Tuesday, April 29, 2025

Exploit

Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems

A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide. The flaw, which enables NTLM hash disclosure...

Critical SUSE Linux Distro Injection Vulnerability Allow Attackers Exploits “go-git” Library

A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications. This issue...

Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages

Over the past year, malicious actors have been abusing OAST services for data exfiltration, C2 channel establishment, and multi-stage attacks by leveraging compromised JavaScript,...

PoC Exploit Released For Critical Windows LDAP RCE Vulnerability

The CVE-2024-49112 vulnerability in Windows LDAP allows remote code execution on unpatched Domain Controllers, as a zero-click exploit leverages this by crafting malicious LDAP...

DrayTek Devices Vulnerability Let Attackers Arbitrary Commands Remotely

The DrayTek Gateway devices, more specifically the Vigor2960 and Vigor300B models, are susceptible to a critical command injection vulnerability.  Exploitable via the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint, attackers...

New 7-Zip 0-Day Exploit Allegedly Leaked Online Via ‘X’

A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an...

1-Click RCE Attack In Kerio Control UTM Allow Attackers Gain Firewall Root Access Remotely

GFI Software's Kerio Control, a popular UTM solution, was found to be vulnerable to multiple HTTP Response Splitting vulnerabilities, which affecting versions 9.2.5 through...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them to gain unauthorized access. This can lead to data...

Hackers Abuse EDRSilencer Red Team Tool To Evade Detection

EDRSilencer, a red team tool, interferes with EDR solutions by blocking network communication for associated processes using the WFP, which makes it harder to...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. With a CVSS base score of 9.8,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability was found in Foxit PDF Reader, a widely used alternative...