Tag: ZERO-DAY

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
Kaspersky technologies identified a sophisticated wave of malware infections targeting various organizations through phishing emails leading to malicious links. A critical zero-day vulnerability in Google Chrome, identified as CVE-2025-2783, allowed attackers to bypass the browser’s sandbox. The malware campaign, dubbed Operation ForumTroll, aimed at espionage targeting media outlets and government entities in Russia.…
Read More
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
Summary: Kaspersky Labs has identified a complex cyber-espionage campaign named Operation ForumTroll, utilizing a new Google Chrome zero-day exploit (CVE-2025-2783) initiated through spear-phishing emails. The attack required no additional action from victims once they accessed the malicious link, with the exploit bypassing Chrome’s sandbox protections. This operation is believed to be conducted by a state-sponsored APT group targeting Russian media, educational institutions, and government organizations.…
Read More
Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
Summary: Google has released a patch for a critical vulnerability (CVE-2025-2783) in its Chrome browser that was exploited in a state-sponsored cyberespionage campaign. Kaspersky identified this vulnerability as part of a sophisticated attack targeting Russian organizations, utilizing drive-by downloads through phishing techniques. The patch was expedited following the discovery of a sandbox escape flaw that compromised Chrome’s security measures.…
Read More
CrushFTP warns users to patch unauthenticated access flaw immediately
Summary: CrushFTP has issued a warning about an unauthenticated HTTP(S) port access vulnerability affecting versions 10 and 11, urging customers to patch their servers immediately. The flaw allows attackers to gain unauthorized access to exposed servers, with over 3,400 instances currently exposed online. As a temporary measure, users can enable the DMZ feature to protect their systems until they can apply updates.…
Read More
Broadcom warns of authentication bypass in VMware Windows Tools
Summary: Broadcom has released security updates to address a high-severity authentication bypass vulnerability (CVE-2025-22230) in VMware Tools for Windows, which allows local attackers to escalate privileges without user interaction. The vulnerability was reported by a cybersecurity firm and is of particular concern given the frequent targeting of VMware products by ransomware gangs and state-sponsored hackers.…
Read More
Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots
Summary: Users globally are experiencing connectivity issues with DrayTek routers that are reportedly rebooting unexpectedly. The company has issued an advisory urging customers to update their firmware to address potential vulnerabilities, although specific details about the flaws or their exploitation remain unclear. Reports of these problems span multiple countries including the UK, Australia, and Germany.…
Read More
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin
Trend Research has identified a campaign by the Russian threat actor Water Gamayun that exploits CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console framework. This allows attackers to execute malicious code, download payloads, and steal sensitive data. The attack leverages manipulated .msc files and the Multilingual User Interface Path (MUIPath) to maintain persistence on affected systems.…
Read More
EncryptHub linked to MMC zero-day attacks on Windows systems
Summary: A threat actor named EncryptHub has exploited a Microsoft Management Console vulnerability (CVE-2025-26633) to conduct Windows zero-day attacks, allowing them to bypass security features and execute malicious code. Researchers from Trend Micro reported multiple delivery methods and certifications used in these attacks, with indications of ongoing development of these techniques.…
Read More
New Windows zero-day leaks NTLM hashes, gets unofficial patch
Summary: A new Windows zero-day vulnerability allows remote attackers to steal NTLM credentials by getting users to view malicious files in Windows Explorer. Although not classified as critical, the flaw affects all Windows versions and has been exploited in actual attacks. Free unofficial patches are available through the 0Patch service until official fixes from Microsoft are released.…
Read More
Unveiled the Threat Actors
This article explores various threat actors known for their significant cyber attacks, detailing their origins, techniques, and famous hacks. It categorizes these actors by their affiliations, such as state-sponsored and financially motivated groups, providing insight into their behaviors and methodologies. Affected: Government networks, financial institutions, healthcare, energy sector, retail, hospitality, media, technology, and more.…
Read More
Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup
The article discusses the evolution of the Lazarus group, indicating that it has now transformed into a collection of subgroups rather than a single entity. It emphasizes the importance of understanding these subgroups, their tactics, and their individual characteristics for effective cyber defense strategies. Affected: Japan, cryptocurrency sector, defense industry, aviation industry

Keypoints :

The term “Lazarus” has evolved from a singular APT group to multiple subgroups.…
Read More
The blog outlines several critical unauthenticated Remote Code Execution vulnerabilities found in Ingress NGINX Controller for Kubernetes, collectively dubbed #IngressNightmare. These vulnerabilities can grant attackers unauthorized access to all secrets within a Kubernetes cluster, risking complete takeover. With a CVSS v3.1 score of 9.8, it is estimated that 43% of cloud environments, including many Fortune 500 companies, are at risk.…
Read More
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More

Summary: The video discusses episode 839 of the Simply Cyber Daily Cyber Threat Brief, where the host shares insights from a mobile studio while preparing for a speaking engagement at Dakota Con. The episode covers a range of cybersecurity news topics, including a data breach at SpyX, a vulnerability in backup software, the use of spyware by law enforcement, and an ongoing Microsoft Windows zero-day vulnerability.…
Read More
The Biggest Supply Chain Hack Of 2025: 6M Records For Sale Exfiltrated from Oracle Cloud Affecting over 140k Tenants
A significant data breach occurred involving a threat actor known as “rose87168,” who sold 6 million records extracted from Oracle Cloud’s SSO and LDAP systems. The compromised data includes sensitive credentials and key files, affecting over 140,000 tenants. The actor’s activities suggest they exploited a web application vulnerability, raising severe concerns regarding Oracle Cloud’s security.…
Read More
10 Critical Network Pentest Findings IT Teams Overlook
Summary: After conducting over 10,000 automated internal network penetration tests, vPenTest identifies critical security gaps due to common misconfigurations, unpatched systems, and weak passwords. The analysis reveals that these vulnerabilities present significant risks that attackers can exploit easily, often resulting from simple oversights. The article outlines the ten most pressing internal network security risks and provides recommendations to mitigate them effectively.…
Read More
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
Summary: Browser security is becoming increasingly critical due to a 140% rise in phishing attacks, primarily fueled by zero-day vulnerabilities and advancements in generative AI used by cybercriminals. As attackers adopt sophisticated techniques akin to professional engineering, the risk of browser-based phishing is expected to escalate dramatically moving into 2025.…
Read More
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
Summary: A report by The Citizen Lab reveals that several governments, including Australia and Canada, are suspected customers of Israeli spyware company Paragon Solutions. Their tool, Graphite, targets sensitive data from messaging apps and has been linked to sophisticated attacks on individuals worldwide, leading to a significant response from both WhatsApp and Apple regarding security measures.…
Read More