News

• How Threat Modeling, Actor Attribution Grow Cyber Defenses Thu, 15 May 2025 09:37:00 -0400
  Want to enhance your threat modeling? By combining it with threat actor attribution, you can improve your cyber defenses. Read on to learn more.

Looking Glass Cyber

Malware Patrol

SecList

• Dero miner zombies biting through Docker APIs to build a cryptojacking horde
  Kaspersky experts break down an updated cryptojacking campaign targeting containerized environments: a Dero crypto miner abuses the Docker API.

securingtomorrow.mcafee.com

Quick Heal

Threat Post

• Student Loan Breach Exposes 2.5M Records
• Watering Hole Attacks Push ScanBox Keylogger
• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
• Ransomware Attacks are on the Rise
• Cybercriminals Are Selling Access to Chinese Surveillance Cameras
• Twitter Whistleblower Complaint: The TL;DR Version
• Firewall Bug Under Active Attack Triggers CISA Warning
• Fake Reservation Links Prey on Weary Travelers
• iPhone Users Urged to Update to Patch 2 Zero-Days
• Google Patches Chrome’s Fifth Zero-Day of the Year

Naked Security

Security Affairs

• Operation RapTor led to the arrest of 270 dark web vendors and buyers
• Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks
• U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog
• New Signal update stops Windows from capturing user chats
• Law enforcement dismantled the infrastructure behind Lumma Stealer MaaS
• Russia-linked APT28 targets western logistics entities and technology firms
• A cyberattack was responsible for the week-long outage affecting Cellcom wireless network
• Coinbase data breach impacted 69,461 individuals
• U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
• A critical flaw in OpenPGP.js lets attackers spoof message signatures

Security Awareness Tips of the week

Exploits

• [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
• [remote] CrushFTP 11.3.1 - Authentication Bypass
• [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
• [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
• [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
• [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
• [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
• [local] RDPGuard 9.9.9 - Privilege Escalation
• [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
• [local] VirtualBox 7.0.16 - Privilege Escalation
• [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
• [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
• [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
• [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
• [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
• [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
• [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
• [local] ZTE ZXV10 H201L - RCE via authentication bypass
• [local] Daikin Security Gateway 14 - Remote Password Reset
• [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
• [local] unzip-stream 0.3.1 - Arbitrary File Write
• [local] Microsoft Windows 11 - Kernel Privilege Escalation
• [webapps] WordPress Core 6.2 - Directory Traversal
• [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
• [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
• [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
• [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
• [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
• [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
• [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
• [webapps] Drupal 11.x-dev - Full Path Disclosure
• [webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
• [webapps] UJCMS 9.6.3 - User Enumeration via IDOR
• [webapps] Inventio Lite 4 - SQL Injection
• [remote] Langflow 1.3.0 - Remote Code Execution (RCE)
• [webapps] Apache Commons Text 1.10.0 - Remote Code Execution
• [webapps] Tatsu 3.3.11 - Unauthenticated RCE
• [webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
• [local] AnyDesk 9.0.1 - Unquoted Service Path
• [webapps] compop.ca 3.5.3 - Arbitrary code Execution
• [webapps] Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation
• [webapps] Usermin 2.100 - Username Enumeration
• [webapps] Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
• [hardware] ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal
• [hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
• [remote] TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

Last 20 Website Defacements - Zone-h

Advisories

Symantec Packet Stoem Security