APT31's Arsenal:
SharpADUserIP (Recon)
SharpChrome (Password theft)
StickyNotesExtract (Data theft)
Tailscale VPN (Tunneling)
CloudSorcerer/OneDriveDoor (Cloud C2)
VtChatter (VirusTotal C2)
LocalPlugX (Lateral movement)
Various backdoors (Linux/Windows)
25.11.2025 13:42 β π 0 π 0 π¬ 0 π 0
APT31 (China) targeted Russian gov't IT contractors in 2025 & earlier. The group operated undetected for extended periods, gathering intelligence through sophisticated cyber espionage campaigns.
25.11.2025 13:39 β π 0 π 0 π¬ 0 π 1
β οΈ 7-Zip RCE Vulnerability
CVE-2025-11001: Critical vulnerability in 7-Zip! A malicious ZIP file can allow remote code execution on your computer. Simply opening the file is enough.
β Users are advised to update to 7-Zip version 25.00 or later.
25.11.2025 13:34 β π 0 π 0 π¬ 0 π 0
β οΈ OpenVPN RCE Vulnerability
CVE-2025-10680: High-severity flaw enabling authenticated VPN servers to execute OS commands on clients.
Scope: OpenVPN Client (Linux, macOS)
Requirement: --dns-updown enabled
10.11.2025 21:55 β π 0 π 0 π¬ 0 π 0
β Affected Versions:
FortiOS: 7.0.0 through 7.0.16 (upgrade to 7.0.17 or later).
FortiProxy: 7.0.0 through 7.0.19 (upgrade to 7.0.20 or later), and 7.2.0 through 7.2.12 (upgrade to 7.2.13 or later).
14.01.2025 21:53 β π 0 π 0 π¬ 0 π 0
β οΈ Fortinet FortiOS/FortiProxy Zero Day Vulnerability
CVE-2024-55591: (CVSS score: 9.6) is an authentication bypass vulnerability in FortiOS and FortiProxy. It allows attackers to gain super admin privileges through specially crafted Node.js websocket requests.
14.01.2025 21:53 β π 0 π 0 π¬ 1 π 0
CyberThreat.zip Error 404
β¨π A new year brings new opportunities and new goals!
At CyberThreat.zip, weβre here to ensure your growth and security in 2025. π‘οΈπ»
Wishing everyone a happy, healthy, and safe New Year! ππ
#CyberThreatZip #HappyNewYear2025
31.12.2024 21:09 β π 0 π 0 π¬ 0 π 0
β οΈ 7-Zip RCE Vulnerability
CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zipβs Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code.
β Users are advised to update to 7-Zip version 24.07 or later.
25.11.2024 11:43 β π 1 π 1 π¬ 0 π 0
β οΈ Palo Alto Networks Privilege escalation vulnerability
CVE-2024-9474: A privilege escalation vulnerability affecting authorized users.
25.11.2024 11:26 β π 0 π 0 π¬ 0 π 0
β οΈ Palo Alto Networks Authentication bypass vulnerability
CVE-2024-0012: An authentication bypass vulnerability in PAN-OS allows attackers to gain administrator privileges.
25.11.2024 11:25 β π 0 π 0 π¬ 0 π 0
β οΈ DragonRank Hits IIS Servers in Asia, Europe
Over 35 IIS servers compromised using BadIIS malware and ASPXspy, exploiting web app vulnerabilities for SEO fraud.
13.09.2024 14:50 β π 0 π 0 π¬ 0 π 0
βSystems are not affected if IPv6 is disabled on the target machine.
14.08.2024 06:24 β π 0 π 0 π¬ 0 π 0
β οΈ Windows TCP/IP 0-Click RCE Vulnerability
CVE-2024-38063: Microsoft released an urgent update for a critical vulnerability. It allows remote code execution via specially crafted IPv6 packets. All Windows and Windows Server versions are affected.
14.08.2024 06:23 β π 0 π 1 π¬ 0 π 1
CyberThreat zip
Cyber Threat intelligence Alert contact@cyberthreat.zip
Our Telegram Channel is Opened
Our Telegram channel, where we make all announcements about cyber threats and security vulnerabilities, has been opened.
t.me/cyberthreatzip
03.08.2024 15:45 β π 0 π 0 π¬ 0 π 0
β οΈ Critical GeoServer RCE Flaw
CVE-2024-36401: GeoServer versions before 2.24.4, 2.25.2, and 2.23.6 have a critical RCE vulnerability (CVSS 9.8). Users should upgrade to the latest versions to mitigate the threat.
03.08.2024 15:24 β π 0 π 0 π¬ 0 π 0
This vulnerability allows authentication bypass in Active Directory, granting full admin access on ESXi hypervisors. Attackers can escalate privileges by creating or renaming an 'ESX Admins' group. Used on systems with prior access.
03.08.2024 15:23 β π 0 π 0 π¬ 0 π 0
β οΈVMware ESXi Authentication Bypass Vulnerability
CVE-2024-37085: VMware ESXi Vulnerability
On July 29, Microsoft announced that ransomware groups were exploiting a vulnerability identified as CVE-2024-37085.
03.08.2024 15:23 β π 0 π 0 π¬ 1 π 0
π£οΈ Microsoft confirmed that the nine-hour outage on Tuesday was caused by a DDoS attack. This attack affected many Microsoft 365 and Azure services worldwide.
31.07.2024 19:09 β π 0 π 0 π¬ 0 π 0
β οΈ 10 billion passwords leaked.
New RockYou2024 Password List.
s3.timeweb.cloud/fd51ce25-6f9...
08.07.2024 06:23 β π 0 π 0 π¬ 0 π 0
Oracle WebLogic Server Vulnerability
CVE-2024-21007: Weblogic Server Remote Code Execution(RCE)
Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0
05.07.2024 18:35 β π 0 π 0 π¬ 0 π 0
Operation Endgame
Operation endgame
π£οΈOperation Endgame - New episode. S1E07: ODD ONE OUT
Source: www.operation-endgame.com
04.07.2024 09:58 β π 0 π 0 π¬ 0 π 0
Ollama Vulnerability
CVE-2024-37032: Ollama Remote Code Execution(RCE) vulnerability.
Exploitation involved overwriting /etc/ld.so.preload to load a malicious shared library, escalating from arbitrary file write to remote code execution.
03.07.2024 14:29 β π 2 π 0 π¬ 0 π 0
New GitLab Vulnerability
CVE-2024-5655: GitLab security updates fixing 14 vulnerabilities.
GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
01.07.2024 17:26 β π 0 π 0 π¬ 0 π 0
New OpenSSH Vulnerability
CVE-2024-6387: OpenSSH's server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
01.07.2024 15:42 β π 0 π 0 π¬ 0 π 0
hi
24.06.2024 19:30 β π 4 π 0 π¬ 0 π 0
