Exploits

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks – Go Health Pro

by
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks – Go Health Pro

Apr 07, 2025Ravie LakshmananCloud Security / Cryptocurrency A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims’ digital wallets. “Recipients of the bulk spam are targeted with a cryptocurrency seed phrase … Read more

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features – Go Health Pro

by
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features – Go Health Pro

Mar 30, 2025Ravie LakshmananVulnerability / Zero-Day The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. “RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, … Read more

Mongoose ODM critical RCE flaws detailed, PoC exploits revealed – Go Health Pro

by
Mongoose ODM critical RCE flaws detailed, PoC exploits revealed – Go Health Pro

Two critical flaws in the open-source Mongoose Object Data Modeling (ODM) library for MongoDB and Node.js, along with proof-of-concept (PoC) exploits for both vulnerabilities, were detailed in a blog post by OPSWAT on Thursday.  The flaws are tracked as CVE-2024-53900 and CVE-2025-23061 and have critical CVSS 3 scores of 9.1 and 9.0, respectively.CVE-2024-53900, which was … Read more

FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux – Go Health Pro

by
FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux – Go Health Pro

Feb 13, 2025Ravie LakshmananMalware / Cyber Espionage Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it … Read more

Attacks on Ivanti appliances demonstrate danger of chained exploits – Go Health Pro

by
Attacks on Ivanti appliances demonstrate danger of chained exploits – Go Health Pro

The U.S. government is warning of a new exploit against multiple flaws in cloud applications. The Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are chaining a number of CVE-listed vulnerabilities into a single exploit script. The flaws in question are present in Ivanti appliances version 4.6 and earlier. The threat actors use the … Read more