RondoDox botnet targets 56 n-day flaws in worldwide attacks

RondoDox is a large-scale botnet active since June 2025, targeting 56 n-day vulnerabilities across over 30 device types, including routers, DVRs, and web servers. Since its discovery, the botnet has expanded its arsenal of exploits

New Chaos-C++ Ransomware Targets Windows by Wiping Data, Stealing Crypto

A new variant of the Chaos ransomware family, dubbed Chaos-C++, has emerged targeting Microsoft Windows systems. This version is the first known Chaos variant not written in .NET, marking a significant shift in its development.

Hackers exploit auth bypass in Service Finder WordPress theme

A critical authentication bypass vulnerability (CVE-2025-5947) in the Service Finder WordPress theme is being actively exploited by threat actors. Over 13,800 exploitation attempts have been recorded since August 1.

GitLab security advisory (AV25-650)

GitLab issued a security advisory (AV25-650) addressing multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerabilities affect versions prior to 18.4.2, 18.3.4, and 18.2.8.

Open Web Analytics SQL Injection

A high-severity SQL injection vulnerability (CVE-2025-59397) has been identified in Open Web Analytics (OWA) version 1.8.0 and likely affects earlier versions. The flaw allows authenticated users to inject arbitrary SQL commands.

New Shuyal Stealer Targets 17 Web Browsers for Login Data and Discord Tokens

A new infostealer malware named Shuyal Stealer has been identified by a Threat Intelligence Team. This malware targets login credentials and Discord tokens from 17 different web browsers.

Google won’t fix new ASCII smuggling attack in Gemini

An ASCII smuggling attack targets Google's Gemini AI assistant, exploiting its integration with Google Workspace to inject hidden instructions via Unicode characters. These payloads are invisible to users but are processed by the AI.

[Control systems] ABB security advisory (AV25-648)

ABB has disclosed a high-severity vulnerability (CVE-2021-22291) affecting its EIBPORT V3 KNX and EIBPORT V3 KNX GSM products. The vulnerability, rated with a CVSS score of 8.5, involves improper input neutralization during web page generation.

Known Exploited Vulnerabilities Catalog

A critical RCE bug affects multiple Mozilla products including Firefox, Thunderbird, and SeaMonkey. This flaw, which occurs when JavaScript is enabled, allows remote attackers to execute arbitrary code by exploiting memory corruption.

Known Exploited Vulnerabilities Catalog

A critical heap out-of-bounds write vulnerability, tracked as CVE-2021-22555, has been identified in the Linux Kernel. This flaw allows attackers to escalate privileges or cause a DoS condition via heap memory corruption through user namespaces.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags