Tag: CVE

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
Summary: Google has released patches for 62 vulnerabilities, including two high-severity flaws related to the USB sub-component of the Kernel that have been actively exploited. The vulnerabilities, identified as CVE-2024-53150 and CVE-2024-53197, pose significant security risks, including potential privilege escalation. Users of Android devices are recommended to apply updates from original equipment manufacturers to mitigate these threats.…
Read More
Summary: Kaspersky Labs has uncovered sophisticated techniques used by the ToddyCat group to disguise their malicious activities by embedding them within legitimate security software. A newly identified tool, TCESB, uses DLL proxying to execute payloads while avoiding detection by legitimate applications. The ToddyCat group exploited a vulnerability in ESET’s Command line scanner to introduce this stealthy tool into the affected systems.…
Read More
Privacy on Telegram: Fact or Fiction?
Telegram has rapidly grown into a major messaging platform, praised for speed and privacy features while facing serious challenges like controversies over its role in cybercrime and legal issues. Recent vulnerabilities and criminal activities exploiting its features raise questions about its safety and future. Affected: Telegram, cybersecurity sector, law enforcement

Keypoints :

Telegram was founded in 2013 and is headquartered in Dubai.…
Read More
EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
Summary: The threat actor EncryptHub has been connected to SkorikARI after self-infection led to exposure of credentials, allowing researchers to track both cybercriminal and security research activities. The exposed credentials revealed links to Windows zero-day vulnerabilities that EncryptHub reportedly disclosed to Microsoft. This duality of identity reflects a complex individual straddling the line between malware development and ethical research.…
Read More
Google fixes Android zero-days exploited in attacks, 60 other flaws
Summary: Google has released patches for 62 vulnerabilities in the April 2025 Android security update, addressing two zero-days exploited in targeted attacks. One zero-day was reportedly used by Serbian authorities in conjunction with Cellebrite technology to unlock confiscated devices. The updates aim to enhance security and mitigate risks associated with high-severity vulnerabilities uncovered in recent months.…
Read More
How ToddyCat tried to hide behind AV software
The ToddyCat APT group has developed a complex malware tool named TCESB that utilizes DLL proxying and exploits vulnerable drivers to bypass security measures on Windows systems. This sophisticated technique allows the attackers to execute payloads stealthily and evade detection by security solutions. Affected: ESET, Windows systems

Keypoints :

ToddyCat APT group has created a stealthy tool named TCESB.…
Read More
⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Surge and More
Summary: The cybersecurity landscape is plagued by persistent threats stemming from unpatched systems, oversights, and social engineering tactics that facilitate breaches. This report highlights significant vulnerabilities and recent breaches linked to well-known organizations and emerging threat actors. The trends illustrate a critical need for companies to prioritize security measures against increasingly sophisticated attacks.…
Read More
Malloc Privacy Weekly
This week’s edition of Malloc Privacy Weekly highlights significant cybersecurity threats including the misuse of free VPN apps owned by Chinese companies, a new phishing-as-a-service platform called Lucid, and various malware threats targeting Android devices. The report emphasizes the need for users to be aware of privacy risks and consider enhanced protective measures when using technology.…
Read More
NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog
Summary: The National Institute of Standards and Technology (NIST) will mark all Common Vulnerabilities and Exposures (CVEs) published before January 1, 2018, as ‘Deferred’ in the National Vulnerability Database (NVD) due to prioritization needs. This indicates that NIST will no longer prioritize updates for these older CVEs, except those listed in CISA’s Known Exploited Vulnerabilities catalog.…
Read More
Australian Organisations Urged to Patch Ivanti Products Amid Exploited RCE Vulnerability
Summary: On April 3, 2025, Ivanti revealed a serious unauthenticated buffer overflow vulnerability (CVE-2025-22457) affecting multiple products, including Connect Secure and Policy Secure. This vulnerability allows remote code execution, making prompt action necessary for Australian organizations using these solutions. The alert provides detailed mitigation strategies and highlights the urgency of patching vulnerable systems to prevent exploitation by sophisticated threat actors.…
Read More
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
Summary: A lone wolf actor, known as EncryptHub, has been identified by Microsoft as the discoverer of two Windows security flaws while simultaneously engaging in cybercrime. The individual, originating from Ukraine and now in Romania, has compromised over 618 high-value targets and utilized advanced techniques in malware development, including reliance on OpenAI’s ChatGPT.…
Read More
Secret Sauce
This write-up details a Windows Privilege Escalation exercise using Hack The Box’s Arctic machine, showcasing steps taken from initial reconnaissance with Nmap to exploiting Adobe ColdFusion 8 for privilege escalation. The author emphasizes the importance of adapting strategies and being familiar with exploits. Affected: Windows OS, Adobe ColdFusion

Keypoints :

The author conducts a lab environment exercise for educational purposes.…
Read More
Intercepting MacOS XPC
The article discusses the utilization of XPC (Cross-Process Communication) in macOS applications, highlighting its vulnerabilities and the significance of using tools like Frida for dynamic analysis. As macOS transitions to ARM architecture, the article explores changes in how XPC operates and mentions that tools like IPSW offer enhanced capabilities over traditional ones like class-dump.…
Read More
Ivanti patches Connect Secure zero-day exploited since mid-March – PRSOL:CC
Ivanti has addressed a critical remote code execution vulnerability (CVE-2025-22457) in its Connect Secure product, exploited by a China-linked espionage actor. The flaw stems from a stack-based buffer overflow and impacts several versions of Ivanti and Pulse Connect Secure products. Admins are urged to update their systems to the patched version 22.7R2.6 and monitor for signs of compromise.…
Read More
CISA warns of latest Ivanti firewall bug being exploited by suspected Chinese hackers
Summary: Alleged China-based hackers are exploiting a vulnerability in Ivanti’s firewall products, specifically affecting its Connect Secure, Policy Secure, and ZTA Gateways tools, which serve large organizations and government clients. Ivanti confirmed limited attacks on customers and has released a patch; however, many devices remain unsupported beyond 2024, increasing risks for those using them.…
Read More
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code
Summary: OpenVPN has patched a critical security vulnerability (CVE-2025-2704) affecting its server software, which could allow attackers to crash servers using specific configurations. The newly released version 2.6.14 addresses the issue while ensuring no data leaks or direct remote code execution is possible. OpenVPN clients remain unaffected by this vulnerability, highlighting the importance of proactive security measures.…
Read More