Vulnerabilities
-
Fortinet, Ivanti and SAP issue urgent patches for critical authentication and code execution flaws
Fortinet, Ivanti and SAP released urgent security updates for multiple critical flaws, including authentication bypass and remote code execution bugs; administrators are urged to apply patches and temporary mitigations promptly.
-
North Korea-linked actors exploit React2Shell flaw to deploy EtherRAT using Ethereum-based C2
Sysdig reported that actors tied to North Korea exploited a critical React Server Components flaw to deploy EtherRAT, a Node.js-based remote access trojan that uses Ethereum smart contracts and RPC consensus for C2 resolution and multiple Linux persistence mechanisms.
-
Researchers find VS Code extensions that install stealer malware, Microsoft removes packages
Researchers and security firms found two malicious Visual Studio Code extensions that stole credentials, screenshots and browser data; Microsoft removed the packages and analysts warned developers to review extensions and supply-chain risks.
-
Ransomware gangs use ‘Shanya’ packer-as-a-service to hide EDR-killing payloads
Security researchers say multiple ransomware groups are using the Shanya packer-as-a-service to deliver in-memory, EDR-disabling payloads that side-load DLLs and deploy kernel drivers to stop security software; Sophos published technical analysis and indicators of compromise.
-
Poland detains three Ukrainian nationals over alleged use of advanced hacking equipment
Polish police arrested three Ukrainian nationals, aged 39–43, accusing them of attempting to damage IT systems and obtaining data important to national defence; officers seized hacking equipment including a Flipper device, multiple SIM cards and other electronics, and have detained the men for three months pending trial.
-
Google adds User Alignment Critic to Chrome to protect Gemini agentic browsing
Google is introducing a separate, isolated LLM called User Alignment Critic in Chrome to vet actions taken by Gemini-powered agentic browsing. The architecture also uses origin restrictions, user prompts for sensitive steps, prompt-injection detection and automated red-teaming; Google is offering bounties up to $20,000 and has not given a public rollout date.
-
Critical Sneeit WordPress plugin RCE actively exploited, security firm reports
A critical remote code execution flaw (CVE-2025-6389) in the Sneeit Framework WordPress plugin is being exploited in the wild; Wordfence said attackers have created admin accounts and uploaded web shells. The issue affects versions up to 8.3 and was fixed in 8.4. Separately, VulnCheck observed an ICTBroadcast exploit delivering a DDoS botnet called “frost.”
-
MuddyWater using UDP-based backdoor ‘UDPGangster’ in Turkey, Israel and Azerbaijan campaigns
Fortinet FortiGuard Labs says MuddyWater has been using a UDP-based backdoor named UDPGangster to target users in Turkey, Israel and Azerbaijan via spear-phishing Word documents that rely on macros; the backdoor includes persistence mechanisms and extensive anti-analysis checks before contacting a UDP command-and-control server.
-
Leaked Intellexa Materials Link Predator Spyware to Zero-Day Exploits and Diverse Delivery Vectors
Leaked documents and technical analysis link Intellexa’s Predator spyware to exploitation of multiple zero-day vulnerabilities and a range of delivery methods, including messaging links and malicious ads, according to Amnesty International, Google Threat Intelligence and Recorded Future; Pakistan has denied the allegations.
-
CISA details BRICKSTORM backdoor used by PRC-linked hackers against vSphere and Windows environments
CISA has published technical details of BRICKSTORM, a Golang backdoor used by PRC-linked threat actors to maintain stealthy, long-term access to VMware vSphere and Windows environments; CrowdStrike and other firms link the tool to UNC5221 and Warp Panda, while the Chinese embassy has denied the allegations.
