PoC CVE-2025-64095 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem
https://github.com/NationalServices/CVE-2025-64095-DotNetNuke-DNN_PoC
P.S. Thx Reaza for the link ๐ค
https://github.com/NationalServices/CVE-2025-64095-DotNetNuke-DNN_PoC
P.S. Thx Reaza for the link ๐ค
GitHub
GitHub - NationalServices/CVE-2025-64095-DotNetNuke-DNN_PoC: proof of concept (PoC) For CVE-2025-64095 DotNetNuke (DNN)
proof of concept (PoC) For CVE-2025-64095 DotNetNuke (DNN) - GitHub - NationalServices/CVE-2025-64095-DotNetNuke-DNN_PoC: proof of concept (PoC) For CVE-2025-64095 DotNetNuke (DNN)
Asus Routers Hacked in โOperation WrtHugโ
https://securityscorecard.com/wp-content/uploads/2025/11/STRIKE_Asus_WrtHug-Report_V6.pdf
https://securityscorecard.com/wp-content/uploads/2025/11/STRIKE_Asus_WrtHug-Report_V6.pdf
KB5072911: Multiple symptoms occur after provisioning a PC with a Windows 11, version 24H2 update
https://support.microsoft.com/en-us/topic/kb5072911-multiple-symptoms-occur-after-provisioning-a-pc-with-a-windows-11-version-24h2-update-d2d30684-4e2b-47f5-9899-a00a8e0acb09
https://support.microsoft.com/en-us/topic/kb5072911-multiple-symptoms-occur-after-provisioning-a-pc-with-a-windows-11-version-24h2-update-d2d30684-4e2b-47f5-9899-a00a8e0acb09
Onion Overloading via Tor2web
https://medium.com/@aryanchehreghani/onion-overloading-via-tor2web-77c73fe71dc0
P.S. Thx Reaza for the link ๐ค
https://medium.com/@aryanchehreghani/onion-overloading-via-tor2web-77c73fe71dc0
P.S. Thx Reaza for the link ๐ค
Medium
Onion Overloading via Tor2web
1. Introduction
Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router
https://securityscorecard.com/blog/operation-wrthug-the-global-espionage-campaign-hiding-in-your-home-router
https://securityscorecard.com/blog/operation-wrthug-the-global-espionage-campaign-hiding-in-your-home-router
SecurityScorecard
Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router
SecurityScorecardโs STRIKE team uncovers how attackers turned thousands of ASUS routers into a worldwide spy network.
Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
www.oligo.security
Critical Vulnerabilities in FluentBit | Oligo Security
A new chain of 5 critical vulnerabilities within Fluent Bit allows attackers to compromise cloud infrastructure
BadBox 2.0 - Scale and Infection: The botnet secretly infected more than ten million connected devices, including streaming TV boxes, tablets, and projectors running a modified version of the Android Open Source Project (AOSP).
A legal complaint (claim for damages and injunctive relief) filed by Google LLC (Plaintiff) in the United States District Court for the Southern District of New York against unnamed cybercriminals (Defendants Does 1-25):
https://storage.courtlistener.com/recap/gov.uscourts.nysd.643466/gov.uscourts.nysd.643466.22.0.pdf
A legal complaint (claim for damages and injunctive relief) filed by Google LLC (Plaintiff) in the United States District Court for the Southern District of New York against unnamed cybercriminals (Defendants Does 1-25):
https://storage.courtlistener.com/recap/gov.uscourts.nysd.643466/gov.uscourts.nysd.643466.22.0.pdf
CourtListener
Complaint โ #22 in Google LLC v. Does 1-25 (S.D.N.Y., 1:25-cv-04503) โ CourtListener.com
COMPLAINT against Does 1-25. Document filed by Google, LLC. (Attachments: # 1 Appendix Appendix A_REDACTED).(Harris, Laura) (Entered: 07/11/2025)
Shai-Hulud 2.0 kill chain highlights the pattern:
- ๐ฃ๐ฟ๐ฒ-๐ถ๐ป๐๐๐ฎ๐น๐น ๐๐ฐ๐ฟ๐ถ๐ฝ๐ ๐ฒ๐ ๐ฝ๐น๐ผ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป:
-- Abuse of preinstall scripts (npm install) as the initial worm entry.
- ๐๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น ๐ต๐ฎ๐ฟ๐๐ฒ๐๐๐ถ๐ป๐ด & ๐ฒ๐ ๐ณ๐ถ๐น๐๐ฟ๐ฎ๐๐ถ๐ผ๐ป:
-- Automated credential harvesting (NPM tokens, PATs, cloud keys, env vars) and exfiltration to attacker-controlled repos.
- ๐ฃ๐ฒ๐ฟ๐๐ถ๐๐๐ฒ๐ป๐ฐ๐ฒ & ๐น๐ฎ๐๐ฒ๐ฟ๐ฎ๐น ๐บ๐ผ๐๐ฒ๐บ๐ฒ๐ป๐:
-- Persistence and lateral movement via backdoored GitHub Actions runners, with RCE and even a wiper fail-safe.
- ๐ฃ๐ฟ๐ฒ-๐ถ๐ป๐๐๐ฎ๐น๐น ๐๐ฐ๐ฟ๐ถ๐ฝ๐ ๐ฒ๐ ๐ฝ๐น๐ผ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป:
-- Abuse of preinstall scripts (npm install) as the initial worm entry.
- ๐๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น ๐ต๐ฎ๐ฟ๐๐ฒ๐๐๐ถ๐ป๐ด & ๐ฒ๐ ๐ณ๐ถ๐น๐๐ฟ๐ฎ๐๐ถ๐ผ๐ป:
-- Automated credential harvesting (NPM tokens, PATs, cloud keys, env vars) and exfiltration to attacker-controlled repos.
- ๐ฃ๐ฒ๐ฟ๐๐ถ๐๐๐ฒ๐ป๐ฐ๐ฒ & ๐น๐ฎ๐๐ฒ๐ฟ๐ฎ๐น ๐บ๐ผ๐๐ฒ๐บ๐ฒ๐ป๐:
-- Persistence and lateral movement via backdoored GitHub Actions runners, with RCE and even a wiper fail-safe.
Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal
ThreatFabric
Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
Sturnus is a privately operated Android banking trojan with many fraud-related capabilities, including Device Takeover and capturing decrypted messages.
Your IP Address Might Be Someone Else's Problem (And Here's How to Find Out)
https://www.greynoise.io/blog/your-ip-address-might-be-someone-elses-problem
https://www.greynoise.io/blog/your-ip-address-might-be-someone-elses-problem
www.greynoise.io
Your IP Address Might Be Someone Else's Problem (And Here's How to Find Out)
Your home network might be part of someone elseโs attack. GreyNoise IP Check shows if your IPโs been caught scanning the internetโfree and private.
A Hidden Pattern Within Months of Credential-Based Attacks Against Palo Alto GlobalProtect
https://www.greynoise.io/blog/hidden-pattern-credential-based-attacks-palo-alto-sonicwall
https://www.greynoise.io/blog/hidden-pattern-credential-based-attacks-palo-alto-sonicwall
www.greynoise.io
A Hidden Pattern Within Months of Credential-Based Attacks Against Palo Alto GlobalProtect
GreyNoise detected a surge of 7,000+ IPs attempting to log into GlobalProtect, sharing fingerprints with a surge in SonicWall API scanning and earlier Palo Alto campaigns, exposing a persistent credential-based attack pattern.
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
CYFIRMA
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases - CYFIRMA
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious...
Behind the Walls: Techniques and Tactics in Castle RAT Client Malware
https://www.splunk.com/en_us/blog/security/castlerat-malware-detection-splunk-mitre-attck.html
https://www.splunk.com/en_us/blog/security/castlerat-malware-detection-splunk-mitre-attck.html
Splunk
Behind the Walls: Techniques and Tactics in Castle RAT Client Malware | Splunk
Uncover CastleRAT malware's techniques (TTPs) and learn how to build Splunk detections using MITRE ATT&CK. Protect your network from this advanced RAT.
US security agency urges Android and iPhone users to stop using personal VPNs
https://www.techradar.com/vpn/vpn-privacy-security/us-security-agency-urges-android-and-iphone-users-to-stop-using-personal-vpns
https://www.techradar.com/vpn/vpn-privacy-security/us-security-agency-urges-android-and-iphone-users-to-stop-using-personal-vpns
TechRadar
US security agency urges Android and iPhone users to stop using personal VPNs
CISA warned that many commercial VPNs could be putting your data at greater risk