FortiGuard Labs has identified a new botnet, dubbed “RustoBot,” actively exploiting vulnerabilities in TOTOLINK devices. Notably, this variant is written in Rust—a modern, secure programming language. Spike in TOTOLINK Exploits Between January and February 2025, FortiGuard observed a surge in cyberattacks exploiting known vulnerabilities in TOTOLINK networking hardware. These attacks are based on the cstecgi.cgi … Continued
A major security flaw has been discovered in WinZip, a popular file compression utility, potentially putting millions of users at risk of malicious code execution. This vulnerability affects WinZip up to version 76.9(64-bit for Windows) and has not yet been patched. Overview of CVE-2025-33028 The Vulnerability allows attackers to bypass the Mark-of-the-Web (MotW) security feature- … Continued
In a troubling new development in the world of phishing, researchers from Kaspersky have discovered a new phishing technique that uses SVG (Scalable Vector Graphics) files- a format used for web design and graphics. Phishing tactics continue to evolve rapidly, moving beyond familiar PDF attachments and deceptive URLs like “FaceB00k”. This time, attackers are weaponizing … Continued
Cybersecurity researchers at Trend Micro have uncovered a series of ransomware samples with infection characteristics and payloads attributable to the FOG ransomware group. The discovery includes nine samples uploaded to VirusTotal between March 27 and April 2, all of which have the note containing names related to Department of Government Efficiency (DOGE) led by Elon … Continued
Cybersecurity researchers are raisng alarm over an increase in cyberattacks linked to notorious malware strain known as XorDDoS, which has been aggressively targeting systems in the United States. According to a new analysis by Cisco Talos, 71.3% of XorDDoS-related attacks between November 2023 and February 2025 were aimed at U.S. infrastructure. XorDDoS XorDDoS is a … Continued
Kaspersky cybersecurity researchers have found new attacks utilizing an improved variant of the long-dormant MysterySnail RAT — a sophisticated remote access trojan first discovered in 2021 while exploiting a zero-day vulnerability CVE-2021-40449. This RAT is attributed to the Chinese-speaking APT group IronHusky. Now it seems IronHusky APT revived MysterySnail RAT to target governments in Mongolia … Continued
Category: Vulnerabilities | Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security vulnerability affecting SonicWall Secure Mobile Access (SMA) 100 Series devices to its Known Exploited Vulnerabilities (KEV)catalog, following confirmed reports of real-world exploitation. This high-severity flaw, tracked as CVE-2021-20035 with a CVSS score of 7.2, is an … Continued
A newly discovered Windows vulnerability, tracked as CVE-2025-24054, is being actively exploited in the wild, prompting urgent warnings from security researchers. This flaw allows attackers to leak NTLMv2-SSP hashes using .library-ms files, exposing users to credential theft, lateral movement, and full domain compromise. Though it was fixed by Microsoft on March 11,2025, threat actors began … Continued
Apple on Wednesday issued emergency security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to fix two newly discovered vulnerabilities that the company says are being actively exploited in the wild. The flaws—both considered high-risk—have been tracked as CVE-2025-31200 and CVE-2025-31201. CVE-2025-31200 (CVSS score: 7.5)- A memory corruption vulnerability within the Core Audio framework. … Continued
Yesterday, out of the blue, the infamous and notorious cybercrime marketplace BreachForums went inactive. The site has been a hub for high-profile data leaks, including a recent wave of hacks involving threat actors aligned with Algeria and Morocco, which we reported just last week. Background BreachForums operated both on the clear web and as a … Continued
