-
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic …
-
CVE-2025-3821 – A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System …
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This …
-
CVE-2025-43929 – open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running …
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked …
-
CVE-2025-43928 – In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows …
In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory …
-
CVE-2025-43921 – GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to …
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create …
-
CVE-2025-43920 – GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to …
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell …
-
CVE-2025-43919 – GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to …
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at …
-
Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia
Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and Russia …
-
Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats
Midnight Blizzard (APT29/Cozy Bear) targets European embassies and Ministries of Foreign Affairs with sophisticated phishing emails …
-
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but …
-
10 Best Patch Management Tools 2025
In today’s digital landscape, maintaining secure and efficient IT systems is critical for organizations. Patch management tools play a …
-
10 Best Cloud Security Solutions 2025
In today’s digital era, businesses are increasingly adopting cloud computing to store data, run applications, and manage infrastructure. …
●●●
NVD
- CVE-2025-43929 – open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running …
- CVE-2025-43920 – GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to …
- CVE-2025-43928 – In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows …
- CVE-2025-3821 – A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System …
- CVE-2025-43921 – GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to …
EXPLOITS
- FoxCMS 1.2.5 – Remote Code Execution (RCE)
- Drupal 11.x-dev – Full Path Disclosure
- KiviCare Clinic & Patient Management System (EHR) 3.6.4 – Unauthenticated SQL Injection
- Inventio Lite 4 – SQL Injection
- Langflow 1.3.0 – Remote Code Execution (RCE)
SECURELIST
- IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
- Streamlining detection engineering in security operation centers
- GOFFEE continues to attack organizations in Russia
- Attackers distributing a miner and the ClipBanker Trojan via SourceForge
- How ToddyCat tried to hide behind AV software