Tag: VULNERABILITY

Daily News Update: Friday, March 28, 2025 (Australia/Melbourne)
A wave of cybersecurity incidents has revealed vulnerabilities across various platforms, affecting developers, healthcare providers, enterprises, and individuals. Notably, npm packages were compromised to steal sensitive information, a critical flaw was patched in Firefox, a ransomware fine was issued to a UK company, and numerous vulnerabilities were identified in solar inverters.…
Read More
Red Team Perspective: Known Attack Surface and Potential Risks of GitLab – Security KER – Security Information Platform
This article discusses various known attack surfaces and potential risks associated with GitLab, highlighting a range of vulnerabilities, including Remote Code Execution (RCE), SSRF, XSS, and permission escalation issues. The information covers the history of vulnerabilities, their impact, and famous cases, emphasizing the importance of security measures for self-managed GitLab instances.…
Read More
RST TI Report Digest: 31 Mar 2025
This week’s threat intelligence report reveals an analysis of multiple cyber threat reports. Key highlights include espionage tactics from APT groups, sophisticated malware deployments, and various Indicators of Compromise (IoCs) detected across platforms. The ongoing evolution of cyber threats emphasizes adaptive techniques utilized by attackers to infiltrate critical sectors.…
Read More

Victim: SIRIUS S.R.L. Country : IT Actor: nitrogen Source: http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion/posts/67d069b30a8353201efe6911 Discovered: 2025-03-31 08:07:27.075692 Published: 2025-03-31 08:05:53.436515 Description : SIRIUS S.R.L., an Italian company specializing in energy automation, particularly focuses on the management and remote control of renewable energy plants. They offer a range of services including software development, commissioning, training, and ongoing technical support.…
Read More
Samsung Tickets Data Leak: Infostealers Strike Again in Massive Free Dump
This article discusses a massive data breach impacting Samsung Germany, where a hacker known as “GHNA” leaked approximately 270,000 customer tickets due to credentials stolen by infostealer malware back in 2021. The breach highlights the dangers of unmonitored and unrotated credentials, leading to potential exploitation and privacy violations for thousands of customers.…
Read More
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed the presence of a new malware, RESURGE, targeting vulnerabilities in Ivanti Connect Secure appliances. This malware exploits a recently patched security flaw (CVE-2025-0282) and has capabilities enhancing its evasion and operational effectiveness. It is linked to espionage activities potentially conducted by state-sponsored threat actors.…
Read More
Major Cyber Attacks Targeting Transportation & Logistics Industry
The transportation and logistics industry is increasingly targeted by cybercriminals as they exploit vulnerabilities to disrupt operations and steal sensitive data. Major incidents include ransomware attacks affecting ports and airports, along with data breaches that raise severe concerns about data security within the sector. Affected: transportation and logistics industry, public infrastructure, cybersecurity sector

Keypoints :

Transportation and logistics sector is a major target for cybercriminals due to valuable data.…
Read More
CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory regarding multiple critical vulnerabilities in the CHOCO TEI WATCHER mini manufactured by Inaba Denki Sangyo Co., Ltd. These vulnerabilities may allow attackers to exploit the device, compromising sensitive information and operational integrity in industrial environments.…
Read More
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report on a new malware variant called RESURGE, which has sophisticated persistence and manipulation capabilities, particularly linked to a known vulnerability in Ivanti products. The report highlights detailed mitigation measures in response to RESURGE’s exploitation of the CVE-2025-0282 vulnerability.…
Read More
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
Summary: Threat hunters infiltrated the infrastructure of the BlackLock ransomware group, revealing significant operational security flaws and exposing data linked to its activities. A critical vulnerability was identified in their Data Leak Site (DLS), allowing access to sensitive configuration files and command histories. This incident highlights the increasing complexity of ransomware operations and their interconnections in the underground economy.…
Read More

Victim: theeyeclinicsurgicenter.com – The Eye Clinic Surgicenter company Country : Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/11267670f1e1f99e723fe6d0b723fc5fc71d43c31d1b44d7e898781d35d9fac6/ Discovered: 2025-03-29 01:19:48.175219 Published: 2025-03-29 01:18:38.183803 Description : The Eye Clinic Surgicenter, a healthcare facility, has recently fallen victim to a ransomware attack attributed to the Babuk2 cybercrime group. This incident highlights the increasing vulnerability of healthcare providers to cyber threats, jeopardizing sensitive patient information and operational integrity.…
Read More
Zero-Day Vulnerability Discovered in a-blog cms, Act Now to Protect Your Web Server
Summary: A critical security vulnerability (CVE-2025-31103) has been identified in a-blog cms, enabling attackers to exploit untrusted data deserialization and potentially execute arbitrary scripts on affected web servers. The Japan Computer Emergency Response Team (JPCERT/CC) has highlighted the urgency of the issue, as attackers have already begun targeting vulnerable versions of the software.…
Read More
CISA Adds Google Chromium Mojo Flaw to its Known Exploited Vulnerabilities Catalog
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a high-severity Google Chromium Mojo sandbox escape vulnerability, CVE-2025-2783, in its Known Exploited Vulnerabilities catalog, following its active exploitation in attacks targeting Russian organizations. Google has released out-of-band fixes for the Chrome browser on Windows, advising all users to update their systems.…
Read More
Critical Severity Vulnerabilities in Ghostscript Put Users at Risk
Summary: A series of critical security vulnerabilities have been discovered in Artifex Ghostscript, including multiple buffer overflow and unauthorized file access vulnerabilities that could lead to exploitation of affected systems. These vulnerabilities are linked to various components of the Ghostscript interpreter, with several having high CVSS scores indicating severe risk.…
Read More
Apache Tomcat: CVE-2025-24813
CVE-2025-24813 is a critical vulnerability in Apache Tomcat that can allow remote, unauthenticated attackers to execute arbitrary code or access sensitive files. Organizations using vulnerable versions need to apply patches to protect their systems. Affected: Apache Tomcat

Keypoints :

Critical path equivalence vulnerability in Apache Tomcat, identified as CVE-2025-24813.…
Read More
Dozens of solar inverter flaws could be exploited to attack power grids – PRSOL:CC
This article discusses severe vulnerabilities found in solar inverters from major manufacturers Sungrow, Growatt, and SMA, which could be exploited to control devices or execute code on their cloud platforms. These vulnerabilities pose risks to grid stability and user privacy, as they can be leveraged for attacks that disrupt power generation and demand balance.…
Read More