Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Cisco Talos has uncovered a destructive malware dubbed Numero, a Windows-targeting threat that disguises itself as a legitimate AI video tool installer but ultimately renders victims’ systems unusable. Alongside Numero, Talos also discovered two ransomware families, CyberLock and Lucky_Gh0$t, spreading under the guise of AI software, all part of a rising wave of cyberattacks exploiting …
The post New Malware “Numero” Masquerading as AI Tool Wrecks Windows Systems appeared first on CyberInsider.
May 30th, 2025 (about 10 hours ago)
|
|
Description: Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero.
"CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan
May 29th, 2025 (1 day ago)
|
CVE-2024-20253 |
Description: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
CVSS: CRITICAL (9.9) EPSS Score: 1.17% SSVC Exploitation: none
May 29th, 2025 (1 day ago)
|
|
Description: Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.
May 29th, 2025 (1 day ago)
|
|
Description: Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. [...]
May 28th, 2025 (2 days ago)
|
|
Description: Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network.
The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into
CVSS: MEDIUM (6.5)
May 23rd, 2025 (7 days ago)
|
|
Description: A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell.
"UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access," Cisco Talos researchers
CVSS: MEDIUM (5.3)
May 22nd, 2025 (8 days ago)
|
|
Description: Impact
A network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack.
Patches
This issue affects all versions of Hubble CLI before v1.17.2. The issue is patched in Hubble CLI v1.17.2, via https://github.com/cilium/cilium/pull/37401.
Workarounds
Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.
Acknowledgements
The Cilium community has worked together with members of Isovalent and the Cisco ASIG team to prepare these mitigations. Special thanks to @bipierce-cisco and @kokelley-cisco for reporting the issue and to @devodev for the fix.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [email protected]. This is a private mailing list for the Cilium security team, and your report will be treated as top priority.
References
https://github.com/cilium/hubble/security/advisories/GHSA-274q-79q9-52j7
https://nvd.nist.gov/vuln/detail/CVE-2025-48056
https://git...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 21st, 2025 (9 days ago)
|
|
CVE-2025-20267 |
Description: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
May 21st, 2025 (9 days ago)
|
|
CVE-2025-20258 |
Description: A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 21st, 2025 (9 days ago)
|