Today > 6 Critical | 2 High | 10 Medium vulnerabilities - You can now download lists of IOCs here!

Tag: 2025-01-09

7 attack reports | 269 vulnerabilities

Attack reports

RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats

Between July 2023 and December 2024, the Chinese state-sponsored group RedDelta targeted Mongolia, Taiwan, and Southeast Asian countries with an adapted infection chain to distribute its customized PlugX backdoor. The group used themed lure documents and evolved its tactics, transitioning from Wind…

microsoft azure

shortcut (lnk) file

Published: January 9, 2025

Downloadable IOCs 259

Banshee: The Stealer That "Stole Code" From MacOS XProtect

A new version of the Banshee macOS stealer, linked to Russian-speaking cybercriminals, has been monitored since September. This version went undetected for over two months, using a string encryption algorithm identical to Apple's XProtect antivirus engine. The malware targets browser credentials, c…

string encryption

Published: January 9, 2025

Downloadable IOCs 25

Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics

This analysis focuses on redtail, a cryptocurrency mining malware that stealthily installs itself on compromised systems. The malware utilizes two additional scripts: one to identify the CPU architecture and another to remove existing cryptomining software. Observed attacks originated from IP addre…

Published: January 9, 2025

Downloadable IOCs 12

December 2024 Threat Trend Report on Ransomware

This analysis provides statistics on new ransomware samples, targeted systems, and affected companies in November 2024. The number of new samples in December remained consistent with November's figures. The data is based on AhnLab's detection names and information from ransomware groups' Dedicated …

Published: January 9, 2025

Downloadable IOCs 0

December 2024 Threat Trend Report on APT Attacks (South Korea)

This intelligence report analyzes Advanced Persistent Threat (APT) attacks targeting South Korea in December 2024. The primary method of attack was spear phishing, with a focus on distributing LNK files. Two main types of attacks were identified: Type A, which uses compressed CAB files containing m…

decoy documents

Published: January 9, 2025

Downloadable IOCs 3

APT32 Poisoning GitHub, Targeting Chinese Cybersecurity Professionals and Specific Large Enterprises

APT32 (OceanLotus) has launched a sophisticated attack targeting Chinese cybersecurity professionals and specific large enterprises. The group released a Cobalt Strike exploit plugin with a Trojan on GitHub, embedding a malicious .suo file into a Visual Studio project. When compiled, the Trojan exe…

Published: January 9, 2025

Downloadable IOCs 0

Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation

A new zero-day vulnerability, CVE-2025-0282, in Ivanti Connect Secure VPN appliances has been exploited since mid-December 2024. The vulnerability allows unauthenticated remote code execution. Attackers have deployed multiple malware families, including SPAWN, DRYHOOK, and PHASEJAM, to maintain per…

credential theft

Published: January 9, 2025

Downloadable IOCs 7

» Click here to see all Attack Reports «

Vulnerabilities

CVE-2025-22504

jumpdemand 4ECPS Web Forms

Published: January 9, 2025

CVE-2024-40762

SonicOS SSLVPN

Published: January 9, 2025

CVE-2024-53704

SonicWall SSLVPN

Published: January 9, 2025

CVE-2024-12803

Published: January 9, 2025

CVE-2024-12805

Published: January 9, 2025

CVE-2024-40765

Published: January 9, 2025

CVE-2024-43661

Iocharger firmware for AC models

Published: January 9, 2025

CVE-2024-43663

Iocharger firmware for AC model chargers

Published: January 9, 2025

CVE-2024-11642

Post Grid Master plugin for WordPress

Published: January 9, 2025

CVE-2024-13258

Published: January 9, 2025

CVE-2024-10215

WPBookit plugin for WordPress

Published: January 9, 2025

CVE-2024-13264

Drupal Opigno module

Published: January 9, 2025

CVE-2024-13279

Two-factor Authentication (TFA) on Drupal

Published: January 9, 2025

CVE-2024-13280

Drupal Persistent Login

Published: January 9, 2025

CVE-2024-13285

wkhtmltopdf

Published: January 9, 2025

CVE-2025-22540

Emailing Subscription

Published: January 9, 2025

CVE-2025-22542

Ofek Nakar Virtual Bot

Published: January 9, 2025

CVE-2024-12802

SonicWALL SSL-VPN

Published: January 9, 2025

CVE-2025-21628

Published: January 9, 2025

CVE-2024-13253

Drupal Advanced PWA inc Push Notifications

Published: January 9, 2025

CVE-2024-13277

Smart IP Ban

Published: January 9, 2025

CVE-2024-13278

Drupal Diff

Published: January 9, 2025

CVE-2024-13281

Monster Menus

Published: January 9, 2025

CVE-2024-43648

Iocharger firmware for AC models

Published: January 9, 2025

CVE-2024-43649

Iocharger firmware for AC models

Published: January 9, 2025

CVE-2024-43652

Iocharger firmware for AC model chargers

Published: January 9, 2025

CVE-2024-43653

Iocharger firmware for AC model chargers

Published: January 9, 2025

CVE-2024-43654

Published: January 9, 2025

CVE-2024-43656

Iocharger firmware

Published: January 9, 2025

CVE-2024-43657

Iocharger firmware for AC model chargers

Published: January 9, 2025

CVE-2024-12848

SKT Page Builder plugin for WordPress

Published: January 9, 2025

CVE-2025-0349

Published: January 9, 2025

CVE-2024-13244

Drupal Migrate Tools

Published: January 9, 2025

CVE-2024-13250

Drupal Symfony Mailer Lite

Published: January 9, 2025

CVE-2024-13251

Drupal Registration role

Published: January 9, 2025

CVE-2024-13260

Drupal Migrate queue importer

Published: January 9, 2025

CVE-2024-13282

Published: January 9, 2025

CVE-2024-13284

Published: January 9, 2025

CVE-2024-51229

LinZhaoguan pb-cms

Published: January 9, 2025

CVE-2025-21385

Microsoft Purview

Published: January 9, 2025

CVE-2025-21380

Azure SaaS Resources

Published: January 9, 2025

CVE-2024-12542

Wordpress linkID plugin

Published: January 9, 2025

CVE-2025-22505

NC Wishlist for Woocommerce

Published: January 9, 2025

CVE-2025-22535

Published: January 9, 2025

CVE-2025-22537

Google Maps Travel Route

Published: January 9, 2025

CVE-2023-24010

Data Distribution Service (DDS)

Published: January 9, 2025

CVE-2023-24011

DDS (Data Distribution Service)

Published: January 9, 2025

CVE-2023-24012

Published: January 9, 2025

CVE-2024-27980

Published: January 9, 2025

CVE-2025-22508

Roninwp FAT Event Lite

Published: January 9, 2025

CVE-2023-1907

Published: January 9, 2025

CVE-2024-13206

REVE Antivirus

Published: January 9, 2025

CVE-2024-53706

Gen7 SonicOS Cloud platform NSv

Published: January 9, 2025

CVE-2025-22527

Mailing Group Listserv

Published: January 9, 2025

CVE-2024-53705

Published: January 9, 2025

CVE-2024-12806

Published: January 9, 2025

CVE-2024-43660

Iocharger firmware for AC model chargers

Published: January 9, 2025

CVE-2024-12330

WP Database Backup - Unlimited Database & Files Backup by Backup for WP plugin

Published: January 9, 2025

CVE-2025-21599

Juniper Networks Junos OS Evolved

Published: January 9, 2025

CVE-2024-13254

Published: January 9, 2025

CVE-2024-13255

Drupal RESTful Web Services

Published: January 9, 2025

CVE-2024-13256

Drupal Email Contact

Published: January 9, 2025

CVE-2024-13259

Drupal Image Sizes

Published: January 9, 2025

CVE-2025-21598

Juniper Networks Junos OS

Published: January 9, 2025

CVE-2024-13276

Drupal File Entity

Published: January 9, 2025

CVE-2025-0306

Published: January 9, 2025

CVE-2024-13200

SpringBoot-Blog

Published: January 9, 2025

CVE-2025-0328

KaiYuanTong ECT Platform

Published: January 9, 2025

CVE-2025-0340

Cinema Seat Reservation System

Published: January 9, 2025

CVE-2025-0347

Admission Management System

Published: January 9, 2025

CVE-2024-43659

Iocharger AC Model EV chargers

Published: January 9, 2025

CVE-2025-22510

WC Price History for Omnibus

Published: January 9, 2025

CVE-2025-22295

Tripetto WordPress form builder plugin for contact forms, surveys and quizzes

Published: January 9, 2025

CVE-2025-22307

Product Table for WooCommerce

Published: January 9, 2025

CVE-2025-22313

Widgetize Pages Light

Published: January 9, 2025

CVE-2025-22330

MG Parallax Slider

Published: January 9, 2025

CVE-2025-22331

Cf7Save Extension

Published: January 9, 2025

CVE-2025-22345

TS Comfort DB

Published: January 9, 2025

CVE-2025-22361

Opentracker Analytics

Published: January 9, 2025

CVE-2025-22521

wp Hosting Performance Check

Published: January 9, 2025

CVE-2025-22539

ka2 Custom DataBase Tables

Published: January 9, 2025

CVE-2025-22594

Better User Shortcodes

Published: January 9, 2025

CVE-2025-22595

Mailing Group Listserv

Published: January 9, 2025

CVE-2025-22814

Zephyr Admin Theme

Published: January 9, 2025

CVE-2024-12067

WP Travel - Ultimate Travel Booking System, Tour Management Engine plugin for WordPress

Published: January 9, 2025

CVE-2025-22801

HasThemes Free WooCommerce Theme 99fy Extension

Published: January 9, 2025

CVE-2025-22802

Email Templates Customizer for WordPress - Drag And Drop Email Templates Builder - YeeMail

Published: January 9, 2025

CVE-2025-22803

VillaTheme Advanced Product Information for WooCommerce

Published: January 9, 2025

CVE-2025-22804

Author Avatars List/Block

Published: January 9, 2025

CVE-2025-22805

ThemePoints Skill Bar

Published: January 9, 2025

CVE-2025-22806

Modernaweb Studio Black Widgets For Elementor

Published: January 9, 2025

CVE-2025-22807

Responsive Flickr Slideshow

Published: January 9, 2025

CVE-2025-22808

Surbma Surbma | Premium WP

Published: January 9, 2025

CVE-2025-22809

Gravity Master PDF Catalog Woocommerce

Published: January 9, 2025

CVE-2025-22810

Content Blocks Builder

Published: January 9, 2025

CVE-2025-22811

MT Addons for Elementor

Published: January 9, 2025

CVE-2025-22812

FlickDevs News Ticker Widget for Elementor

Published: January 9, 2025

CVE-2025-22813

ChatBot for WordPress - WPBot Conversational Forms

Published: January 9, 2025

CVE-2025-22815

Button Block by bPlugins LLC

Published: January 9, 2025

CVE-2025-22817

Venutius BP Profile Shortcodes Extra

Published: January 9, 2025

CVE-2025-22818

S3Player - WooCommerce & Elementor Integration

Published: January 9, 2025

CVE-2025-22819

Qr Code and Barcode Scanner Reader

Published: January 9, 2025

CVE-2025-22820

Daniel Walmsley VR Views

Published: January 9, 2025

CVE-2025-22821

Published: January 9, 2025

CVE-2025-22822

wp custom countdown

Published: January 9, 2025

CVE-2025-22823

Genesis Style Shortcodes

Published: January 9, 2025

CVE-2025-22824

Lucia Intelisano Live Flight Radar

Published: January 9, 2025

CVE-2025-22826

wpecommerce

Published: January 9, 2025

CVE-2025-22827

Published: January 9, 2025

CVE-2025-21593

Juniper Networks Junos OS

Published: January 9, 2025

CVE-2025-21600

Published: January 9, 2025

CVE-2025-21602

Published: January 9, 2025

CVE-2024-13243

Drupal Entity Delete Log

Published: January 9, 2025

CVE-2024-13153

Unlimited Elements For Elementor plugin for WordPress

Published: January 9, 2025

CVE-2024-11907

WordPress Skyword API Plugin

Published: January 9, 2025

CVE-2024-11929

Responsive FlipBook Plugin Wordpress plugin

Published: January 9, 2025

CVE-2024-12491

SimplyRETS Real Estate IDX plugin for WordPress

Published: January 9, 2025

CVE-2024-12493

WordPress Files Download Delay plugin

Published: January 9, 2025

CVE-2024-12496

Linear plugin for WordPress

Published: January 9, 2025

CVE-2024-12514

WordPress 3DVieweronline plugin

Published: January 9, 2025

CVE-2024-12515

WordPress Muslim Prayer Time-Salah/Iqamah plugin

Published: January 9, 2025

CVE-2024-12621

Yumpu E-Paper publishing plugin for WordPress

Published: January 9, 2025

CVE-2024-12819

Searchie plugin for WordPress

Published: January 9, 2025

CVE-2024-6155

Greenshift - animation and page builder blocks plugin for WordPress

Published: January 9, 2025

CVE-2024-13194

Published: January 9, 2025

CVE-2024-13195

donglight bookstore电商书城系统说明

Published: January 9, 2025

CVE-2023-23913

Published: January 9, 2025

CVE-2024-13211

SingMR HouseRent

Published: January 9, 2025

CVE-2024-13212

SingMR HouseRent

Published: January 9, 2025

CVE-2025-0333

leiyuxi cy-fast

Published: January 9, 2025

CVE-2025-0334

leiyuxi cy-fast

Published: January 9, 2025

CVE-2025-0335

Online Bike Rental System

Published: January 9, 2025

CVE-2025-0336

Codezips Project Management System

Published: January 9, 2025

CVE-2025-0341

CampCodes Computer Laboratory Management System

Published: January 9, 2025

CVE-2025-0344

leiyuxi cy-fast

Published: January 9, 2025

CVE-2025-0345

leiyuxi cy-fast

Published: January 9, 2025

CVE-2024-54761

BigAnt Office Messenger

Published: January 9, 2025

CVE-2024-54762

Published: January 9, 2025

CVE-2024-12714

Backlink Monitoring Manager WordPress plugin

Published: January 9, 2025

CVE-2024-12715

Asgard Security Scanner WordPress plugin

Published: January 9, 2025

CVE-2024-12731

Aklamator INfeed WordPress plugin

Published: January 9, 2025

CVE-2024-12736

BU Section Editing WordPress plugin

Published: January 9, 2025

CVE-2024-11328

CLUEVO LMS, E-Learning Platform plugin for WordPress

Published: January 9, 2025

CVE-2024-11686

WhatsApp 🚀 click to chat plugin for WordPress

Published: January 9, 2025

CVE-2024-11815

Pósturinn's Shipping with WooCommerce plugin for WordPress

Published: January 9, 2025

CVE-2024-12122

ResAds plugin for WordPress

Published: January 9, 2025

CVE-2024-12218

Woocommerce check pincode/zipcode for shipping plugin for WordPress

Published: January 9, 2025

CVE-2024-12222

Deliver via Shipos for WooCommerce plugin for WordPress

Published: January 9, 2025

CVE-2024-12285

WordPress SEMA API plugin

Published: January 9, 2025

CVE-2024-12394

Action Network plugin for WordPress

Published: January 9, 2025

CVE-2024-13283

Drupal Facets

Published: January 9, 2025

CVE-2024-55494

Opencode Mobile Collect Call

Published: January 9, 2025

CVE-2024-13301

OAuth & OpenID Connect Single Sign On - SSO (OAuth/OIDC Client)

Published: January 9, 2025

CVE-2024-56826

Published: January 9, 2025

CVE-2024-56827

Published: January 9, 2025

CVE-2023-38037

Ruby on Rails

Published: January 9, 2025

CVE-2024-13204

E-Commerce-PHP

Published: January 9, 2025

CVE-2022-22491

IBM App Connect Enterprise Certified Container

Published: January 9, 2025

CVE-2025-21592

Juniper Networks Junos OS on SRX Series devices

Published: January 9, 2025

CVE-2025-21596

Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200

Published: January 9, 2025

CVE-2024-43176

IBM OpenPages

Published: January 9, 2025

CVE-2024-13237

Drupal File Entity (fieldable files)

Published: January 9, 2025

CVE-2024-13238

Drupal Typogrify

Published: January 9, 2025

CVE-2024-13245

Drupal CKEditor 4 LTS - WYSIWYG HTML editor

Published: January 9, 2025

CVE-2024-13252

Drupal TacJS

Published: January 9, 2025

CVE-2024-13273

Drupal Open Social

Published: January 9, 2025

CVE-2024-13286

Drupal SVG Embed

Published: January 9, 2025

CVE-2024-13287

Drupal Views SVG Animation

Published: January 9, 2025

CVE-2024-13289

Drupal Cookiebot + GTM

Published: January 9, 2025

CVE-2024-55226

Vaultwarden

Published: January 9, 2025

CVE-2024-56376

Published: January 9, 2025

CVE-2024-56377

Published: January 9, 2025

CVE-2023-27531

Published: January 9, 2025

CVE-2023-27539

Published: January 9, 2025

CVE-2023-28120

Ruby on Rails

Published: January 9, 2025

CVE-2025-0331

Published: January 9, 2025

CVE-2024-13257

Drupal Commerce View Receipt

Published: January 9, 2025

CVE-2024-12717

Aklamator INfeed WordPress plugin

Published: January 9, 2025

CVE-2024-13247

Drupal Coffee

Published: January 9, 2025

CVE-2024-13262

Drupal View Password

Published: January 9, 2025

CVE-2024-13292

Published: January 9, 2025

CVE-2024-13298

Drupal Tarte au Citron

Published: January 9, 2025

CVE-2024-13305

Drupal Entity Form Steps

Published: January 9, 2025

CVE-2024-13201

SpringBoot-Blog

Published: January 9, 2025

CVE-2024-13210

donglight bookstore电商书城系统说明

Published: January 9, 2025

CVE-2025-0346

code-projects Content Management System

Published: January 9, 2025

CVE-2024-13203

E-Commerce-PHP

Published: January 9, 2025

CVE-2024-6324

GitLab CE/EE

Published: January 9, 2025

CVE-2025-20033

Published: January 9, 2025

CVE-2024-12206

WordPress Header Builder Plugin - Pearl

Published: January 9, 2025

CVE-2024-12249

GS Insever Portfolio plugin for WordPress

Published: January 9, 2025

CVE-2024-12605

AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin

Published: January 9, 2025

CVE-2024-12616

Bitly's WordPress Plugin

Published: January 9, 2025

CVE-2024-12618

Newsletter2Go plugin for WordPress

Published: January 9, 2025

CVE-2024-5769

MIMO Woocommerce Order Tracking plugin for WordPress

Published: January 9, 2025

CVE-2025-22561

Title Experiments Free

Published: January 9, 2025

CVE-2024-13288

Monster Menus

Published: January 9, 2025

CVE-2024-10815

PostLists WordPress plugin

Published: January 9, 2025

CVE-2024-13041

GitLab CE/EE

Published: January 9, 2025

CVE-2023-28362

Ruby on Rails

Published: January 9, 2025

CVE-2025-22449

Published: January 9, 2025

CVE-2024-13198

Mblog Blog System

Published: January 9, 2025

CVE-2024-10106

Published: January 9, 2025

CVE-2025-22151

Strawberry GraphQL

Published: January 9, 2025

CVE-2024-37372

Published: January 9, 2025

CVE-2024-13196

donglight bookstore电商书城系统说明

Published: January 9, 2025

CVE-2024-13197

donglight bookstore电商书城系统说明

Published: January 9, 2025

CVE-2024-13199

langhsu Mblog Blog System

Published: January 9, 2025

CVE-2024-13213

SingMR HouseRent

Published: January 9, 2025

CVE-2025-0339

Online Bike Rental

Published: January 9, 2025

CVE-2025-22445

Published: January 9, 2025

CVE-2025-0342

CampCodes Computer Laboratory Management System

Published: January 9, 2025

CVE-2025-0348

CampCodes DepEd Equipment Inventory System

Published: January 9, 2025

CVE-2024-13202

SpringBoot-Blog

Published: January 9, 2025

CVE-2024-13205

E-Commerce-PHP

Published: January 9, 2025

CVE-2024-13209

Published: January 9, 2025

CVE-2024-43650

Iocharger firmware for AC models

Published: January 9, 2025

CVE-2024-43651

Iocharger firmware for AC models

Published: January 9, 2025

CVE-2024-43655

Iocharger firmware for AC model chargers

Published: January 9, 2025

CVE-2024-43658

Iocharger Home

Published: January 9, 2025

CVE-2024-43662

Iocharger firmware for AC models

Published: January 9, 2025

CVE-2025-22149

JWK Set (JSON Web Key Set)

Published: January 9, 2025

CVE-2024-13239

Two-factor Authentication (TFA)

Published: January 9, 2025

CVE-2024-13240

Drupal Open Social

Published: January 9, 2025

CVE-2024-13241

Drupal Open Social

Published: January 9, 2025

CVE-2024-13242

Drupal Swift Mailer

Published: January 9, 2025

CVE-2024-13246

Drupal Node Access Rebuild Progressive

Published: January 9, 2025

CVE-2024-13248

Drupal Private content

Published: January 9, 2025

CVE-2024-13249

Drupal Node Access Rebuild Progressive

Published: January 9, 2025

CVE-2024-13261

Published: January 9, 2025

CVE-2024-13263

Opigno group manager

Published: January 9, 2025

CVE-2024-13265

Opigno Learning path

Published: January 9, 2025

CVE-2024-13266

Drupal Responsive and off-canvas menu

Published: January 9, 2025

CVE-2024-13267

Opigno TinCan Question Type

Published: January 9, 2025

CVE-2024-13268

Published: January 9, 2025

CVE-2024-13269

Drupal Advanced Varnish

Published: January 9, 2025

CVE-2024-13270

Drupal Freelinking

Published: January 9, 2025

CVE-2024-13271

Drupal Content Entity Clone

Published: January 9, 2025

CVE-2024-13272

Published: January 9, 2025

CVE-2024-13274

Drupal Open Social

Published: January 9, 2025

CVE-2024-13275

Drupal Security Kit

Published: January 9, 2025

CVE-2024-42898

Published: January 9, 2025

CVE-2024-46505

Infoblox BloxOne

Published: January 9, 2025

CVE-2024-54724

Published: January 9, 2025

CVE-2024-54887

TP-Link TL-WR940N

Published: January 9, 2025

CVE-2024-56113

Smart Toilet Lab - Motius

Published: January 9, 2025

CVE-2024-56114

Canlineapp Online

Published: January 9, 2025

CVE-2024-13290

OhDear Integration for Drupal

Published: January 9, 2025

CVE-2024-13291

Published: January 9, 2025

CVE-2024-13293

Drupal POST File

Published: January 9, 2025

CVE-2024-13294

Drupal POST File

Published: January 9, 2025

CVE-2024-13295

Drupal Node export

Published: January 9, 2025

CVE-2024-13296

Published: January 9, 2025

CVE-2024-13297

Published: January 9, 2025

CVE-2024-13299

Drupal Megamenu Framework

Published: January 9, 2025

CVE-2024-13300

Drupal Print Anything

Published: January 9, 2025

CVE-2024-13302

Drupal Pages Restriction Access

Published: January 9, 2025

CVE-2024-13303

Drupal Download All Files

Published: January 9, 2025

CVE-2024-13304

Drupal Minify JS

Published: January 9, 2025

CVE-2024-13308

Browser Back Button

Published: January 9, 2025

CVE-2024-13309

Drupal Login Disable

Published: January 9, 2025

CVE-2024-13310

Drupal Git Utilities

Published: January 9, 2025

CVE-2024-13311

Published: January 9, 2025

CVE-2024-13312

Open Social

Published: January 9, 2025

CVE-2024-48806

Neat Board NFC

Published: January 9, 2025

CVE-2024-55224

Vaultwarden

Published: January 9, 2025

CVE-2024-55225

Vaultwarden

Published: January 9, 2025

CVE-2023-28354

Opsview Monitor Agent

Published: January 9, 2025

CVE-2024-46464

PRIMX ZED Enterprise

Published: January 9, 2025

» Click here to see all Vulnerabilities «