> ai://ti

autonomous threat intelligence feed

Top Stories

πŸ’£ Exploits
CISA Updates KEV Catalog with New Exploited Vulnerability
CISA has added CVE-2018-4063, a vulnerability in Sierra Wireless AirLink ALEOS, to its Known Exploited Vulnerabilities Catalog due to active exploitation evidence. This highlights the ongoing risk to federal networks and emphasizes the need for timely remediation.

Key points:

  • CISA's KEV Catalog now includes CVE-2025-14174, highlighting its active exploitation.
  • The vulnerability is an out-of-bounds memory access issue in Google Chromium.
  • BOD 22-01 mandates remediation of identified vulnerabilities for federal agencies.
  • CISA encourages all organizations to prioritize remediation of KEV vulnerabilities.
  • The catalog aims to protect federal networks from significant cyber threats.
Sources: CISA Cybersecurity Advisories (1 articles)
πŸ’£ Exploits
Apple addresses two zero-day vulnerabilities exploited in targeted attacks
Apple has released urgent updates to fix two zero-day vulnerabilities, CVE-2025-43529 and CVE-2025-14174, exploited in sophisticated attacks. Both flaws affect WebKit and impact various iPhone and iPad models.

Key points:

  • CVE-2025-43529 is a WebKit use-after-free RCE flaw, while CVE-2025-14174 is a memory corruption issue.
  • Both vulnerabilities were discovered by Google’s Threat Analysis Group and are linked to targeted spyware attacks.
  • Affected devices include iPhone 11 and later, various iPad models, and older iOS versions.
  • This marks the seventh zero-day vulnerability patched by Apple in 2025.
  • Users are urged to install the latest updates to mitigate risks of exploitation.
Sources: Bleeping Computer (1 articles)
πŸ’£ Exploits
Metasploit Wrap-Up Highlights Critical RCE Vulnerabilities and New Exploit Modules
The latest Metasploit update introduces critical RCE vulnerabilities, including CVE-2025-55182, known as React2Shell. New exploit modules for various platforms, including Magento and WordPress, enhance the framework's capabilities.

Key points:

  • CVE-2025-55182, a critical RCE vulnerability in React, has been added to Metasploit with an exploit module.
  • New MSSQL attack capabilities include an NTLM relay module and improved encryption support.
  • New exploit modules for Magento and WordPress address critical vulnerabilities allowing unauthenticated RCE.
  • Support for a new architecture, LoongArch64, has been added with a reboot payload.
Sources: Rapid7 Research Blog (1 articles)
πŸ’£ Exploits
CISA Warns of Exploitation of Critical GeoServer Vulnerability CVE-2025-58360
CISA has issued a warning regarding the exploitation of a critical vulnerability in OSGeo GeoServer, tracked as CVE-2025-58360. This XML External Entity (XXE) vulnerability could lead to unauthorized file access and denial-of-service conditions.

Key points:

  • CVE-2025-58360 has a CVSS score of 9.8 and allows attackers to exploit XML input vulnerabilities.
  • Patches were released in GeoServer version 2.28.1, addressing this and another XSS vulnerability.
  • CISA added CVE-2025-58360 to its Known Exploited Vulnerabilities list, indicating active exploitation.
  • Federal agencies are required to patch vulnerable instances within three weeks per BOD 22-01.
  • This is the third GeoServer vulnerability exploited this year, following earlier alerts on CVE-2022-24816 and CVE-2024-36401.
Sources: SecurityWeek (1 articles)

Other Updates

πŸ’£ Exploits
CISA Directs Federal Agencies to Patch Critical GeoServer Vulnerability
CISA orders patching of a critical GeoServer vulnerability exploited in XML External Entity attacks.

Key points:

  • The vulnerability affects GeoServer versions 2.26.1 and earlier, allowing attackers to exploit XML input.
  • CISA has added CVE-2025-58360 to its Known Exploited Vulnerabilities Catalog, urging immediate action.
  • Federal agencies must patch by January 1, 2026, as per Binding Operational Directive 22-01.
  • The flaw poses significant risks, with thousands of GeoServer instances exposed online.
  • CISA emphasizes the need for network defenders to prioritize this vulnerability.
Sources: Bleeping Computer (1 articles)
πŸ’£ Exploits
React Server Components Vulnerabilities Lead to DoS and Source Code Exposure Risks
New vulnerabilities in React Server Components pose significant security risks, prompting urgent updates.

Key points:

  • Two new vulnerabilities in React Server Components could result in denial-of-service and source code exposure.
  • CVE-2025-55184 and CVE-2025-55183 are linked to unsafe deserialization and information leaks.
  • The vulnerabilities affect multiple versions of react-server-dom packages.
  • Security researchers have reported these issues, highlighting the importance of timely updates.
  • Users are advised to upgrade to versions 19.0.3, 19.1.4, and 19.2.3 to protect against exploitation.
Sources: The Hacker News (1 articles)
πŸ’£ Exploits
Microsoft RasMan DoS 0-day vulnerability exploited; unofficial patch available
A zero-day vulnerability in Microsoft RasMan allows service crashes, with an unofficial patch now available.

Key points:

  • The vulnerability, linked to CVE-2025-59230, enables local privilege escalation.
  • A freely downloadable exploit is currently unrecognized by malware detection systems.
  • The flaw stems from a coding issue in processing circular linked lists, causing service crashes.
  • Microsoft has not yet responded to requests for an official patch or CVE assignment.
  • 0patch offers a free micropatch until Microsoft provides an official solution.
Sources: The Register Security (1 articles)
🚨 Intrusions
New Campaign Distributes PyStoreRAT Malware via Fake GitHub Repositories
A campaign is leveraging fake GitHub repositories to distribute the PyStoreRAT malware through deceptive OSINT tools.

Key points:

  • PyStoreRAT is a modular RAT that can execute various payloads and deploys an information stealer called Rhadamanthys.
  • The malware is distributed through repositories masquerading as OSINT tools and is promoted on social media.
  • Attackers use dormant GitHub accounts to publish repositories and introduce malicious code through maintenance commits.
  • The malware includes features to evade detection by antivirus software and establish persistence on infected systems.
  • Indicators suggest the threat actor may be of Eastern European origin, based on coding patterns and language artifacts.
Sources: The Hacker News (1 articles)
🎯 Campaigns
New Phishing Kits Leverage AI and MFA Bypass Techniques for Credential Theft
Four new phishing kits exploit AI and MFA bypass tactics to facilitate large-scale credential theft.

Key points:

  • BlackForce employs Man-in-the-Browser techniques to capture OTPs and bypass MFA, impersonating brands like Disney and Netflix.
  • GhostFrame uses an embedded iframe to redirect victims to phishing pages, making it adaptable and harder to detect.
  • InboxPrime AI automates mass email campaigns, enhancing the efficiency of phishing attacks.
  • These kits are sold on Telegram, with BlackForce priced between €200 and €300, and InboxPrime AI available for $1,000.
Sources: The Hacker News (1 articles)
πŸ“° Policy & Enforcement
Microsoft Expands Bug Bounty Program to Include Third-Party Code
Microsoft's updated bug bounty program will now reward vulnerabilities found in third-party applications.

Key points:

  • The 'in scope by default' approach allows for rewards on critical vulnerabilities regardless of ownership.
  • Microsoft aims to strengthen its security amid evolving threats, particularly in cloud and AI.
  • Last year, Microsoft awarded over $17 million to researchers through its bug bounty initiatives.
  • The program's expansion addresses past criticisms regarding eligibility and response times.
  • New products and services will also be covered under the updated bounty model.
Sources: SecurityWeek (1 articles)

Read More by Category

All πŸ’£ Exploits 🚨 Intrusions 🎯 Campaigns ☁️ Cloud πŸ€– AI πŸͺ™ Blockchain πŸ›οΈ Policy

Additional Signals