Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088 - 惯性聚合

推荐订阅源

News | PayPal Newsroom

LINUX DO - 热门话题

cs.AI updates on arXiv.org

SegmentFault 最新的问题

Privacy & Cybersecurity Law Blog

Threat Intelligence Blog | Flashpoint

Attack and Defense Labs

WordPress大学

Vulnerabilities – Threatpost

Fortinet All Blogs

博客园 - 【当耐特】

Privacy International News Feed

The Blog of Author Tim Ferriss

MIT News - Artificial intelligence

Hugging Face - Blog

Help Net Security

钛媒体：引领未来商业与生活新知

Cybersecurity and Infrastructure Security Agency CISA

OSCHINA 社区最新新闻

Check Point Blog

Know Your Adversary

Cyber Attacks, Cyber Crime and Cyber Security

CTFtime.org: upcoming CTF events

Blog — PlanetScale

The Hacker News

Cyber Security Advisories - MS-ISAC

Hackread – Cybersecurity News, Data Breaches, AI and More

Secure Thoughts

Google Developers Blog

博客园_首页

酷壳 – CoolShell

Kaspersky official blog

DataBreaches.Net

宝玉的分享

News and Events Feed by Topic

TaoSecurity Blog

Google DeepMind News

博客园 - Franky

Netflix TechBlog - Medium

Security Affairs

Why pure extortion is replacing traditional ransomware Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets Authorities arrest 23-year-old accused of running the Kimwolf botnet U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog Global law enforcement operation takes First VPN offline Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload Discord adds end-to-end encryption to voice and video calls by default PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch Microsoft issues YellowKey mitigation, no patch yet Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free A malicious VS code extension just breached GitHub ‘s internal repositories DirtyDecrypt: PoC Released for yet another Linux flaw Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash Drupal is rolling out an emergency security update on May 20. You cannot miss it Microsoft dismantled malware-signing network Fox Tempest Poland shifts away from Signal following cyberattacks on officials’ accounts Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects Shai-Hulud worm copycats emerge after source code leak Grafana confirms GitHub token breach cybercrime group claims the attack ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97 Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog Russian APT Turla builds long-term access tool with Kazuar Botnet evolution OpenAI hit by supply chain attack linked to malicious TanStack packages Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day Ghostwriter group resumes attacks on Ukrainian Government targets Researchers uncover YellowKey and GreenPlasma Windows Zero-Days Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall U.S. CISA adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog Linux Kernel bug Fragnesia allows local root access attacks Broadcom releases VMware Fusion security update for root access bug NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign Nitrogen Ransomware claims massive data theft from Foxconn Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming OpenLoop Health confirms January 2026 Data breach affecting 716,000 Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations Instructure settles with hackers following massive student data theft Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator Hackers accessed BWH Hotels reservation system for months The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor WannaCry, the ransomware attack that changed the history of cybersecurity Android banking Trojan TrickMo evolves using TON network for C2 Identity security firm SailPoint discloses GitHub repository breach Google warns artificial intelligence is accelerating cyberattacks and zero-day exploits Crimenetwork returns after takedown, dismantled again by German authorities U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog Instagram removed end-to-end encryption for DMs. What should users do? New cPanel vulnerabilities could allow file access and remote code execution Official JDownloader site served malware to Windows and Linux users between May 6 and May 7 SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96 Security Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITION Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence Braintrust security incident raises concerns over AI supply chain risks RansomHouse says it breached Trellix and exposes internal systems Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild AI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military Strategy Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog Cisco patches high-severity flaws enabling SSRF, code execution attacks From Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog Taiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap After 17 years, Gavril Sandu extradited to U.S. for hacking scheme Iranian cyber espionage disguised as a Chaos Ransomware attack Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE Palo Alto Networks PAN-OS flaw exploited for remote code execution Malicious PyTorch Lightning update hits AI supply chain security U.S. court sentences Karakurt ransomware negotiator to 8.5 years Vimeo confirms breach via third-party vendor impacts 119K users Critical Android vulnerability CVE-2026-0073 fixed by Google Microsoft warns of global campaign stealing auth tokens from 35K users Educational tech firm Instructure data breach may have impacted 9,000 schools MOVEit automation flaws could enable full system compromise Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog AI speeds flaw discovery, forcing rapid updates, UK NCSC warns Bluekit phishing kit enables automated phishing with 40+ templates and AI tools Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95 U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog Security Affairs newsletter Round 575 by Pierluigi Paganini – INTERNATIONAL EDITION Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling Trellix discloses the breach of a code repository New Deep#Door RAT uses stealth and persistence to target Windows Digital attacks drive a new wave of cargo theft, FBI says

Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088

Pierluigi Paganini · 2026-06-10 · via Security Affairs

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。