Android zero-day vulnerabilities actively abused. Update as soon as you can
Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available…
Month: March 2025
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
Mar 05, 2025Ravie LakshmananCyber Espionage / Network Security The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors…
CISA Updates Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog with four new vulnerabilities, adding to the growing list…
Over 10,000 WordPress Sites Exposed by Donation Plugin Code Execution Vulnerability
A critical security flaw in the widely used GiveWP – Donation Plugin and Fundraising Platform has left over 10,000 WordPress websites vulnerable to remote code execution attacks…
MDC Activates Incident Response Team For Security Threat
The Missouri Department of Conservation (MDC), responsible for managing Missouri’s natural resources, recently discovered suspicious activity on one of its data servers, prompting the immediate…
1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers
Researchers from multiple firms say that the campaign seems to come from a loosely connected ecosystem of fraud groups rather than one single actor. Each…
U.S. Cracks Down on Nemesis Darknet Admin with New Treasury Sanctions
The U.S. Department of the Treasury has intensified its global campaign against darknet-facilitated drug trafficking by sanctioning Behrouz Parsarad, the Iran-based administrator of the notorious…
Hackers Exploit Cloud Misconfigurations to Spread Malware
Veriti Research reveals 40% of networks allow ‘any/any’ cloud access, exposing critical vulnerabilities. Learn how malware like XWorm and Sliver C2 exploit cloud misconfigurations. Recent…
Telegram EvilVideo Vulnerability Exploited to Run Malicious Code on Victims’ Devices
A newly documented exploitation technique targeting Telegram’s file-sharing infrastructure has raised alarms in cybersecurity circles. Dubbed “EvilVideo,” this attack vector leverages a vulnerability (CVE-2024-7014) in…
Fake InMail Messages Spreading ConnectWise Trojan
Cofense uncovers new LinkedIn phishing scam delivering ConnectWise RAT. Learn how attackers bypass security with fake InMail emails and how to protect against this sophisticated…
Polish Space Agency POLSA disconnected its network following a cyberattack
Polish Space Agency POLSA disconnected its network following a cyberattack Pierluigi Paganini March 05, 2025 The Polish space agency POLSA announced it has disconnected its…
Sonatype AI SCA delivers visibility and control over AI/ML usage
Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI. With its expertise in open…