U.S. CISA adds Linux Kernel flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2023-0386, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership vulnerability in the Linux kernel that […]

June 18, 2025
Read More >>

News Flodrix botnet targets vulnerable Langflow servers

Attackers exploit CVE-2025-3248 in Langflow servers to deliver Flodrix botnet via downloader scripts, Trend Research reports. Trend Research uncovered an ongoing campaign exploiting the vulnerability CVE-2025-3248 to deliver the Flodrix botnet. Attackers exploit the flaw to run scripts on Langflow servers, downloading and installing Flodrix malware. “If the vulnerability is successfully exploited, threat actors behind […]

June 18, 2025
Read More >>

U.S. CISA adds Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: Last week, Apple confirmed that the now-patched […]

June 17, 2025
Read More >>

Attackers target Zyxel RCE vulnerability CVE-2023-28771

GreyNoise researchers have observed exploit attempts targeting the remote code execution vulnerability CVE-2023-28771 in Zyxel devices. On June 16, GreyNoise researchers detected exploit attempts targeting CVE-2023-28771 (CVSS score 9.8), a remote code execution flaw impacting Zyxel IKE decoders over UDP port 500. “Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On June 16, GreyNoise observed […]

June 17, 2025
Read More >>

India-based car-sharing company Zoomcar suffered a data breach impacting 8.4M users

Zoomcar disclosed a data breach impacting 8.4M users after attackers compromised its systems and contacted the company staff. Zoomcar is an India-based car-sharing and self-drive car rental company. Zoomcar discovered a data breach impacting 8.4M users after threat actors contacted the internal personnel claiming the compromise of internal systems. The company is investigating the security […]

June 17, 2025
Read More >>

State-sponsored hackers compromised the email accounts of several Washington Post journalists

State-sponsored hackers compromised the email accounts of several journalists working at the Washington Post. A cyberattack, likely carried out by state-sponsored hackers, compromised the Microsoft email accounts of Washington Post journalists, including reporters covering China and national security. “A cyberattack on the Washington Post compromised email accounts of several journalists and was potentially the work […]

June 17, 2025
Read More >>

Law enforcement operation shut down dark web drug marketplace Archetyp Market

Europol shut down Archetyp Market, a major dark web drug marketplace, in a global operation with arrests and takedowns. An international law enforcement operation led by Europol dismantled Archetyp Market, the most enduring dark web marketplace. The marketplace enabled the anonymous trade of illicit drugs, including cocaine, MDMA, amphetamines, and synthetic opioids. Between June 11 […]

June 16, 2025
Read More >>

New Anubis RaaS includes a wiper module

Anubis RaaS now includes a wiper module, permanently deleting files. Active since Dec 2024, it launched an affiliate program in Feb 2025. Anubis is a new RaaS that combines file encryption capability with a rare “wipe mode,” permanently deleting files and preventing recovery even after ransom payment. Anubis operates a flexible affiliate program that has […]

June 16, 2025
Read More >>

New Predator spyware infrastructure revealed activity in Mozambique for the first time

Insik Group analyzed the new Predator spyware infrastructure and discovered it’s still gaining users despite U.S. sanctions since July 2023. Despite earlier declines in activity due to U.S. sanctions and public exposure, Predator spyware has resurged. Insikt Group analyzed a renewed infrastructure linked to the commercial spyware company and identified a new customer in Mozambique, […]

June 16, 2025
Read More >>

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 49

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Supply chain attack hits Gluestack NPM packages with 960K weekly downloads   Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721   Destructive npm Packages Disguised as Utilities Enable Remote System Wipe AMOS Variant Distributed […]

June 15, 2025
Read More >>