0dayChronicles.Tech

Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack

Hunting Jacq May 15, 2025 No Comments

Multiple zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) have been actively exploited in a chained attack scenario, allowing remote attackers to bypass authentication and execute arbitrary commands. These chained…

Incident Response Cyber Threat Intelligence Data Breaches Ransomware Retail Cybersecurity

DragonForce Ransomware Hits Marks & Spencer: What We Know So Far

Hunting Jacq May 15, 2025 No Comments

On May 14, 2025, UK retailer Marks & Spencer (M&S) was reportedly targeted in a ransomware attack claimed by the DragonForce group. The group posted on its darknet leak site…

Threat Intelligence Data Breaches Identity Protection Privacy & Compliance

Data Breach Exposes Personal Information of Hundreds of Thousands

Hunting Jacq May 15, 2025 No Comments

A significant data breach exposes personal information and disclosed in May 2025 has resulted in the exposure of sensitive personal information belonging to hundreds of thousands of individuals. The breach…

Threat Intelligence Cloud Security Python Security Supply Chain Attacks

Malicious PyPI Packages Exploit Gmail: Critical Data Theft Campaign

Hunting Jacq May 14, 2025 No Comments

In May 2025, security researchers uncovered a series of malicious Python packages on the Python Package Index (PyPI) that abuse the Gmail API to exfiltrate sensitive user data. These malicious…

Cloud Security CNAPP DevSecOps Security Automation Security Operations

Orca Security Acquires Opus Security: CNAPP Remediation Revolution

Hunting Jacq May 14, 2025 No Comments

Orca Security acquires Opus Security in a strategic move to transform its cloud-native application protection platform (CNAPP). This acquisition not only brings advanced remediation capabilities to Orca’s platform but also…

Vulnerability Analysis CI/CD Threats DevOps Security Insider Threats

GitLab CVE-2022-2884 RCE Vulnerability – Exploit Risk Still High

Hunting Jacq May 14, 2025 No Comments

GitLab CVE-2022-2884 is a critical remote code execution vulnerability in GitLab Community and Enterprise Editions. Scoring 9.9 on the CVSS v3.1 scale, this flaw impacts all versions from 11.3.4 through…

Vulnerability Management Endpoint Defense Microsoft Security Patch Tuesday Zero-Day Threats

Microsoft Patch Tuesday: Critical Azure DevOps CVSS 10 Bug and Zero-Days Fixed

Hunting Jacq May 14, 2025 No Comments

Microsoft Patch Tuesday for May 2025 delivered security updates addressing 78 vulnerabilities, five of which are being actively exploited. Among these, the standout threat is a CVSS 10.0 rated vulnerability…

Network Security Perimeter Security Vulnerability Analysis Zero-Day Exploits

Fortinet CVE-2025-32756 Zero-Day RCE – Critical Exploit Patched

Hunting Jacq May 14, 2025 No Comments

A critical Fortinet CVE-2025-32756 vulnerability was patched after being actively exploited in the wild. This zero-day, present in FortiVoice and potentially other Fortinet appliances, allows unauthenticated remote code execution (RCE)…

Threat Intelligence ICS Security Incident Response Manufacturing Cybersecurity

Nucor Cybersecurity Incident Overview

Hunting Jacq May 14, 2025 No Comments

The Nucor cybersecurity incident has shaken the industrial sector, highlighting how targeted intrusions can halt production in critical infrastructure. As disclosed in an 8-K SEC filing, North America’s largest steel…

Threat Intelligence ERP Security Nation-State Threats SAP Cybersecurity Vulnerability Analysis

China-Nexus SAP NetWeaver Exploit Hits Critical Infrastructure

Hunting Jacq May 14, 2025 No Comments

China-Nexus SAP NetWeaver exploitation campaigns are actively targeting global critical infrastructure by leveraging CVE-2025-31324, a high-severity vulnerability in SAP NetWeaver systems. The campaigns have drawn urgent attention across threat intelligence…

CVE-2024-12987: DrayTek Vigor Routers OS Command Injection Vulnerability – Critical Remote Exploit

US Officials Impersonated via SMS and Voice Deepfakes – Escalating Social Engineering Threat

Job Applicant Data Breach: 1.1 Million Records Exposed from Recruitment Platform

FBI Alert: Outdated Routers Hijacked by TheMoon Malware – Replace Immediately

Compromised npm Package ‘rand-user-agent’ Spreads Remote Access Trojan – Critical Supply Chain Alert

Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack

DragonForce Ransomware Hits Marks & Spencer: What We Know So Far

Data Breach Exposes Personal Information of Hundreds of Thousands

Malicious PyPI Packages Exploit Gmail: Critical Data Theft Campaign

Orca Security Acquires Opus Security: CNAPP Remediation Revolution

GitLab CVE-2022-2884 RCE Vulnerability – Exploit Risk Still High

Microsoft Patch Tuesday: Critical Azure DevOps CVSS 10 Bug and Zero-Days Fixed

Fortinet CVE-2025-32756 Zero-Day RCE – Critical Exploit Patched

Nucor Cybersecurity Incident Overview

China-Nexus SAP NetWeaver Exploit Hits Critical Infrastructure

You Missed

CVE-2024-12987: DrayTek Vigor Routers OS Command Injection Vulnerability – Critical Remote Exploit

US Officials Impersonated via SMS and Voice Deepfakes – Escalating Social Engineering Threat

Job Applicant Data Breach: 1.1 Million Records Exposed from Recruitment Platform

FBI Alert: Outdated Routers Hijacked by TheMoon Malware – Replace Immediately