VulnHub

AI-Powered Cybersecurity Intelligence

Last Update Check:

Latest Intelligence

SecurityWeek
Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks

Intel, AMD, and Arm have issued security advisories in response to newly disclosed CPU attacks during the recent Patch Tuesday. This highlights ongoing vulnerabilities in CPU architecture that could pose significant security risks to users and organizations.


Impact: ["Intel CPUs", "AMD CPUs", "Arm CPUs"]

In the Wild: Unknown

Age: Recently disclosed

Remediation: Apply patches

Patch

Published:

The Hacker News
CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

A new phishing threat named 'Meta Mirage' has emerged, targeting businesses using Meta's Business Suite to hijack high-value accounts, particularly those managing advertising and brand pages. Cybersecurity researchers at CTM360 have identified this campaign as a significant risk, as attackers impersonate official Meta communications to deceive users.


Impact: ["Meta Business Suite"]

In the Wild: Yes

Age: Recently disclosed

Remediation: Users should be cautious of communications and verify the authenticity of messages before providing any information.

Phishing

Published:

darkreading
Congress Should Tackle Cyber Threats, Not Competition

The article criticizes certain members of Congress for prioritizing publicity over effective measures to enhance America's cybersecurity. It emphasizes the need for a more focused approach to address cyber threats rather than engaging in competitive politics.


Impact: Not specified

In the Wild: Unknown

Age: Unknown

Remediation: None available

Published:

darkreading
Orca Security Gets AI-Powered Remediation From Opus Deal

Orca Security has acquired Opus to enhance its Cloud Native Application Protection Platform (CNAPP) by integrating autonomous vulnerability remediation and prevention technologies. This acquisition signifies a strategic move to bolster Orca's capabilities in addressing security vulnerabilities more effectively.


Impact: ["Orca's CNAPP", "Opus technologies"]

In the Wild: No

Age: Unknown

Remediation: Not specified

Vulnerability

Published:

SecurityWeek
Kosovar Administrator of Cybercrime Marketplace Extradited to US

Liridon Masurica, a Kosovo citizen, has been extradited to the United States to face charges related to his involvement in the cybercrime marketplace BlackDB.cc. This case highlights the ongoing international efforts to combat cybercrime and the legal actions being taken against individuals operating in this illicit space.


Impact: Not specified

In the Wild: Unknown

Age: Unknown

Remediation: None available

Published:

All CISA Advisories
CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added CVE-2025-32756, a stack-based buffer overflow vulnerability affecting multiple Fortinet products, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This highlights the ongoing risk such vulnerabilities pose to federal networks and emphasizes the importance of timely remediation efforts across all organizations.


Impact: ["Fortinet Multiple Products"]

In the Wild: Yes

Age: Recently disclosed

Remediation: Federal agencies must remediate vulnerabilities by the due date; CISA urges all organizations to prioritize remediation.

CVE Fortinet Vulnerability

Published:

SecurityWeek
EU Cybersecurity Agency ENISA Launches European Vulnerability Database

The European Vulnerability Database (EUVD) has been launched by the EU Cybersecurity Agency ENISA, which is expected to be a valuable resource for cybersecurity experts. However, its effectiveness will depend on ENISA's ability to maintain and update the database properly.


Impact: Not specified

In the Wild: Unknown

Age: Unknown

Remediation: None available

Vulnerability

Published:

The Hacker News
Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

Earth Ammit, a cyber espionage group, has conducted two campaigns, VENOM and TIDRONE, targeting various sectors in Taiwan and South Korea, including military and healthcare. The significance lies in the breach of drone supply chains, indicating a sophisticated level of cyber threat impacting critical industries.


Impact: ["Not specified"]

In the Wild: Unknown

Age: Discovered in 2023-2024

Remediation: None available

Published:

The Hacker News
Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

The article highlights a concerning rise in cyberattacks, particularly against critical infrastructure and cloud enterprises, with a reported 18% year-over-year increase in breaches. This trend underscores the importance of offensive security training for security teams to better defend against these evolving threats.


Impact: Not specified

In the Wild: Unknown

Age: Unknown

Remediation: None available

Data Breach

Published:

The Hacker News
Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

A new phishing campaign named Horabot has been identified, targeting Windows users in six Latin American countries through deceptive emails that mimic invoices. This malware poses a significant threat as it can steal sensitive information from victims who open the malicious attachments.


Impact: ["Windows"]

In the Wild: Yes

Age: Recently disclosed

Remediation: None available

Windows Phishing Malware

Published:

SecurityWeek
Vulnerabilities Patched by Juniper, VMware and Zoom

Juniper Networks, VMware, and Zoom have released patches addressing numerous vulnerabilities in their products. This action is significant as it helps mitigate potential security risks associated with these vulnerabilities.


Impact: ["Juniper Networks", "VMware", "Zoom"]

In the Wild: Unknown

Age: Recently disclosed

Remediation: Apply patches

VMware

Published:

SecurityWeek
Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances

Fortinet has addressed a critical vulnerability that was actively exploited against its FortiVoice appliances. The patching of this zero-day flaw is significant as it helps protect users from potential attacks in the wild.


Impact: ["FortiVoice Appliances"]

In the Wild: Yes

Age: Recently disclosed

Remediation: Apply patches

Zero-day Fortinet Vulnerability

Published:

The Hacker News
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Microsoft has addressed 78 security vulnerabilities in its software, including five zero-day flaws that are currently being exploited. The critical nature of these vulnerabilities, particularly the remote code execution risks, underscores the importance of timely updates for users.


Impact: ["Azure DevOps Server", "Microsoft software"]

In the Wild: Yes

Age: Recently disclosed

Remediation: Apply patches

Zero-day Microsoft

Published:

SecurityWeek
Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers

Ivanti has issued patches for two critical vulnerabilities in its EPMM software that have been actively exploited for remote code execution. The significance of these vulnerabilities lies in their potential to compromise customer systems, highlighting the importance of timely updates to security software.


Impact: ["EPMM software"]

In the Wild: Yes

Age: Recently disclosed

Remediation: Apply patches

Zero-day

Published:

SecurityWeek
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact

Siemens, Schneider Electric, and Phoenix Contact have released security advisories addressing vulnerabilities in their industrial control systems during the May 2025 Patch Tuesday. The significance of these advisories lies in the potential risks posed to critical infrastructure and the importance of timely updates to maintain security.


Impact: ["Siemens products", "Schneider Electric products", "Phoenix Contact products"]

In the Wild: Unknown

Age: Recently disclosed

Remediation: Apply patches

Patch

Published: