RondoDoX
CVE-2025-54322 Critical Xspeeder SXZOS ≤2025-12-26 REMOTE CODE EXECUTION ROOT ACCESS Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also exploited, enabling complete system compromise with root-level privileges. Mitigation: Immediately update Xspeeder SXZOS
CVE-2025-59287 Critical Windows Server Update Service UNSAFE DESERIALIZATION UNAUTHENTICATED A critical vulnerability in Windows Server Update Service (WSUS) allows remote, unauthenticated attackers to execute arbitrary code over a network by exploiting unsafe deserialization of untrusted data, potentially compromising entire update infrastructure. Mitigation: Apply Microsoft's security update immediately and
Microsoft Teams
TRENDING TOPICS SEPT 29, 2025 Hackers Exploit Weaponized Microsoft Teams Installer to Deploy Oyster Malware Researchers have found that a malvertising campaign is distributing a weaponized Microsoft Teams installer to deliver the Oyster backdoor, also known as Broomstick or CleanUpLoader. The campaign begins with SEO poisoning of Bing search results,
XCSSET
CVE-2025-21043 Critical Samsung libimagecodec.quram.so OUT-OF-BOUNDS WRITE REMOTE ATTACK Out-of-bounds write vulnerability in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 enables remote attackers to execute arbitrary code on affected Samsung devices without user interaction or authentication requirements. Mitigation: Apply Samsung's September 2025 security update immediately
Iran
TRENDING TOPICS AUG 26, 2025 Iranian Shipping Crippled Through Maritime Communications Hack In late August 2025, a coordinated cyberattack crippled Iran’s maritime communications, severing satellite links, navigation data, and port coordination for 64 vessels. The operation, attributed to the hacktivist group Lab-Dookhtegan, did not directly breach each ship but
ACRStealer
TRENDING TOPICS JULY 24, 2025 Update: ACRStealer Evolves into AmateraStealer with Advanced Evasion and C2 Techniques ACRStealer, an information-stealing malware that has been active since 2024, underwent significant enhancements in 2025, including upgrades to its stealth and command-and-control (C2) capabilities. Noted initially for abusing services like Google Docs and Steam
WordPress
TRENDING TOPICS JULY 01, 2025 Stealth Malware Campaign Uses WordPress Sites to Spread Windows Trojan A new malware campaign actively targeting WordPress websites is delivering a Windows-based Remote Access Trojan (RAT) called client32[.]exe. Discovered by cybersecurity firm Sucuri, this threat is already being exploited in the wild, with real
Iran
TRENDING TOPICS JUNE 24, 2025 DHS Warns of Pro-Iranian Hacktivist Surge Following U.S.-Iran Military Escalation In the aftermath of the United States’ June 22, 2025, airstrikes on Iranian nuclear facilities and Tehran’s swift retaliatory missile attacks on U.S. bases in Qatar and Iraq, the Department of
Social Engineering
TRENDING TOPICS MAY 29, 2025 Targeted Spear-Phishing Campaign Deployed by Nation-State Actors to Exploit Financial Executives A sophisticated spear-phishing campaign has been discovered, targeting CFOs and finance executives in sectors including banking, insurance, energy, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. The attackers, likely
Amazon
TRENDING TOPICS MAY 20, 2025 Overly Permissive Default IAM Roles in AWS Pose Critical Security Risks Security researchers have identified several risky default IAM roles within Amazon Web Services that attackers could exploit to escalate privileges and move laterally across cloud environments. These IAM roles are often automatically created during
HellCat
TRENDING TOPICS MAR 20, 2025 HellCat Hackers Exploit Jira Servers in Cyberattack on Ascom Swiss telecommunications company Ascom has confirmed a cyberattack targeting its IT infrastructure, with HellCat, a known hacker group, claiming responsibility. The attackers breached Ascom’s Jira-based technical ticketing system, potentially exposing 44GB of stolen data, including