VulnHub

AI-Powered Cybersecurity Intelligence

Last Update Check:

Latest Intelligence

darkreading
Terra Security Automates Penetration Testing With Agentic AI

Terra Security is leveraging Agentic AI to automate penetration testing, responding to the increasing demand for more autonomous security solutions. This shift signifies a move towards hands-off approaches in enhancing organizational security protocols.


Impact: Not specified

In the Wild: Unknown

Age: Not specified

Remediation: Not specified

Published:

The Hacker News
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

A recently patched vulnerability in Google Cloud Platform's Cloud Composer service allowed attackers with edit permissions to escalate their privileges to the default Cloud Build service account. This issue highlights significant security risks associated with workflow orchestration services like Apache Airflow.


Impact: Google Cloud Platform, Cloud Composer, Apache Airflow

In the Wild: Unknown

Age: Recently disclosed

Remediation: Apply patches provided by Google Cloud Platform.

Google Vulnerability

Published:

darkreading
DeepSeek Breach Opens Floodgates to Dark Web

The DeepSeek breach highlights the urgent need for enhanced AI security measures, as vulnerabilities can be swiftly exploited on the Dark Web. This incident emphasizes the high stakes associated with neglecting cybersecurity in AI systems.


Impact: Not specified

In the Wild: Unknown

Age: Unknown

Remediation: None available

Vulnerability

Published:

Securelist
Russian organizations targeted by backdoor masquerading as secure networking software updates

A new sophisticated backdoor has been discovered that targets Russian organizations by masquerading as secure networking software updates. This tactic highlights the evolving nature of cyber threats and the importance of vigilance in software update practices.


Impact: Not specified

In the Wild: Yes

Age: Recently discovered

Remediation: Implement security measures and monitor for unusual activities; specific vendor advisories may be pending.

Published:

All CISA Advisories
Siemens TeleControl Server Basic SQL

Siemens TeleControl Server Basic has multiple SQL injection vulnerabilities that could allow unauthenticated remote attackers to bypass authorization controls and execute code with elevated permissions. These vulnerabilities pose significant risks, including unauthorized database access and potential denial-of-service conditions.


Impact: Siemens TeleControl Server Basic: versions prior to V3.1.2.2

In the Wild: Unknown

Age: Disclosed on January 10, 2023

Remediation: Update to TeleControl Server Basic version V3.1.2.2 or later.

CVE Vulnerability Update

Published:

All CISA Advisories
Siemens TeleControl Server Basic

Siemens TeleControl Server Basic has a vulnerability (CVE-2025-29931) that allows unauthorized remote attackers to exploit improper handling of a length parameter, potentially leading to a denial-of-service condition. The issue particularly affects redundant setups and requires specific conditions to be exploited.


Impact: Siemens TeleControl Server Basic: Versions prior to V3.1.2.2

In the Wild: No

Age: Discovered January 10, 2023

Remediation: Update to version V3.1.2.2 or later, apply recommended network security measures.

CVE Vulnerability Update

Published:

All CISA Advisories
Schneider Electric Wiser Home Controller WHC-5918A

The Schneider Electric Wiser Home Controller WHC-5918A has a serious vulnerability (CVE-2024-6407) that allows unauthorized disclosure of sensitive information, including credentials, through specially crafted messages. The product is discontinued and out of support, making it crucial for users to upgrade or remove the device to mitigate risks.


Impact: Schneider Electric Wiser Home Controller WHC-5918A

In the Wild: No

Age: Discovered recently

Remediation: Upgrade to the latest product offering or remove the device from service; implement network security measures.

Phishing CVE Vulnerability Update

Published:

All CISA Advisories
CISA Releases Five Industrial Control Systems Advisories

CISA has issued five advisories addressing vulnerabilities in various Industrial Control Systems (ICS), highlighting the importance of security in critical infrastructure. Users are urged to review these advisories for detailed technical information and mitigation strategies.


Impact: Siemens TeleControl Server Basic, Schneider Electric Wiser Home Controller WHC-5918A, ABB MV Drives, Schneider Electric Modicon M580 PLCs

In the Wild: Unknown

Age: Disclosed on April 22, 2025

Remediation: Review advisories for technical details and implement recommended mitigations.

Update

Published:

All CISA Advisories
ABB MV Drives

ABB MV Drives have multiple vulnerabilities related to improper input validation and memory buffer restrictions, potentially allowing attackers to gain full access or cause denial-of-service conditions. These vulnerabilities, particularly affecting the CODESYS runtime system, pose significant risks to industrial control systems.


Impact: ABB MV Drives: ACS6080, ACS5000, ACS6000

In the Wild: Unknown

Age: Recently disclosed

Remediation: Apply patches provided by ABB for affected MV Drives.

Phishing CVE Exploit Vulnerability Update

Published:

The Hacker News
5 Major Concerns With Employees Using The Browser

The rise of SaaS and cloud-native work has made web browsers the primary endpoint for employees, yet they remain largely unmonitored, leading to significant security risks. Over 70% of modern malware attacks exploit browser vulnerabilities, highlighting the urgent need for enhanced browser security measures.


Impact: Not specified

In the Wild: Unknown

Age: Recent report findings

Remediation: Implement enhanced monitoring and security protocols for browser usage.

Published:

The Hacker News
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

Phishers have executed a highly sophisticated attack by utilizing Google's infrastructure to send legitimate-looking signed emails that direct recipients to fake websites for credential harvesting. This method poses a significant threat as it exploits trusted sources to deceive users.


Impact: Google's email services, Google Sites

In the Wild: Yes

Age: Recently disclosed

Remediation: Users should be cautious of unexpected emails and verify the authenticity of requests for credentials.

Phishing Google Exploit

Published:

WeLiveSecurity
Will super-smart AI be attacking us anytime soon?

The article discusses the current state of AI-related cyber attacks, indicating that while they are not yet at a level of super-intelligence, existing AI attacks are improving in sophistication. This raises concerns about the potential for future threats as AI technology evolves.


Impact: Not specified

In the Wild: Unknown

Age: Not specified

Remediation: None available

Published:

The Hacker News
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Microsoft has migrated its Microsoft Account (MSA) signing service to Azure confidential virtual machines in response to the Storm-0558 breach, enhancing security measures. The company is also transitioning the Entra ID signing service to similar infrastructure to bolster protection against future threats.


Impact: Microsoft Account (MSA), Entra ID

In the Wild: Unknown

Age: Disclosed recently

Remediation: Migrate services to Azure confidential VMs, implement enhanced security measures.

Microsoft

Published:

The Hacker News
Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

The Lotus Panda cyber espionage group has been linked to a campaign targeting various organizations in Southeast Asia, including a government ministry and an air traffic control organization. This incident highlights the ongoing threat posed by state-sponsored hacking groups in the region.


Impact: Not specified

In the Wild: Yes

Age: Discovered between August 2024 and February 2025

Remediation: None available

Published:

darkreading
DPRK 'IT Workers' Pivot to Europe for Employment Scams

North Korean IT workers are using fraudulent references to secure high-paying jobs in Europe, which in turn funds the DPRK regime. This trend poses a significant threat as it highlights the exploitation of international employment systems for illicit financial gain.


Impact: European job markets, recruitment systems

In the Wild: Yes

Age: Recently disclosed

Remediation: Strengthen verification processes for job applicants, enhance scrutiny on recruitment practices.

Published: