brute-force attack
-
Ukrainian Network FDN3 Linked to Massive Brute-Force Campaign Against SSL VPNs and RDP Devices
A Ukraine-based IP network, FDN3, is linked to a broad abusive infrastructure conducting large-scale brute-force and password-spraying campaigns against SSL VPN and RDP devices, with activity spanning June to July 2025 and connections to offshore bulletproof hosting groups.
-
Commvault patches four on-prem vulnerabilities tied to remote code execution chains
Commvault has fixed four on-prem vulnerabilities that could enable unauthenticated attackers to compromise deployments and chain to remote code execution, according to findings from watchTowr Labs.
-
Zoom and Xerox patch critical Windows and FreeFlow Core flaws that could enable privilege escalation and remote code execution
Zoom and Xerox released patches for critical vulnerabilities in Zoom Clients for Windows and FreeFlow Core, including a high-severity privilege-escalation flaw (CVE-2025-49457) in Windows Zoom clients and two severe flaws in FreeFlow Core (CVE-2025-8355 and CVE-2025-8356) that could enable remote code execution, prompting enterprise patches and risk-mitigation guidance.
-
Hackers Exploit SAP Vulnerability to Deploy Auto-Color Backdoor in Targeted Attack
Hackers exploited a critical SAP NetWeaver vulnerability to deliver the Auto-Color backdoor, targeting a U.S.-based chemicals company in April 2025.
-
Google Addresses Vulnerability Exposing Users’ Phone Numbers
A vulnerability in Google’s account recovery process allowed researchers to brute-force phone numbers linked to accounts, posing a significant risk of phishing and SIM-swapping attacks, now patched by the tech firm.
