojan spy found in the App Store and Google Play Jun 23, 2025
• Threat actor Banana Squad exploits GitHub repos in new campaign Jun 18, 2025
• Famous Chollima deploying Python version of GolangGhost RAT Jun 18, 2025
• Washington Post's email system hacked, journalists' accounts compromised Jun 16, 2025
• VMOSX Data Leak Info of Thousands of Mac Cloud Users Potentially Exposed Online Jun 16, 2025
• Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus Jun 16, 2025
• Kali Linux 2025.2 released with 13 new tools, car hacking updates Jun 16, 2025
• Paraguay is Being Targeted by Cybercriminals - 7.4 Million Citizen Records for Sale Jun 13, 2025
• Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction Jun 12, 2025
• New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches Jun 12, 2025
• Inside FluxPanel How Phishing Enables Real-Time Ecommerce Checkout Hijacks Jun 12, 2025
• Don't Get Caught in the Headlights - DeerStealer Analysis Jun 12, 2025
• Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited Jun 11, 2025
• NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073 Jun 11, 2025
• Attackers Unleash TeamFiltration Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool Jun 11, 2025
• The Evolution of Linux Binaries in Targeted Cloud Operations Jun 10, 2025
• Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) Jun 10, 2025
• Flask Phishing Kit Targeted Credential Theft Using Open-Source Technology Jun 10, 2025
• Coordinated Brute Force Activity Targeting Apache Tomcat Manager Indicates Possible Upcoming Threats Jun 10, 2025
• iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals Jun 9, 2025
• Two Botnets, One Flaw Mirai Spreads Through Wazuh Vulnerability Jun 9, 2025
• Sleep with one eye open how Librarian Ghouls steal data by night Jun 9, 2025
• PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites Jun 9, 2025
• Grocery wholesale giant United Natural Foods hit by cyberattack Jun 9, 2025
• Operation DRAGONCLONE Chinese Telecommunication industry targeted via VELETRIX & VShell malware Jun 6, 2025
• Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721 Jun 6, 2025
• Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions Jun 5, 2025
• ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware Jun 5, 2025
• Android Spyware Alert! Fake government app targeting Android users in India! Jun 5, 2025
• Fake WordPress Caching Plugin Used to Steal Admin Credentials Jun 4, 2025
• Criminals Bribed Outsourced Contractors to Steal Coinbase User Data Jun 4, 2025
• Victims risk AsyncRAT infection after being redirected to fake Booking.com sites Jun 2, 2025
• Qualcomm fixes three Adreno GPU zero-days exploited in attacks Jun 2, 2025
• XSSing TypeErrors in Safari May 30, 2025
• Zanubis in motion Tracing the active evolution of the Android banking malware May 28, 2025
• MATLAB dev confirms ransomware attack behind service outage May 27, 2025
• DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers May 27, 2025
• Bypassing MTE with CVE-2025-0072 May 23, 2025