Cyber Threat Zip
@cyberthreat.zip
Cyber Threat intelligence Alert
Contact: contact@cyberthreat.zip
Contact: contact@cyberthreat.zip
APT31's Arsenal:
SharpADUserIP (Recon)
SharpChrome (Password theft)
StickyNotesExtract (Data theft)
Tailscale VPN (Tunneling)
CloudSorcerer/OneDriveDoor (Cloud C2)
VtChatter (VirusTotal C2)
LocalPlugX (Lateral movement)
Various backdoors (Linux/Windows)
SharpADUserIP (Recon)
SharpChrome (Password theft)
StickyNotesExtract (Data theft)
Tailscale VPN (Tunneling)
CloudSorcerer/OneDriveDoor (Cloud C2)
VtChatter (VirusTotal C2)
LocalPlugX (Lateral movement)
Various backdoors (Linux/Windows)
APT31 (China) targeted Russian gov't IT contractors in 2025 & earlier. The group operated undetected for extended periods, gathering intelligence through sophisticated cyber espionage campaigns.
November 25, 2025 at 1:42 PM
APT31's Arsenal:
SharpADUserIP (Recon)
SharpChrome (Password theft)
StickyNotesExtract (Data theft)
Tailscale VPN (Tunneling)
CloudSorcerer/OneDriveDoor (Cloud C2)
VtChatter (VirusTotal C2)
LocalPlugX (Lateral movement)
Various backdoors (Linux/Windows)
SharpADUserIP (Recon)
SharpChrome (Password theft)
StickyNotesExtract (Data theft)
Tailscale VPN (Tunneling)
CloudSorcerer/OneDriveDoor (Cloud C2)
VtChatter (VirusTotal C2)
LocalPlugX (Lateral movement)
Various backdoors (Linux/Windows)
APT31 (China) targeted Russian gov't IT contractors in 2025 & earlier. The group operated undetected for extended periods, gathering intelligence through sophisticated cyber espionage campaigns.
November 25, 2025 at 1:39 PM
APT31 (China) targeted Russian gov't IT contractors in 2025 & earlier. The group operated undetected for extended periods, gathering intelligence through sophisticated cyber espionage campaigns.
⚠️ 7-Zip RCE Vulnerability
CVE-2025-11001: Critical vulnerability in 7-Zip! A malicious ZIP file can allow remote code execution on your computer. Simply opening the file is enough.
❕ Users are advised to update to 7-Zip version 25.00 or later.
CVE-2025-11001: Critical vulnerability in 7-Zip! A malicious ZIP file can allow remote code execution on your computer. Simply opening the file is enough.
❕ Users are advised to update to 7-Zip version 25.00 or later.
November 25, 2025 at 1:34 PM
⚠️ 7-Zip RCE Vulnerability
CVE-2025-11001: Critical vulnerability in 7-Zip! A malicious ZIP file can allow remote code execution on your computer. Simply opening the file is enough.
❕ Users are advised to update to 7-Zip version 25.00 or later.
CVE-2025-11001: Critical vulnerability in 7-Zip! A malicious ZIP file can allow remote code execution on your computer. Simply opening the file is enough.
❕ Users are advised to update to 7-Zip version 25.00 or later.
⚠️ OpenVPN RCE Vulnerability
CVE-2025-10680: High-severity flaw enabling authenticated VPN servers to execute OS commands on clients.
Scope: OpenVPN Client (Linux, macOS)
Requirement: --dns-updown enabled
CVE-2025-10680: High-severity flaw enabling authenticated VPN servers to execute OS commands on clients.
Scope: OpenVPN Client (Linux, macOS)
Requirement: --dns-updown enabled
November 10, 2025 at 9:55 PM
⚠️ OpenVPN RCE Vulnerability
CVE-2025-10680: High-severity flaw enabling authenticated VPN servers to execute OS commands on clients.
Scope: OpenVPN Client (Linux, macOS)
Requirement: --dns-updown enabled
CVE-2025-10680: High-severity flaw enabling authenticated VPN servers to execute OS commands on clients.
Scope: OpenVPN Client (Linux, macOS)
Requirement: --dns-updown enabled
⚠️ Fortinet FortiOS/FortiProxy Zero Day Vulnerability
CVE-2024-55591: (CVSS score: 9.6) is an authentication bypass vulnerability in FortiOS and FortiProxy. It allows attackers to gain super admin privileges through specially crafted Node.js websocket requests.
CVE-2024-55591: (CVSS score: 9.6) is an authentication bypass vulnerability in FortiOS and FortiProxy. It allows attackers to gain super admin privileges through specially crafted Node.js websocket requests.
January 14, 2025 at 9:53 PM
⚠️ Fortinet FortiOS/FortiProxy Zero Day Vulnerability
CVE-2024-55591: (CVSS score: 9.6) is an authentication bypass vulnerability in FortiOS and FortiProxy. It allows attackers to gain super admin privileges through specially crafted Node.js websocket requests.
CVE-2024-55591: (CVSS score: 9.6) is an authentication bypass vulnerability in FortiOS and FortiProxy. It allows attackers to gain super admin privileges through specially crafted Node.js websocket requests.
✨🎉 A new year brings new opportunities and new goals!
At CyberThreat.zip, we’re here to ensure your growth and security in 2025. 🛡️💻
Wishing everyone a happy, healthy, and safe New Year! 🎄🎆
#CyberThreatZip #HappyNewYear2025
At CyberThreat.zip, we’re here to ensure your growth and security in 2025. 🛡️💻
Wishing everyone a happy, healthy, and safe New Year! 🎄🎆
#CyberThreatZip #HappyNewYear2025
CyberThreat.zip Error 404
CyberThreat.zip
December 31, 2024 at 9:09 PM
✨🎉 A new year brings new opportunities and new goals!
At CyberThreat.zip, we’re here to ensure your growth and security in 2025. 🛡️💻
Wishing everyone a happy, healthy, and safe New Year! 🎄🎆
#CyberThreatZip #HappyNewYear2025
At CyberThreat.zip, we’re here to ensure your growth and security in 2025. 🛡️💻
Wishing everyone a happy, healthy, and safe New Year! 🎄🎆
#CyberThreatZip #HappyNewYear2025
⚠️ 7-Zip RCE Vulnerability
CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zip’s Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code.
❕ Users are advised to update to 7-Zip version 24.07 or later.
CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zip’s Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code.
❕ Users are advised to update to 7-Zip version 24.07 or later.
November 25, 2024 at 11:43 AM
⚠️ 7-Zip RCE Vulnerability
CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zip’s Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code.
❕ Users are advised to update to 7-Zip version 24.07 or later.
CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zip’s Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code.
❕ Users are advised to update to 7-Zip version 24.07 or later.
⚠️ Palo Alto Networks Privilege escalation vulnerability
CVE-2024-9474: A privilege escalation vulnerability affecting authorized users.
CVE-2024-9474: A privilege escalation vulnerability affecting authorized users.
November 25, 2024 at 11:26 AM
⚠️ Palo Alto Networks Privilege escalation vulnerability
CVE-2024-9474: A privilege escalation vulnerability affecting authorized users.
CVE-2024-9474: A privilege escalation vulnerability affecting authorized users.
⚠️ Palo Alto Networks Authentication bypass vulnerability
CVE-2024-0012: An authentication bypass vulnerability in PAN-OS allows attackers to gain administrator privileges.
CVE-2024-0012: An authentication bypass vulnerability in PAN-OS allows attackers to gain administrator privileges.
November 25, 2024 at 11:25 AM
⚠️ Palo Alto Networks Authentication bypass vulnerability
CVE-2024-0012: An authentication bypass vulnerability in PAN-OS allows attackers to gain administrator privileges.
CVE-2024-0012: An authentication bypass vulnerability in PAN-OS allows attackers to gain administrator privileges.
⚠️ DragonRank Hits IIS Servers in Asia, Europe
Over 35 IIS servers compromised using BadIIS malware and ASPXspy, exploiting web app vulnerabilities for SEO fraud.
Over 35 IIS servers compromised using BadIIS malware and ASPXspy, exploiting web app vulnerabilities for SEO fraud.
September 13, 2024 at 2:50 PM
⚠️ DragonRank Hits IIS Servers in Asia, Europe
Over 35 IIS servers compromised using BadIIS malware and ASPXspy, exploiting web app vulnerabilities for SEO fraud.
Over 35 IIS servers compromised using BadIIS malware and ASPXspy, exploiting web app vulnerabilities for SEO fraud.
❕Systems are not affected if IPv6 is disabled on the target machine.
⚠️ Windows TCP/IP 0-Click RCE Vulnerability
CVE-2024-38063: Microsoft released an urgent update for a critical vulnerability. It allows remote code execution via specially crafted IPv6 packets. All Windows and Windows Server versions are affected.
CVE-2024-38063: Microsoft released an urgent update for a critical vulnerability. It allows remote code execution via specially crafted IPv6 packets. All Windows and Windows Server versions are affected.
August 14, 2024 at 6:24 AM
❕Systems are not affected if IPv6 is disabled on the target machine.
⚠️ Windows TCP/IP 0-Click RCE Vulnerability
CVE-2024-38063: Microsoft released an urgent update for a critical vulnerability. It allows remote code execution via specially crafted IPv6 packets. All Windows and Windows Server versions are affected.
CVE-2024-38063: Microsoft released an urgent update for a critical vulnerability. It allows remote code execution via specially crafted IPv6 packets. All Windows and Windows Server versions are affected.
August 14, 2024 at 6:23 AM
⚠️ Windows TCP/IP 0-Click RCE Vulnerability
CVE-2024-38063: Microsoft released an urgent update for a critical vulnerability. It allows remote code execution via specially crafted IPv6 packets. All Windows and Windows Server versions are affected.
CVE-2024-38063: Microsoft released an urgent update for a critical vulnerability. It allows remote code execution via specially crafted IPv6 packets. All Windows and Windows Server versions are affected.
Our Telegram Channel is Opened
Our Telegram channel, where we make all announcements about cyber threats and security vulnerabilities, has been opened.
t.me/cyberthreatzip
Our Telegram channel, where we make all announcements about cyber threats and security vulnerabilities, has been opened.
t.me/cyberthreatzip
CyberThreat zip
Cyber Threat intelligence Alert contact@cyberthreat.zip
t.me
August 3, 2024 at 3:45 PM
Our Telegram Channel is Opened
Our Telegram channel, where we make all announcements about cyber threats and security vulnerabilities, has been opened.
t.me/cyberthreatzip
Our Telegram channel, where we make all announcements about cyber threats and security vulnerabilities, has been opened.
t.me/cyberthreatzip
⚠️ Critical GeoServer RCE Flaw
CVE-2024-36401: GeoServer versions before 2.24.4, 2.25.2, and 2.23.6 have a critical RCE vulnerability (CVSS 9.8). Users should upgrade to the latest versions to mitigate the threat.
CVE-2024-36401: GeoServer versions before 2.24.4, 2.25.2, and 2.23.6 have a critical RCE vulnerability (CVSS 9.8). Users should upgrade to the latest versions to mitigate the threat.
August 3, 2024 at 3:24 PM
⚠️ Critical GeoServer RCE Flaw
CVE-2024-36401: GeoServer versions before 2.24.4, 2.25.2, and 2.23.6 have a critical RCE vulnerability (CVSS 9.8). Users should upgrade to the latest versions to mitigate the threat.
CVE-2024-36401: GeoServer versions before 2.24.4, 2.25.2, and 2.23.6 have a critical RCE vulnerability (CVSS 9.8). Users should upgrade to the latest versions to mitigate the threat.
⚠️VMware ESXi Authentication Bypass Vulnerability
CVE-2024-37085: VMware ESXi Vulnerability
On July 29, Microsoft announced that ransomware groups were exploiting a vulnerability identified as CVE-2024-37085.
CVE-2024-37085: VMware ESXi Vulnerability
On July 29, Microsoft announced that ransomware groups were exploiting a vulnerability identified as CVE-2024-37085.
August 3, 2024 at 3:23 PM
⚠️VMware ESXi Authentication Bypass Vulnerability
CVE-2024-37085: VMware ESXi Vulnerability
On July 29, Microsoft announced that ransomware groups were exploiting a vulnerability identified as CVE-2024-37085.
CVE-2024-37085: VMware ESXi Vulnerability
On July 29, Microsoft announced that ransomware groups were exploiting a vulnerability identified as CVE-2024-37085.
🗣️ Microsoft confirmed that the nine-hour outage on Tuesday was caused by a DDoS attack. This attack affected many Microsoft 365 and Azure services worldwide.
July 31, 2024 at 7:09 PM
🗣️ Microsoft confirmed that the nine-hour outage on Tuesday was caused by a DDoS attack. This attack affected many Microsoft 365 and Azure services worldwide.
Oracle WebLogic Server Vulnerability
CVE-2024-21007: Weblogic Server Remote Code Execution(RCE)
Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0
CVE-2024-21007: Weblogic Server Remote Code Execution(RCE)
Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0
July 5, 2024 at 6:35 PM
Oracle WebLogic Server Vulnerability
CVE-2024-21007: Weblogic Server Remote Code Execution(RCE)
Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0
CVE-2024-21007: Weblogic Server Remote Code Execution(RCE)
Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0
Ollama Vulnerability
CVE-2024-37032: Ollama Remote Code Execution(RCE) vulnerability.
Exploitation involved overwriting /etc/ld.so.preload to load a malicious shared library, escalating from arbitrary file write to remote code execution.
CVE-2024-37032: Ollama Remote Code Execution(RCE) vulnerability.
Exploitation involved overwriting /etc/ld.so.preload to load a malicious shared library, escalating from arbitrary file write to remote code execution.
July 3, 2024 at 2:29 PM
Ollama Vulnerability
CVE-2024-37032: Ollama Remote Code Execution(RCE) vulnerability.
Exploitation involved overwriting /etc/ld.so.preload to load a malicious shared library, escalating from arbitrary file write to remote code execution.
CVE-2024-37032: Ollama Remote Code Execution(RCE) vulnerability.
Exploitation involved overwriting /etc/ld.so.preload to load a malicious shared library, escalating from arbitrary file write to remote code execution.
New GitLab Vulnerability
CVE-2024-5655: GitLab security updates fixing 14 vulnerabilities.
GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
CVE-2024-5655: GitLab security updates fixing 14 vulnerabilities.
GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
July 1, 2024 at 5:26 PM
New GitLab Vulnerability
CVE-2024-5655: GitLab security updates fixing 14 vulnerabilities.
GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
CVE-2024-5655: GitLab security updates fixing 14 vulnerabilities.
GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
New OpenSSH Vulnerability
CVE-2024-6387: OpenSSH's server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
CVE-2024-6387: OpenSSH's server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
July 1, 2024 at 3:42 PM
New OpenSSH Vulnerability
CVE-2024-6387: OpenSSH's server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
CVE-2024-6387: OpenSSH's server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.