Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts obse...

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits www.trendmicro.com/en_us/resear...

K000154696: F5 Security Incident my.f5.com/manage/s/art...

Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...

GreyNoise observed a ~500% surge in IPs scanning Palo Alto Networks login portals on October 3, 2025 — the highest level we’ve seen in 90 days. Read our full analysis here 👇 #PaloAltoNetworks #PaloAlto #GreyNoise #ThreatIntel #PANOS

Cisco Event Response: Continued Attacks Against Cisco Firewalls sec.cloudapps.cisco.com/security/cen...

Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability sec.cloudapps.cisco.com/security/cen...

GitHub - TwoSevenOneT/EDR-Freeze: EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state. EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state. - TwoSevenOneT/EDR-Freeze

EDR-Freeze github.com/TwoSevenOneT...

Ongoing Supply Chain Attack Targets CrowdStrike npm Packages... Socket.dev found compromised various CrowdStrike npm packages, continuing the "Shai-Halud" supply-chain attack that previously hit `tinycolor`.

🚨 Multiple CrowdStrike packages trojanized in an ongoing npm supply chain attack: This is the same campaign that hit Tinycolor yesterday with identical malware.

Full list of compromised packages + mitigations →
socket.dev/blog/ongoing... #NodeJS #JavaScript

25,000 IPs Scanned Cisco ASA Devices — New Vulnerability Potentially Incoming GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a signif...

GreyNoise observed two scanning surges against Cisco ASA devices in late August, both representing significant elevations above baseline. This activity led to the discovery of a botnet cluster solely scanning for Cisco ASA on August 26.
#CiscoASA #Cisco #GreyNoise #Cybersecurity #ThreatIntel

Interesting write-up coming out of Lab52 where #APT28 (aka Fancy Bear) appear to be using a backdoor communicating through MAPI and Outlook, ie. using email as a C2-channel with base64 encoded instructions etc.

https://lab52.io/blog/analyzing-notdoor-inside-apt28s-expanding-arsenal/ […]

Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System www.cisa.gov/news-events/...

Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability sec.cloudapps.cisco.com/security/cen...

Lenovo Webcam Firmware Update Vulnerability CVE-2025-4371 support.lenovo.com/us/en/produc...

BitUnlocker - Multiple 0-days to Bypass BitLocker and Extract All Protected Data Researchers have disclosed a series of critical zero-day vulnerabilities that completely bypass Windows BitLocker encryption, allowing attackers with physical access to extract all protected data from...

BitUnlocker – Multiple 0-days to Bypass BitLocker and Extract All Protected Data cybersecuritynews.com/bitunlocker-...

New Lenovo UEFI firmware updates fix Secure Boot bypass flaws Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmwa...

New Lenovo UEFI firmware updates fix Secure Boot bypass flaws www.bleepingcomputer.com/news/securit...

Attackers abusing Proofpoint & Intermedia link wrapping to deliver phishing payloads Attackers are exploiting Proofpoint and Intermedia link wrapping to mask phishing payloads.

Attackers abusing Proofpoint & Intermedia link wrapping to deliver phishing payloads www.cloudflare.com/threat-intel...

APPLE-SA-07-29-2025-1 iOS 18.6 and iPadOS 18.6 support.apple.com/en-us/124147

Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599) - Help Net Security Sonicwall is asking customers SMA 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible.

Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)

📖 Read more: www.helpnetsecurity.com/2025/07/24/s...

#cybersecurity #cybersecuritynews #vulnerability

There's a new Microsoft SharePoint zero-day getting exploited right now: CVE-2025-53770

msrc.microsoft.com/blog/2025/07...

Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.

GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown ⬇️
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler

Microsoft Patch Tuesday, July 2025 Edition Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be activ...

Microsoft Patch Tuesday, July 2025 Edition krebsonsecurity.com/2025/07/micr...

Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/security/cen...

Another Wave: North Korean Contagious Interview Campaign Dro... North Korean threat actors linked to the Contagious Interview campaign return with 35 new malicious npm packages using a stealthy multi-stage malware ...

🚨 Contagious Interview returns:
North Korean threat actors just dropped 35 new malicious npm packages that use a HexEval loader to deploy BeaverTail malware.
These attacks target devs via fake job offers and coding tests laced with malware.

Full analysis: socket.dev/blog/north-k... #NodeJS

KB4743: Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2 Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2

Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2 www.veeam.com/kb4743

Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability www.akamai.com/blog/securit...

Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability sec.cloudapps.cisco.com/security/cen...

CVE-2025-32756: Fortinet RCE Exploited in the Wild Analyze CVE-2025-32756, a Fortinet buffer overflow flaw under active attack, and see how NodeZero can validate exposure now.

CVE-2025-32756: Low-Rise Jeans are Back and so are Buffer Overflows horizon3.ai/attack-resea...

VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247) support.broadcom.com/web/ecx/supp...

Multiple Vulnerabilities In Ivanti Endpoint Manager Mobile (Ivanti EPMM) www.cyber.gov.au/about-us/vie...

Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities.

Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws www.bleepingcomputer.com/news/microso...