RondoDox is a large-scale botnet active since June 2025, targeting 56 n-day vulnerabilities across over 30 device types, including routers, DVRs, and web servers. Since its discovery, the botnet has expanded its arsenal of exploits

A new variant of the Chaos ransomware family, dubbed Chaos-C++, has emerged targeting Microsoft Windows systems. This version is the first known Chaos variant not written in .NET, marking a significant shift in its development.

A critical authentication bypass vulnerability (CVE-2025-5947) in the Service Finder WordPress theme is being actively exploited by threat actors. Over 13,800 exploitation attempts have been recorded since August 1.

GitLab issued a security advisory (AV25-650) addressing multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerabilities affect versions prior to 18.4.2, 18.3.4, and 18.2.8.

A high-severity SQL injection vulnerability (CVE-2025-59397) has been identified in Open Web Analytics (OWA) version 1.8.0 and likely affects earlier versions. The flaw allows authenticated users to inject arbitrary SQL commands.

A new infostealer malware named Shuyal Stealer has been identified by a Threat Intelligence Team. This malware targets login credentials and Discord tokens from 17 different web browsers.

An ASCII smuggling attack targets Google's Gemini AI assistant, exploiting its integration with Google Workspace to inject hidden instructions via Unicode characters. These payloads are invisible to users but are processed by the AI.

ABB has disclosed a high-severity vulnerability (CVE-2021-22291) affecting its EIBPORT V3 KNX and EIBPORT V3 KNX GSM products. The vulnerability, rated with a CVSS score of 8.5, involves improper input neutralization during web page generation.

A critical RCE bug affects multiple Mozilla products including Firefox, Thunderbird, and SeaMonkey. This flaw, which occurs when JavaScript is enabled, allows remote attackers to execute arbitrary code by exploiting memory corruption.

A critical heap out-of-bounds write vulnerability, tracked as CVE-2021-22555, has been identified in the Linux Kernel. This flaw allows attackers to escalate privileges or cause a DoS condition via heap memory corruption through user namespaces.