Aggregator

Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there's been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. "An Authentication Bypass Using an Alternate Path or

A vulnerability classified as problematic has been found in undsgn Uncode Plugin up to 2.9.1.6 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13667. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in undsgn Uncode Plugin up to 2.9.1.6 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2024-13691. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in undsgn Uncode Plugin up to 2.9.1.6 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2024-13681. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in FormCraft Plugin up to 3.9.11 on WordPress. It has been classified as problematic. This affects an unknown part of the file formcraft-main.php. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-13783. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PressLayouts PressMart Plugin up to 1.2.16 on WordPress and classified as critical. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-13797. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in GStreamer up to 1.24.9. This vulnerability affects the function qtdemux_parse_svq3_stsd_data of the file qtdemux.c. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-47596. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GStreamer up to 1.24.9 and classified as critical. Affected by this issue is the function qtdemux_parse_trak of the file qtdemux.c. The manipulation leads to integer underflow. This vulnerability is handled as CVE-2024-47545. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GStreamer up to 1.24.9. It has been classified as problematic. This affects the function qtdemux_parse_samples of the file qtdemux.c. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-47597. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in GStreamer up to 1.24.9. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-47537. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GStreamer up to 1.24.9. Affected is the function vorbis_handle_identification_packet of the file gstvorbisdec.c. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-47538. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GStreamer up to 1.24.9. It has been rated as critical. This issue affects the function memmove of the file gstssaparse.c. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-47541. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in UnitedThemes Brooklyn Plugin up to 4.9.9.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-13636. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability
• CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released two Industrial Control Systems (ICS) advisories on February 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-191-01 Delta Electronics CNCSoft-G2 (Update A)
• ICSA-25-035-02 Rockwell Automation GuardLogix 5380 and 5580 (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Proofpoint also identified two new threat actors operating components of web inject campaigns, TA2726 and TA2727

S04 EP 02: Common themes we can expect to see in 2025

The post Predicting the year of cybersecurity ahead (minus regulations) appeared first on Security Boulevard.

Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X.  From December 20 to 24, 2024, the Quetzal Team identified a phishing campaign targeting the cryptocurrency and fintech sectors. This campaign aimed to distribute a newly discovered stealer malware, which we have […]

The post Zhong Stealer Analysis: New Malware Targeting Fintech and Cryptocurrency appeared first on ANY.RUN's Cybersecurity Blog.