Open Source Alerts

Critical Meshtastic RCE Vulnerability (CVE-2025-24797) Requires Urgent Update

A critical security vulnerability has been disclosed in Meshtastic, the open-source LoRa mesh networking platform known for enabling long-range, low-power communication without cellular or internet connectivity.

CVE-2025-42599: Critical Buffer Overflow in Active! mail Exploited in the Wild

A critical stack-based buffer overflow vulnerability, tracked as CVE-2025-42599, has been identified in Active! mail. The flaw carries a CVSS score of 9.8 and is actively being exploited in the wild.

New payment-card scam involves a phone call, some malware and a personal tap

A new fraud campaign tracked by Cleafy in Italy leverages Android malware, social engineering, and NFC technology to steal payment card data. The malware, dubbed SuperCard X, is part of a malware-as-a-service (MaaS) operation .

ASUS warns of critical auth bypass flaw in routers using AiCloud

ASUS has disclosed a critical authentication bypass vulnerability (CVE-2025-2492) affecting multiple router models with AiCloud enabled. The flaw allows remote attackers to execute unauthorized functions without authentication.

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

A spear-phishing campaign attributed to Russian-speaking threat actors targeted the UK Ministry of Defence (MOD) in late 2024. The attackers deployed a RomCom malware variant known as Damascened Peacock.

KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools

Cybersecurity researchers uncovered a RedGolf/APT41 server inadvertently exposed for less than 24 hours, offering a rare glimpse into an active staging ground used by the threat actor.

The Zoom attack you didn't see coming

A threat actor known as ELUSIVE COMET is exploiting Zoom’s remote control feature to deploy malware during fake podcast interviews. The attacker is targeting individuals in the cryptocurrency and DeFi sectors.

FBI Warns of Scammers Impersonating the IC3

The FBI has issued a warning about a persistent fraud scheme in which scammers impersonate employees of the Internet Crime Complaint Center (IC3) to deceive and revictimize individuals, particularly those who have already suffered financial fraud.

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

A widespread and ongoing SMS phishing (smishing) campaign has been targeting toll road users across eight U.S. states since mid-October 2024. The campaign impersonates electronic toll systems.

npm Malware Targets Telegram Bot Developers with Persistent ...

A new supply chain attack has been uncovered targeting Telegram bot developers via typosquatted npm packages. These malicious packages mimic the legitimate `node-telegram-bot-api` library.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags