exploit
-
Blog
Russian phishing campaigns exploit Signal’s device-linking feature
Russian threat actors have been launching phishing campaigns that exploit the legitimate “Linked Devices” feature in the Signal messaging app to gain unauthorized access to accounts of interest. Over the past year, researchers observed phishing operations attributed to Russian state-aligned groups that used multiple methods to trick targets into linking their Signal account to a device controlled by the attacker.…
Read More » -
Blog
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS
Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. The security issue received a high-severity score and impacts the PAN-OS management web interface and allows an unauthenticated attacker on the network to bypass authentication and invoke certain PHP scripts, potentially compromising integrity and confidentiality. In a security bulletin on February 12,…
Read More » -
Blog
SonicWall firewall bug leveraged in attacks after PoC exploit release
Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. This security flaw (CVE-2024-53704), tagged by CISA as critical severity and found in the SSLVPN authentication mechanism, impacts SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035, used by multiple models of Gen 6 and Gen 7 firewalls and SOHO…
Read More » -
Blog
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware
Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. The flaws are tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 and were reported as potentially actively exploited by Arctic Wolf last week. However, the cybersecurity firm could not confirm for sure if the flaws were used. Cybersecurity firm Field Effect has confirmed…
Read More » -
Blog
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. Trimble Cityworks is a Geographic Information System (GIS)-centric asset management and work order management software designed primarily for local governments, utilities, and public works organizations. The product helps municipalities and infrastructure…
Read More » -
Blog
Cisco warns of denial of service flaw with PoC exploit code
Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. Tracked as CVE-2025-20128, the vulnerability is caused by a heap-based buffer overflow weakness in the Object Linking and Embedding 2 (OLE2) decryption routine, allowing unauthenticated, remote attackers to trigger a DoS condition on vulnerable devices. If this vulnerability is successfully exploited, it…
Read More » -
Blog
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tactic isn’t novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub. However, this case, discovered by Trend Micro, highlights that threat actors continue to use the…
Read More » -
Blog
Malware botnets exploit outdated D-Link routers in recent attacks
Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. The list of targets includes popular D-Link devices used by individuals and organizations such as DIR-645, DIR-806, GO-RT-AC750, and DIR-845L. For initial access, the two pieces of malware use known exploits for CVE-2015-2051,…
Read More » -
Blog
Hackers exploit Four-Faith router flaw to open reverse shells
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. The malicious activity was discovered by VulnCheck, who informed Four-Faith about the active exploitation on December 20, 2024. However, it is unclear if security updates for the vulnerability are currently available. “We notified Four-Faith and our…
Read More » -
Blog
Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. Leveraging the security issue repeatedly, however, causes the device to enter maintenance mode and manual intervention is required to restore it to normal operations. “A Denial of Service vulnerability in the DNS Security feature of Palo Alto…
Read More »