VulnHub

AI-Powered Cybersecurity Intelligence

Last Update Check:

Latest Intelligence

darkreading
NFC-Powered Android Malware Enables Instant Cash-Outs

Researchers have identified a new Android malware called 'SuperCard X' that exploits the NFC capabilities of victims' phones to facilitate instant theft of credit card funds. This poses a significant threat to users' financial security, as the malware can operate without the victim's awareness.


Impact: Android devices

In the Wild: Yes

Age: Recently disclosed

Remediation: No specific remediation steps provided, users should remain vigilant and monitor their financial accounts.

Android

Published:

darkreading
Gig Worker Platforms at Risk for Data Breaches, Fraud, Account Takeovers

Gig worker platforms are increasingly vulnerable to data breaches and fraud due to their high turnover rates and frequent payouts, making them attractive targets for fraudsters. This situation poses significant risks for both the platforms and their users.


Impact: Gig worker platforms

In the Wild: Yes

Age: Recently disclosed

Remediation: Implement stronger security measures and user verification processes.

Data Breach

Published:

darkreading
Phishing Kit Darcula Gets Lethal AI Upgrade

The Darcula phishing-as-a-service platform has integrated artificial intelligence capabilities, making it easier for low-skilled hackers to execute phishing attacks. This upgrade raises significant concerns about the increasing accessibility of sophisticated cyberattack tools.


Impact: Not specified

In the Wild: Unknown

Age: Recently added

Remediation: None available

Phishing

Published:

darkreading
FBI: Cybercrime Losses Rocket to $16.6B in 2024

In 2024, cybercrime losses surged to $16.6 billion, marking a 33% increase from the previous year. Phishing emerged as the most reported cybercrime, while ransomware continued to pose a significant threat to critical infrastructure, highlighting the growing challenges in cybersecurity.


Impact: Not specified

In the Wild: Unknown

Age: Not specified

Remediation: None available

Ransomware Phishing

Published:

SecurityWeek
RSA Conference 2025 – Pre-Event Announcements Summary (Part 1)

The RSA Conference 2025 in San Francisco will feature hundreds of companies showcasing their latest cybersecurity products and services. This event is significant as it highlights emerging trends and innovations in the cybersecurity landscape, bringing together industry leaders and stakeholders.


Impact: Not specified

In the Wild: Unknown

Age: Unknown

Remediation: None available

Published:

SecurityWeek
Jericho Security Gets $15 Million for AI-Powered Awareness Training

Jericho Security has successfully raised $15 million in Series A funding to enhance its AI-powered employee cybersecurity training platform. This funding is significant as it aims to improve cybersecurity awareness among employees, which is crucial in combating increasing cyber threats.


Impact: Not specified

In the Wild: Unknown

Age: Recently disclosed

Remediation: None available

Published:

SecurityWeek
Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances

AI summary not available. Read original article »

Patch

Published:

The Hacker News
darkreading
Navigating Regulatory Shifts & AI Risks

The article discusses how organizations can leverage trends in encryption, AI security, and platform consolidation to transform compliance challenges into competitive advantages. This proactive approach is significant as it helps businesses stay ahead of regulatory changes and mitigate associated risks.


Impact: Not specified

In the Wild: Unknown

Age: Unknown

Remediation: None available

Published:

SecurityWeek
Push Security Raises $30 Million in Series B Funding

AI summary not available. Read original article »

Published:

The Hacker News
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

AI summary not available. Read original article »

CVE

Published:

The Hacker News
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

AI summary not available. Read original article »

Linux

Published:

All CISA Advisories
Vestel AC Charger

A vulnerability (CVE-2025-3606) in Vestel's AC Charger could allow unauthorized access to sensitive information, potentially leading to denial of service or integrity loss. Users are urged to update their devices to mitigate risks associated with this exposure.


Impact: Vestel AC Charger EVC04: Version 3.75.0

In the Wild: No

Age: Recently disclosed

Remediation: Update to version 3.187 or higher, use secure networks, and manage login credentials.

Phishing CVE Vulnerability Update

Published:

All CISA Advisories
ALBEDO Telecom Net.Time - PTP/NTP Clock

A vulnerability in ALBEDO Telecom's Net.Time - PTP/NTP clock, identified as CVE-2025-2185, allows for insufficient session expiration, potentially enabling attackers to intercept passwords over unencrypted connections. This poses a significant risk to critical infrastructure sectors worldwide.


Impact: Net.Time - PTP/NTP clock (Serial No. NBC0081P), ALBEDO Telecom

In the Wild: No

Age: Discovered in April 2025

Remediation: Update to software release v1.6.1, minimize network exposure, use secure remote access methods like VPNs.

Phishing CVE Vulnerability Update

Published:

All CISA Advisories
Planet Technology Network Products

Multiple critical vulnerabilities have been identified in Planet Technology Network Products, including OS command injection and hard-coded credentials, potentially allowing unauthorized access and manipulation of device data. These vulnerabilities pose significant risks to critical infrastructure systems worldwide.


Impact: Planet Technology UNI-NMS-Lite, NMS-500, NMS-1000V, WGS-804HPT-V2, WGS-4215-8T2S

In the Wild: No

Age: Recently disclosed

Remediation: Apply patches released by Planet Technology for affected devices and implement defensive measures to minimize exploitation risk.

CVE Vulnerability Update

Published: