Tag: 2025-01-13

3 Attack Reports | 108 Vulnerabilities

Attack reports

Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

A cyber espionage campaign targeting Central Asian countries, particularly Kazakhstan's external relations, has been uncovered. The campaign, attributed to the Russia-aligned intrusion set UAC-0063, uses a sophisticated infection chain called Double-Tap to deliver the HATVIBE and CHERRYSPY malware.…
apt28
cyber espionage
2025-01-13
kazakhstan
cherryspy
diplomatic
central asia
double-tap
hatvibe
Published: January 13, 2025
Downloadable IOCs: 12

Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page

A new distribution method for the LummaC2 infostealer malware has been identified, using a fake CAPTCHA verification page. The process begins with a deceptive authentication screen that copies a malicious command to the clipboard when users click 'I'm not a robot'. This command executes an obfuscat…
obfuscation
phishing
powershell
lummac2
infostealer
cryptocurrency
captcha
2025-01-13
clipbanker
Published: January 13, 2025
Downloadable IOCs: 4

Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)

A critical code execution vulnerability, CVE-2024-50603, affecting Aviatrix Controller has been observed being exploited in the wild. This unauthenticated remote code execution flaw allows attackers to execute arbitrary commands on the system, potentially leading to privilege escalation in AWS envi…
backdoor
xmrig
sliver
cloud security
cryptojacking
privilege escalation
aws
rce
CVE-2024-50603
2025-01-13
aviatrix controller
Published: January 13, 2025
Linked vulnerabilities : CVE-2024-50603 (CVSS 10.0), CVE-2025-0282 (CVSS 9.0), CVE-2025-0283 (CVSS 7.0), CVE-2021-40870
Downloadable IOCs: 6
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-46479

9.9
    Venki Supravizio BPM
Published: January 13, 2025

CVE-2025-22777

9.8
    GiveWP
Published: January 13, 2025

CVE-2024-5743

9.8
    Eve Play
Published: January 13, 2025

CVE-2024-46310

9.1
    FXServer
Published: January 13, 2025

CVE-2024-57811

9.1
    Eaton X303
Published: January 13, 2025

CVE-2025-22144

9.0
    NamelessMC
Published: January 13, 2025

CVE-2024-47897

8.8
    UNKNOWN
Published: January 13, 2025

CVE-2023-42228

8.8
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2023-42244

8.8
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2024-47796

8.4
    OFFIS DCMTK
Published: January 13, 2025

CVE-2024-52333

8.4
    OFFIS DCMTK
Published: January 13, 2025

CVE-2024-46480

8.4
    Venki Supravizio BPM
Published: January 13, 2025

CVE-2024-11128

8.4
    Bitdefender
  • Virus Scanner
Published: January 13, 2025

CVE-2023-42231

8.1
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2025-0412

7.8
    Luxion KeyShot Viewer
Published: January 13, 2025

CVE-2024-52938

7.8
    Unknown
Published: January 13, 2025

CVE-2024-12274

7.5
    Appointment Booking Calendar Plugin
    Scheduling Plugin WordPress plugin
Published: January 13, 2025

CVE-2025-22963

7.5
    Teedy
Published: January 13, 2025

CVE-2023-42225

7.5
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2023-42226

7.5
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2023-42227

7.5
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2023-42232

7.5
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2024-46481

7.2
    Venki Supravizio BPM
Published: January 13, 2025

CVE-2024-47894

7.1
    UNKNOWN
Published: January 13, 2025

CVE-2024-47895

7.1
    UNKNOWN
Published: January 13, 2025

CVE-2024-56065

7.1
    WP2LEADS
Published: January 13, 2025

CVE-2024-56301

7.1
    Eniture Technology Distance Based Shipping Calculator
Published: January 13, 2025

CVE-2025-22314

7.1
    WP Scripts Food Store – Online Food Delivery & Pickup
Published: January 13, 2025

CVE-2025-22337

7.1
    Order Audit Log for WooCommerce
Published: January 13, 2025

CVE-2025-22344

7.1
    Media Category Library
Published: January 13, 2025

CVE-2025-22498

7.1
    LucidLMS
Published: January 13, 2025

CVE-2025-22499

7.1
    FAKTOR VIER F4 Post Tree
Published: January 13, 2025

CVE-2025-22506

7.1
    SmartAgenda
Published: January 13, 2025

CVE-2025-22514

7.1
    Yamna Tatheer KNR Author List Widget
Published: January 13, 2025

CVE-2025-22567

7.1
    TRUSTist REVIEWer
Published: January 13, 2025

CVE-2025-22568

7.1
    Post And Page Reactions
Published: January 13, 2025

CVE-2025-22569

7.1
    Featured Page Widget
Published: January 13, 2025

CVE-2025-22570

7.1
    Miloš Đekić Inline Tweets
Published: January 13, 2025

CVE-2025-22576

7.1
    Site PIN
Published: January 13, 2025

CVE-2025-22583

7.1
    Scan External Links
Published: January 13, 2025

CVE-2025-22586

7.1
    WPEX Replace DB Urls
Published: January 13, 2025

CVE-2025-22588

7.1
    Scanventory
Published: January 13, 2025

CVE-2025-0401

6.9
    UNKNOWN
Published: January 13, 2025

CVE-2025-0403

6.9
    1902756969 reggie
Published: January 13, 2025

CVE-2024-52937

6.7
    UNKNOWN
Published: January 13, 2025

CVE-2024-54999

6.5
    MonicaHQ
Published: January 13, 2025

CVE-2024-57487

6.5
    Code-Projects
  • Online Car Rental System
Published: January 13, 2025

CVE-2024-57488

6.5
    Code-Projects
  • Online Car Rental System
Published: January 13, 2025

CVE-2024-46920

6.5
    Samsung Mobile Processor Exynos 9820
Published: January 13, 2025

CVE-2024-46921

6.5
    Samsung Mobile Processor and Modem Exynos
Published: January 13, 2025

CVE-2023-42229

6.5
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2023-42248

6.5
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2025-22613

6.4
    Wegia
  • Wegia
Published: January 13, 2025

CVE-2025-22614

6.4
    Wegia
  • Wegia
Published: January 13, 2025

CVE-2025-22615

6.4
    Wegia
  • Wegia
Published: January 13, 2025

CVE-2025-22616

6.4
    Wegia
  • Wegia
Published: January 13, 2025

CVE-2025-22617

6.4
    Wegia
  • Wegia
Published: January 13, 2025

CVE-2025-22618

6.4
    Wegia
  • Wegia
Published: January 13, 2025

CVE-2025-22619

6.4
    Wegia
  • Wegia
Published: January 13, 2025

CVE-2025-22142

6.3
    NamelessMC
Published: January 13, 2025

CVE-2025-23027

6.3
    next-forge
Published: January 13, 2025

CVE-2024-44771

6.1
    BigId PrivacyPortal
Published: January 13, 2025

CVE-2025-23026

6.1
    jte (Java Template Engine)
Published: January 13, 2025

CVE-2023-42230

6.1
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2023-42233

6.1
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2023-42245

6.1
    Selesta Visual Access Manager
Published: January 13, 2025

CVE-2023-42246

6.1
    Selesta Visual Access Manager
Published: January 13, 2025

CVE-2023-42247

6.1
    Selesta Visual Access Manager
Published: January 13, 2025

CVE-2023-42249

6.1
    Selesta Visual Access Manager
Published: January 13, 2025

CVE-2023-42250

6.1
    Selesta Visual Access Manager
Published: January 13, 2025

CVE-2024-56323

5.8
    OpenFGA
Published: January 13, 2025

CVE-2024-12211

5.4
    Pega Platform
Published: January 13, 2025

CVE-2023-42234

5.4
    Pat Infinite Solutions HelpdeskAdvanced
Published: January 13, 2025

CVE-2023-42243

5.4
    Selesta Visual Access Manager
Published: January 13, 2025

CVE-2025-0402

5.3
    UNKNOWN
Published: January 13, 2025

CVE-2025-0404

5.3
    liujianview gymxmjpa
Published: January 13, 2025

CVE-2025-0405

5.3
    UNKNOWN
Published: January 13, 2025

CVE-2025-0406

5.3
    liujianview gymxmjpa
Published: January 13, 2025

CVE-2025-0407

5.3
    UNKNOWN
Published: January 13, 2025

CVE-2025-0408

5.3
    liujianview gymxmjpa
Published: January 13, 2025

CVE-2025-0409

5.3
    liujianview gymxmjpa
Published: January 13, 2025

CVE-2025-0410

5.3
    liujianview gymxmjpa
Published: January 13, 2025

CVE-2024-46919

5.3
    Samsung Exynos processors
Published: January 13, 2025

CVE-2025-22138

5.1
    @codidact/qpixel
Published: January 13, 2025

CVE-2024-11636

4.8
    Email Subscribers by Icegram Express WordPress plugin
Published: January 13, 2025

CVE-2024-12566

4.8
    Email Subscribers by Icegram Express WordPress plugin
Published: January 13, 2025

CVE-2024-12567

4.8
    Email Subscribers by Icegram Express WordPress plugin
Published: January 13, 2025

CVE-2024-12568

4.8
    Email Subscribers by Icegram Express WordPress plugin
Published: January 13, 2025

CVE-2024-52936

4.4
    UNKNOWN
Published: January 13, 2025

CVE-2025-22828

4.3
    Apache CloudStack
Published: January 13, 2025

CVE-2025-22800

4.3
    Post SMTP
Published: January 13, 2025

CVE-2024-48883

4.3
    Samsung Mobile Processor, Wearable Processor, Modem
Published: January 13, 2025

CVE-2024-6352

4.3
    Ember ZNet stack
Published: January 13, 2025

CVE-2025-22134

4.2
    Vim
Published: January 13, 2025

CVE-2024-52935

4.1
    UNKNOWN
Published: January 13, 2025

CVE-2024-56138

4.0
    notation-go
Published: January 13, 2025

CVE-2023-42235

3.8
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2023-42236

3.8
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2023-42237

3.8
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2023-42238

3.8
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2023-42239

3.8
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2023-42240

3.8
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2023-42241

3.8
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2023-42242

3.8
    Selesta Visual Access Manager (VAM)
Published: January 13, 2025

CVE-2024-51491

3.3
    notation-go
Published: January 13, 2025

CVE-2024-51728

None
    UNKNOWN
Published: January 13, 2025

CVE-2024-13154

None
    UNKNOWN
Published: January 13, 2025

CVE-2024-13324

None
    UNKNOWN
Published: January 13, 2025
Click here to see more Vulnerabilities