Tag: CVE

XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day Vulnerabilities
XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day Vulnerabilities

XE Group, likely a Vietnam-linked hacking collective that has been active in the cyber threat arena for over a decade is believed to be behind the exploitation of a couple of VeraCore zero-day vulnerabilities. During the latest campaign, adversaries weaponized VeraCore flaws tracked as CVE-2024-57968 and CVE-2025-25181 to deploy reverse shells and web shells, ensuring […]

Read More
CVE-2025-0411 Detection: russian Cybercrime Groups Rely on Zero-Day Vulnerability in 7-Zip to Target Ukrainian Organizations
CVE-2025-0411 Detection: russian Cybercrime Groups Rely on Zero-Day Vulnerability in 7-Zip to Target Ukrainian Organizations

Since a full-scale invasion of Ukraine, cybercriminal groups of russian origin have relentlessly targeted the Ukrainian state bodies and business sectors for espionage and destruction. Recently, cybersecurity researchers uncovered a massive cyber-espionage campaign exploiting a 7-Zip zero-day vulnerability to deliver SmokeLoader malware. The campaign’s ultimate objective was cyber espionage, intensifying the digital frontlines of the […]

Read More
CVE-2025-21293 Detection: PoC Exploit Released for a Privilege Escalation Vulnerability in Active Directory Domain Services
CVE-2025-21293 Detection: PoC Exploit Released for a Privilege Escalation Vulnerability in Active Directory Domain Services

Shortly after the critical zero-click OLE vulnerability in Microsoft Outlook (CVE-2025-21298), yet another dangerous security threat has come to light. A recently patched privilege escalation vulnerability affecting Active Directory Domain Services (CVE-2025-21293) has taken a dangerous turn. With a proof-of-concept (PoC) exploit now circulating publicly online, the risk of exploitation has significantly increased. This vulnerability […]

Read More
CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities 
CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities 

Defenders shed light on a set of vulnerabilities in Ivanti Cloud Service Appliances (CSA) that can be chained for further exploitation. The latest joint alert by CISA and FBI notifies the global defender community of at least two exploit chains using Invanti vulnerabilities tracked as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380. Adversaries can take advantage of exploit […]

Read More
CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution 
CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution 

Hard on the heels of the disclosure of a denial-of-service (DoS) vulnerability in Windows LDAP, known as CVE-2024-49113 aka LDAPNightmare, another highly critical vulnerability affecting Microsoft products comes to the scene. The recently patched Microsoft Outlook vulnerability tracked as CVE-2025-21298 poses significant email security risks by allowing attackers to perform RCE on Windows devices through […]

Read More
CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC
CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC

Hot on the heels of the release of the first PoC exploit for a critical RCE vulnerability in the Windows LDAP, known as CVE-2024-49112, another vulnerability in the same software protocol in Windows environments is causing a stir. A discovery of CVE-2024-49113, a new denial-of-service (DoS) vulnerability, also known as LDAPNightmare, is hitting the headlines […]

Read More
CVE-2024-55591 Detection: Critical Zero-Day Vulnerability in Fortinet FortiOS and FortiProxy Actively Exploited in the Wild
CVE-2024-55591 Detection: Critical Zero-Day Vulnerability in Fortinet FortiOS and FortiProxy Actively Exploited in the Wild

In mid-January 2025, a new Fortinet FortiOS authentication bypass vulnerability, CVE-2024-55591, emerged as a severe threat to thousands of organizations at risk of compromise. This critical zero-day flaw exposes FortiGate firewall devices to potential compromise, allowing remote attackers to gain super-admin privileges on the affected systems. Fortinet has confirmed that the vulnerability is actively being […]

Read More
CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers
CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers

In 2024, vulnerability exploitation accounted for 14% of breach entry points, marking a nearly threefold increase from the previous year—a trend that could persist into 2025. At the turn of January 2025, defenders released the first PoC exploit that can crash unpatched Windows Servers by leveraging a critical RCE vulnerability in the Windows Lightweight Directory […]

Read More
CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File Transfer Products
CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File Transfer Products

High-profile attacks often stem from the exploitation of RCE vulnerabilities in commonly used software products. In late October 2024, security researchers uncovered a critical vulnerability in the FortiManager API (CVE-2024-47575) actively exploited in zero-day attacks. With the holiday season on the horizon, adversaries ramp up their activities as a new security flaw surfaces in the […]

Read More
CVE-2024-47575 Detection: FortiManager API Vulnerability Exploited in Zero-Day Attacks
CVE-2024-47575 Detection: FortiManager API Vulnerability Exploited in Zero-Day Attacks

Attackers frequently launch high-profile attacks by exploiting RCE vulnerabilities in popular software products. Cybersecurity researchers have recently identified the widespread exploitation of FortiManager instances, with 50+ potentially compromised devices across multiple industry verticals. Defenders disclosed a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks by adversaries to execute arbitrary code […]

Read More