Tag: ZERO-DAY

Critical Authentication Bypass Flaw Impacts VMware Tools for Windows
Summary: Broadcom has released security updates for a severe authentication bypass vulnerability (CVE-2025-22230) affecting VMware Tools for Windows, allowing low-privileged attackers to escalate privileges. This flaw, caused by improper access control, affects VMware Tools versions 12.x.x and 11.x.x. Affected organizations are urged to update urgently, as exploitation in the wild may pose significant risks.…
Read More
New York’s cyber chief on keeping cities and states safe from cyberattacks
Summary: Colin Ahern, New York state’s first chief cyber officer, reflects on his journey from military intelligence to leading cybersecurity efforts. During his tenure, he has focused on protecting government systems from escalating cyber threats, particularly ransomware. Ahern discusses the collaboration needed between state and local governments, as well as the essential role of education in promoting cybersecurity awareness.…
Read More
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
Summary: The EncryptHub threat actor has exploited a zero-day vulnerability in Microsoft Windows (CVE-2025-26633) to deploy various malware, including Rhadamanthys and StealC. This attack leverages the Microsoft Management Console (MMC) to execute malicious payloads while maintaining persistence and stealing sensitive information from compromised systems. Trend Micro has identified this attack as MSC EvilTwin and is monitoring related Russian cyber activities.…
Read More
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch
Summary: Security researchers from Trend Micro have identified a zero-day vulnerability (CVE-2025-26633) that was exploited by the EncryptHub ransomware gang. This exploit targets the Microsoft Management Console (MMC) framework, allowing attackers to execute malicious code and exfiltrate data. The report indicates that the attack technique involves manipulating .msc…
Read More
Google fixes Chrome zero-day exploited in espionage campaign
Summary: Google has addressed a high-severity zero-day vulnerability, CVE-2025-2783, in Chrome that was being exploited to escape the browser’s sandbox for espionage attacks targeting Russian organizations. The flaw allows attackers to deploy sophisticated malware through phishing campaigns. The patch is being rolled out for users globally, with further details on the attacks yet to be fully disclosed by Google.…
Read More
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Summary: Google has released urgent fixes for a high-severity vulnerability in Chrome for Windows, known as CVE-2025-2783, which has been actively exploited to target organizations in Russia. The flaw involves an incorrect handle in Mojo, allowing attackers to bypass browser protections through phishing emails. This marks the first actively exploited Chrome zero-day of the year, with attacks linked to a sophisticated APT campaign called Operation ForumTroll.…
Read More
Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
Kaspersky technologies identified a sophisticated wave of malware infections targeting various organizations through phishing emails leading to malicious links. A critical zero-day vulnerability in Google Chrome, identified as CVE-2025-2783, allowed attackers to bypass the browser’s sandbox. The malware campaign, dubbed Operation ForumTroll, aimed at espionage targeting media outlets and government entities in Russia.…
Read More
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
Summary: Kaspersky Labs has identified a complex cyber-espionage campaign named Operation ForumTroll, utilizing a new Google Chrome zero-day exploit (CVE-2025-2783) initiated through spear-phishing emails. The attack required no additional action from victims once they accessed the malicious link, with the exploit bypassing Chrome’s sandbox protections. This operation is believed to be conducted by a state-sponsored APT group targeting Russian media, educational institutions, and government organizations.…
Read More
Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
Summary: Google has released a patch for a critical vulnerability (CVE-2025-2783) in its Chrome browser that was exploited in a state-sponsored cyberespionage campaign. Kaspersky identified this vulnerability as part of a sophisticated attack targeting Russian organizations, utilizing drive-by downloads through phishing techniques. The patch was expedited following the discovery of a sandbox escape flaw that compromised Chrome’s security measures.…
Read More
CrushFTP warns users to patch unauthenticated access flaw immediately
Summary: CrushFTP has issued a warning about an unauthenticated HTTP(S) port access vulnerability affecting versions 10 and 11, urging customers to patch their servers immediately. The flaw allows attackers to gain unauthorized access to exposed servers, with over 3,400 instances currently exposed online. As a temporary measure, users can enable the DMZ feature to protect their systems until they can apply updates.…
Read More
Broadcom warns of authentication bypass in VMware Windows Tools
Summary: Broadcom has released security updates to address a high-severity authentication bypass vulnerability (CVE-2025-22230) in VMware Tools for Windows, which allows local attackers to escalate privileges without user interaction. The vulnerability was reported by a cybersecurity firm and is of particular concern given the frequent targeting of VMware products by ransomware gangs and state-sponsored hackers.…
Read More
Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots
Summary: Users globally are experiencing connectivity issues with DrayTek routers that are reportedly rebooting unexpectedly. The company has issued an advisory urging customers to update their firmware to address potential vulnerabilities, although specific details about the flaws or their exploitation remain unclear. Reports of these problems span multiple countries including the UK, Australia, and Germany.…
Read More
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin
Trend Research has identified a campaign by the Russian threat actor Water Gamayun that exploits CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console framework. This allows attackers to execute malicious code, download payloads, and steal sensitive data. The attack leverages manipulated .msc files and the Multilingual User Interface Path (MUIPath) to maintain persistence on affected systems.…
Read More
EncryptHub linked to MMC zero-day attacks on Windows systems
Summary: A threat actor named EncryptHub has exploited a Microsoft Management Console vulnerability (CVE-2025-26633) to conduct Windows zero-day attacks, allowing them to bypass security features and execute malicious code. Researchers from Trend Micro reported multiple delivery methods and certifications used in these attacks, with indications of ongoing development of these techniques.…
Read More
New Windows zero-day leaks NTLM hashes, gets unofficial patch
Summary: A new Windows zero-day vulnerability allows remote attackers to steal NTLM credentials by getting users to view malicious files in Windows Explorer. Although not classified as critical, the flaw affects all Windows versions and has been exploited in actual attacks. Free unofficial patches are available through the 0Patch service until official fixes from Microsoft are released.…
Read More
Unveiled the Threat Actors
This article explores various threat actors known for their significant cyber attacks, detailing their origins, techniques, and famous hacks. It categorizes these actors by their affiliations, such as state-sponsored and financially motivated groups, providing insight into their behaviors and methodologies. Affected: Government networks, financial institutions, healthcare, energy sector, retail, hospitality, media, technology, and more.…
Read More
Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup
The article discusses the evolution of the Lazarus group, indicating that it has now transformed into a collection of subgroups rather than a single entity. It emphasizes the importance of understanding these subgroups, their tactics, and their individual characteristics for effective cyber defense strategies. Affected: Japan, cryptocurrency sector, defense industry, aviation industry

Keypoints :

The term “Lazarus” has evolved from a singular APT group to multiple subgroups.…
Read More
The blog outlines several critical unauthenticated Remote Code Execution vulnerabilities found in Ingress NGINX Controller for Kubernetes, collectively dubbed #IngressNightmare. These vulnerabilities can grant attackers unauthorized access to all secrets within a Kubernetes cluster, risking complete takeover. With a CVSS v3.1 score of 9.8, it is estimated that 43% of cloud environments, including many Fortune 500 companies, are at risk.…
Read More
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More