Toggle navigation
Ethical Hacking Bootcamp
Cyber Range
Contact
News
CIS Benchmarks July 2025 Update
Tue, 08 Jul 2025 14:49:00 -0400
Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for July 2025.
Looking Glass Cyber
Malware Patrol
SecList
Code highlighting with Cursor AI for $500,000
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.
securingtomorrow.mcafee.com
Quick Heal
Threat Post
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
Naked Security
Security Affairs
Qantas data breach impacted 5.7 million individuals
DoNot APT is expanding scope targeting European foreign ministries
Nippon Steel Solutions suffered a data breach following a zero-day attack
Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates
Hackers weaponize Shellter red teaming tool to spread infostealers
Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day
Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant
U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
IT Worker arrested for selling access in $100M PIX cyber heist
New Batavia spyware targets Russian industrial enterprises
Security Awareness Tips of the week
Exploits
[webapps] Discourse 3.2.x - Anonymous Cache Poisoning
[webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
[remote] Microsoft Outlook - Remote Code Execution (RCE)
[local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
[local] Sudo 1.9.17 Host Option - Elevation of Privilege
[remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
[local] Sudo chroot 1.9.17 - Local Privilege Escalation
[remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
[webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
[remote] Microsoft SharePoint 2019 - NTLM Authentication
[remote] gogs 0.13.0 - Remote Code Execution (RCE)
[remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
[webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
[remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
[webapps] Sitecore 10.4 - Remote Code Execution (RCE)
[remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
[remote] freeSSHd 1.0.9 - Denial of Service (DoS)
[webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
[remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
[remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
[remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
[local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
[remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
[webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
[remote] WebDAV Windows 10 - Remote Code Execution (RCE)
[remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
[local] Microsoft Excel Use After Free - Local Code Execution
[webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
[remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
[local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
[webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
[webapps] Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
[remote] PCMan FTP Server 2.0.7 - Buffer Overflow
[remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
[webapps] Roundcube 1.6.10 - Remote Code Execution (RCE)
[remote] Freefloat FTP Server 1.0 - Remote Buffer Overflow
[local] TightVNC 2.8.83 - Control Pipe Manipulation
[remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
[local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
[webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
[remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
[remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
[local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
[remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
[webapps] CloudClassroom PHP Project 1.0 - SQL Injection
[remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
Last 20 Website Defacements - Zone-h
Advisories
Symantec Packet Stoem Security