Vulnerabilities
-
China-linked Salt Typhoon exploited Citrix to target European telecom, Darktrace says
Security firm Darktrace reported that a European telecommunications organisation was targeted in July 2025 by a China-linked group known as Salt Typhoon, which exploited a Citrix NetScaler Gateway to gain access and deployed Snappybee via DLL side-loading; the activity was detected and remediated and the victim was not named.
-
CISA says Windows SMB privilege-escalation bug CVE-2025-33073 is being exploited
CISA warned that threat actors are actively exploiting CVE-2025-33073, a high-severity SMB privilege-escalation bug affecting Windows Server, Windows 10 and Windows 11 up to 24H2. Microsoft patched the flaw in June 2025 and attributed discovery to multiple researchers, while CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog and set a Nov. 10 deadline…
-
Foreign intruders accessed Kansas City weapons plant IT via SharePoint flaws, source says
A source familiar with an August response says a foreign actor exploited unpatched Microsoft SharePoint flaws to access the Kansas City National Security Campus IT network. Investigations are ongoing, attribution is disputed between Chinese-linked groups and possible Russian actors, and experts warn the incident highlights gaps between IT and operational technology security.
-
Researchers disclose critical WatchGuard Fireware IKEv2 vulnerability allowing unauthenticated code execution
Researchers and vendor advisories describe a critical out‑of‑bounds write in WatchGuard Fireware’s IKEv2 handling that can be exploited pre‑authentication to achieve remote code execution; patches are available.
-
CISA adds Adobe AEM flaw to Known Exploited Vulnerabilities list
CISA added CVE-2025-54253, a critical Adobe Experience Manager Forms misconfiguration that can allow remote code execution, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation; Adobe has released a patch and federal agencies were told to apply fixes by Nov. 5, 2025.
-
Analysis says Unitree G1 humanoid robot can be used for espionage and cyber attacks
Alias Robotics says its analysis found Unitree G1 humanoid robots can be taken over via a Bluetooth provisioning flaw, use weak, shared encryption for configuration files, and continuously transmit sensor and telemetry data to servers in China, creating risks for covert surveillance and network attacks.
-
Phishing campaign lures LastPass and Bitwarden users to install remote-access tools
A phishing campaign impersonating LastPass and Bitwarden is distributing a binary that installs the Syncro RMM agent and deploys ScreenConnect for remote access, researchers reported; LastPass says it was not breached and users are advised to ignore unsolicited alerts and verify notices on official channels.
-
Researchers disclose two CVSS 10.0 flaws in Red Lion Sixnet RTUs
Security researchers have disclosed two CVSS 10.0 vulnerabilities (CVE-2023-40151 and CVE-2023-42770) in Red Lion Sixnet RTUs that can allow unauthenticated attackers to execute commands as root; vendors and agencies advise patching, enabling authentication and blocking TCP access.
-
Critical ICTBroadcast flaw (CVE-2025-2611) exploited to deploy reverse shells
A critical input-validation flaw in ICTBroadcast (CVE-2025-2611, CVSS 9.3) allows unauthenticated command injection via a session cookie; researchers including VulnCheck say the bug is being exploited to run reverse shells on exposed servers, and no patch information is currently available.
-
ReliaQuest: Chinese-linked group converted ArcGIS server into long-term backdoor
ReliaQuest reported that a state-linked group known as Flax Typhoon modified an ArcGIS Java extension into a web shell, implanted it in backups and used it to run discovery, deploy a SoftEther-based VPN bridge and maintain access for over a year.
