Aggregator

In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors

In the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors

Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled

CISA released twenty-two Industrial Control Systems (ICS) advisories on May 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-135-01 Siemens RUGGEDCOM APE1808 Devices
• ICSA-25-135-02 Siemens INTRALOG WMS
• ICSA-25-135-03 Siemens BACnet ATEC Devices
• ICSA-25-135-04 Siemens Desigo
• ICSA-25-135-05 Siemens SIPROTEC and SICAM
• ICSA-25-135-06 Siemens Teamcenter Visualization
• ICSA-25-135-07 Siemens IPC RS-828A
• ICSA-25-135-08 Siemens VersiCharge AC Series EV Chargers
• ICSA-25-135-09 Siemens User Management Component (UMC)
• ICSA-25-135-10 Siemens OZW Web Servers
• ICSA-25-135-11 Siemens Polarion
• ICSA-25-135-12 Siemens SIMATIC PCS neo
• ICSA-25-135-13 Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems
• ICSA-25-135-14 Siemens APOGEE PXC and TALON TC Series
• ICSA-25-135-15 Siemens Mendix OIDC SSOICSA-25-135-16 Siemens MS/TP Point Pickup Module
• ICSA-25-135-16 Siemens MS/TP Point Pickup Module
• ICSA-25-135-17 Siemens RUGGEDCOM ROX II
• ICSA-25-135-18 Siemens SCALANCE LPE9403
• ICSA-25-135-19 ECOVACS DEEBOT Vacuum and Base Station
• ICSA-25-135-20 Schneider Electric EcoStruxure Power Build Rapsody
   
• ICSA-24-135-04 Mitsubishi Electric Multiple FA Engineering Software Products (Update C)
• ICSA-24-200-01 Mitsubishi Electric MELSOFT MaiLab and MELSOFT VIXIO (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Updated June 5, 2025

CISA is continually collaborating with partners across government and the private sector. Through this collaboration, CISA learned that CVE-2025-4664 has not been exploited and there is insufficient evidence to keep this CVE on the KEV and that the best course of action is to remove it. CISA is committed to continued collaboration with partners.

End of Update

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. 

• CVE-2024-12987 DrayTek Vigor Routers OS Command Injection Vulnerability
• CVE-2025-4664 Google Chromium Loader Insufficient Policy Enforcement Vulnerability
• CVE-2025-42999 SAP NetWeaver Deserialization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

The benefits of cybercrime aren't all flashy cars and watches. Sophos X-Ops researchers discovered it also fuels a far-reaching mix of ordinary, sometimes unremarkable businesses.

The post Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures appeared first on CyberScoop.

Новый чип Hygon — как EPYC, только злее.

A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. This vulnerability was named CVE-2025-4761. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Node.js. This affects the function SignTraits::DeriveBits of the component Async Cryptographic Operation Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-23166. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mattermost up to 9.11.11/10.4.4/10.5.2/10.6.1. Affected by this issue is some unknown functionality of the component API. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-3446. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 9.11.11/10.4.4/10.5.2/10.6.1. Affected by this vulnerability is an unknown functionality of the component LDAP Lockout. The manipulation leads to overly restrictive account lockout mechanism. This vulnerability is known as CVE-2025-31947. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #571314 / VDB-309064

In today’s cyber threat landscape, data exfiltration is one of the most low-and-slow and damaging tactics employed by threat actors. […]

The post AI-Powered Exfiltration Detection: Real-World Use Cases in Network Traffic Analysis appeared first on HawkEye.

Over the years, many different technologies have transitioned to Cloud-based solutions, including ERP systems and email management platforms.…

A vulnerability classified as critical was found in NVIDIA Graphics Driver up to 341/369.58/375.62 on Quadro/NVS/GeForce. This vulnerability affects unknown code in the library nvlddmkm.sys of the component Kernel Mode Layer. The manipulation leads to improper access controls. This vulnerability was named CVE-2016-7384. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

PentestPad announced a major rollout of new features to its platform, built to transform how modern security teams deliver penetration testing and manage vulnerabilities, clients and deliverables. PentestPad is an all-in-one workspace designed for penetration testing companies, internal security teams, and IT departments. With growing regulatory pressure (ISO 27001, SOC 2, NIS2, etc.) and increased attack surfaces, companies are struggling to maintain transparency, speed, and structure in their testing workflows. PentestPad addresses this head-on. “Security … More →

The post PentestPad streamlines security testing workflows appeared first on Help Net Security.

A vulnerability classified as problematic was found in Unijimpe captcha. This vulnerability affects unknown code of the file captchademo.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2012-2914. The attack can be initiated remotely. Furthermore, there is an exploit available.

Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn't theoretical: it

MistTrack MCP 进一步降低链上追踪工具的使用门槛，提升分析效率和准确性。

Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to fix a vulnerability that’s reportedly being exploited by attackers. If this advice sounds familiar, it’s because it is a repeat of a call that happened ten days ago, when researchers spotted attackers attempting to compromise machines running the platform’s server component by exploiting a path traversal vulnerability. At the … More →

The post Samsung patches MagicINFO 9 Server vulnerability exploited by attackers appeared first on Help Net Security.