Skip to content
Security News, Assessments & Alerts Page 24

Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

Dec 18, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of… 

Read More »CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Dec 18, 2025Ravie LakshmananVulnerability / Network Security Cisco has alerted users of a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686… 

Read More »Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another… 

Read More »Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

Dec 17, 2025Ravie LakshmananEmail Security / Threat Intelligence The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a “sustained” credential-harvesting campaign targeting users of UKR[.]net, a webmail… 

Read More »APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign
New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

Dec 17, 2025Ravie LakshmananVulnerability / Malware The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian cybersecurity vendor said… 

Read More »New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research… 

Read More »China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware
GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

Dec 17, 2025Ravie LakshmananAd Fraud / Browser Security A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject… 

Read More »GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads