Chinese-linked threat actors are actively exploiting VMware vulnerabilities to gain persistent access to enterprise networks, underscoring the growing risk facing virtualized infrastructure environments.
A critical zero-day vulnerability in SonicWall SMA1000 appliances is being actively exploited in targeted attacks. This analysis explains the attack flow, affected environments, and the urgent defensive steps organizations must take to secure their networks.
CISA warned that multiple federal agencies still haven’t fully patched Cisco ASA/FTD devices despite active exploitation. Because the campaign targets the VPN web server and enables device takeover, teams must apply fixes for CVE-2025-20333/20362, follow ED 25-03 inventory and validation steps, and disconnect end-of-support hardware. This analysis explains impact, attack flow, high-signal detection, and fast remediation so defenders can reduce edge-device risk without slowing operations.
Microsoft’s November update fixes an exploited Windows Kernel zero-day (CVE-2025-62215) and a critical zero-click GDI+ RCE (CVE-2025-60724). Therefore, prioritize domain controllers, management servers, upload-handling services, and developer workstations using WSLg. Then complete fleet rollout and validate Kerberos delegation settings to blunt identity abuse.
APT37 used stolen Google credentials to access Find Hub, check Android device locations, and trigger remote factory resets. The tactic lives in the cloud, not on the handset, so identity controls matter most. Enforce phishing-resistant MFA, restrict console actions, and rehearse rapid re-enrollment.
A cluster of malicious NuGet packages plants delayed logic bombs that crash apps, corrupt databases, and disrupt Siemens S7 PLCs. Remove the dependencies, rebuild from clean mirrors, and test with date-manipulation harnesses. Lock down registries, verify publishers, and stream build/runtime logs off-box to detect abuse early.
LandFall is a commercial-grade Android spyware that weaponized WhatsApp images to exploit a Samsung zero-day in the image pipeline. The payload rode malformed DNG files, then modified SELinux and deployed modules for full-device surveillance. Patch promptly and restrict media auto-download.
Attackers exploit CVE-2025-61932 in Lanscope Endpoint Manager clients to run code and move laterally. Patch MR/DA endpoints now and reduce internet exposure.
The Oracle E-Business Suite campaign continues to grow. This analysis explains the expanding victim list, enterprise impact, and the steps teams should take now to patch, hunt, and contain risk.
The recently disclosed flaw in LANSCOPE Endpoint Manager (CVE-2025-61932) enables unauthenticated attackers to send malicious packets, execute arbitrary code and compromise systems. Organisations must patch affected versions, apply network controls and monitor for unusual traffic to avoid full network takeover.