Collaborate Disseminate
Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” About CVE-2025-43300 CVE-2025-43300 is an out-of-bound… Continue reading Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)
US federal prosecutors have charged a man with running Rapper Bot, a powerful botnet that was rented out to launch large-scale distributed denial-of-service (DDoS) attacks around the world. According to court documents, 22-year-old Ethan Foltz of Eugen… Continue reading Alleged Rapper Bot DDoS botnet master arrested, charged
Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. Technical details about the vulnerabilities have been published on Wednesday … Continue reading Commvault plugs holes in backup suite that allow remote code execution
A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit ha… Continue reading Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)
Three families of Android VPN apps, with a combined 700 million-plus Google Play downloads, are secretly linked, according to a group of researchers from Arizona State University and Citizen Lab. Finding the secret links Virtual private networks (VPNs)… Continue reading Android VPN apps used by millions are covertly connected AND insecure
Attackers pushing the Noodlophile infostealer are targeting businesses with spear-phishing emails threatening legal action due to copyright or intellectual property infringement, Morphisec researchers have warned. The campaign The emails, ostensibly se… Continue reading Noodlophile infostealer is hiding behind fake copyright and PI infringement notices
A surge in brute-force attempts targeting Fortinet SSL VPNs that was spotted earlier this month could be a portent of imminent attacks leveraging currently undisclosed (potentially zero-day) vulnerabilities in Fortinet devices. Shifting attacks Greynoi… Continue reading Brute-force attacks hammer Fortinet devices worldwide
Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service providers, are being exploited by attackers. There are no public reports of exploitat… Continue reading Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)
The Ruđer Bošković Institute (RBI), the largest Croatian science and technology research institute, has confirmed that it was the one of “at least 9,000 institutions worldwide” that were attacked using the Microsoft SharePoint “ToolSh… Continue reading Croatian research institute confirms ransomware attack via ToolShell vulnerabilities
For August 2025 Patch Tuesday, Microsoft has released security updates resolving 100+ security vulnerabilities in its various solutions, including a relative path traversal flaw in Windows Kerberos (CVE-2025-53779) that allows an authorized attacker to… Continue reading Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)