SourceForge Used to Distribute Miner and ClipBanker Trojan:

  • Malicious actors distributing a miner and the ClipBanker Trojan via SourceForge.
  • Unconventional persistence techniques utilized by attackers.

Microsoft Releases Security Fixes for 126 Flaws:

  • Microsoft patches 126 flaws affecting its software products.
  • One vulnerability actively exploited in the wild addressed.

Adobe Patches 11 Critical ColdFusion Flaws:

  • Adobe releases security updates to fix critical-severity bugs in ColdFusion.
  • Multiple vulnerabilities discovered in versions 2025, 2023, and 2021.

Fortinet Urges Upgrades to Patch Critical Admin Password Change Flaw:

  • Critical security flaw impacting FortiSwitch addressed by security updates.
  • Vulnerability could permit unauthorized password changes.

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation:

  • Security flaw in Amazon EC2 Simple Systems Manager (SSM) Agent disclosed and patched.
  • Exploitation could allow attackers to achieve privilege escalation.

Cyber Attacks Targeting Ukraine with Information-Stealing Malware:

  • Ukrainian institutions targeted with information-stealing malware.
  • Cyber attacks aim at military entities.

Fake Microsoft Office add-ins Pushing Malware via SourceForge:

  • Threat actors distributing fake Microsoft add-ins via SourceForge.
  • Malware installation for cryptocurrency mining and theft purposes.

Ransomware Gang Exploits Windows Common Log File System Zero-Day:

  • RansomEXX ransomware gang exploiting Windows CLFS zero-day flaw.
  • Gain SYSTEM privileges on victims’ systems.

New Mirai Botnet Behind Surge in TVT DVR Exploitation:

  • Significant spike in exploitation attempts targeting TVT NVMS9000 DVRs detected.
  • Over 2,500 unique IPs scanning for vulnerable devices.

AWS Introduces ML-KEM to Secure TLS from Quantum Threats:

  • Amazon Web Services adds ML-KEM post-quantum key encapsulation mechanism to key services.
  • Enhances security against quantum threats.

Microsoft Patch Tuesday Addresses Exploited Zero-Day and 134 Flaws:

  • Security updates for 134 flaws, including one actively exploited zero-day vulnerability.
  • Ransomware campaign exploiting one of the flaws with victims in the US and other countries.