A critical pre-authentication RCE bug has been identified in Oracle Identity Manager’s REST WebServices. This vulnerability allows unauthenticated attackers to exploit URI and matrix parameter parsing weaknesses to execute arbitrary code.

A new Mirai-variant botnet named ShadowV2 has been identified targeting Internet of Things (IoT) devices globally. It is designed to exploit known vulnerabilities across multiple embedded platforms

A critical bug has been discovered in WatchGuard Fireware OS, specifically affecting the IKEv2 VPN implementation. This Out-of-Bounds Write flaw allows remote, unauthenticated attackers to execute arbitrary code on affected Firebox appliances.

Multiple critical vulnerabilities have been identified in Citrix NetScaler ADC and NetScaler Gateway appliances, including a memory overflow flaw (CVE-2025-7775) that enables remote code execution (RCE) and denial of service (DoS).

A newly identified phishing campaign is deploying a sophisticated RAT dubbed MostereRAT, targeting Microsoft Windows systems. The campaign begins with phishing emails targeting Japanese users, impersonating legitimate business inquiries.

Critical authentication bypass vulnerabilities have been discovered in Zscaler, Netskope, and Check Point ZTNA. These vulnerabilities allow to bypass authentication mechanisms, impersonate users across organizations, and access sensitive data.

RondoDox is a new botnet threat that exploits two critical vulnerabilities: CVE-2024-3721 (TBK DVR models) and CVE-2024-12856 (Four-Faith router models). These vulnerabilities allow remote attackers to execute arbitrary commands.

A sophisticated variant of the Havoc Remote Access Trojan (RAT) was deployed in a targeted cyber intrusion against critical national infrastructure in the Middle East. This variant leverages a disguised remote injector to deploy the Havoc payload.

A critical authentication bypass vulnerability (CVE-2025-49825) has been identified in Teleport, an open-source platform used for secure access to infrastructure via SSH, RDP, Kubernetes, and other protocols.

A critical command injection vulnerability, CVE-2024-3721, in TBK DVR devices is being actively exploited by multiple botnet operators. This flaw enables unauthenticated remote code execution via crafted HTTP requests.