Poisoned at the Source: How Evasive Panda Turned ISP DNS Infrastructure into a Silent Malware Delivery System Cyber Threat Intelligence AegironDecember 26, 2025December 26, 20259 mins0 ISP-Level DNS Poisoning & Supply-Chain Espionage Campaign Timeframe: Late 2022 – 2024 (ongoing)Also Known As: Bronze Highland,…continue reading..
X-Worm Malware Malware CyberDefenderDecember 26, 2025December 26, 20257 mins0 X-Worm is a Windows-based Remote Access Trojan (RAT) that has gained popularity in underground forums due to…continue reading..
CVE-2025-15095: Silent XSS Risk in Postman Labs httpbin Testing Service Threat Advisories CyberDefenderDecember 26, 2025December 26, 202512 mins0 Vulnerability Summary CVE ID: CVE-2025-15095CVE Name: Postman Labs httpbin Reflected Cross-Site ScriptingCVSS Score: 3.5 / 10.0Severity: Low…continue reading..
CVE-2020-12812: Legacy FortiOS SSL VPN MFA Bypass Resurfaces After 5 Years Threat Advisories AegironDecember 26, 2025December 26, 202510 mins0 Vulnerability Overview Executive Summary CVE-2020-12812 is a critical flaw in FortiGate SSL VPN authentication that allows attackers…continue reading..
Service Disruption Risks in Pexip Infinity: Multiple High-Severity CVEs Threat Advisories AegironDecember 26, 2025December 26, 20259 mins0 Product Overview Product Name: Pexip InfinityProduct Type: Enterprise video conferencing and interoperability platformDeployment Model: On-premises and hybrid…continue reading..
High-Risk XSS Flaws Expose Verisay Applications to Account Takeover and Data Theft Threat Advisories AegironDecember 26, 2025December 26, 20257 mins0 Vendor: Verisay Communication and Information Technology Industry and Trade Ltd. Co.Affected Products: Trizbi, Titarus, AidangoAffected Versions: All…continue reading..
High-Risk Router Vulnerabilities: Public Exploits Enable Remote Takeover of UTT 进取 512W Devices Threat Advisories AegironDecember 26, 2025December 26, 20256 mins0 Product: UTT 进取 512WAffected Versions: Up to 1.7.7-171114Attack Vector: Remote (unauthenticated in most cases)Impact: Remote Code Execution…continue reading..
Unsecured Credentials (T1552): The Simplest Path to Total Compromise Credential Access CyberDefenderDecember 26, 2025December 26, 20258 mins0 Unsecured Credentials (T1552) is one of the most abused techniques in the Credential Access tactic of the…continue reading..
CVE-2025-68615: Critical Remote Code Execution Risk in Linux SNMP Trap Service Threat Advisories AegironDecember 26, 2025December 26, 202511 mins0 Vulnerability Summary Field Value CVE ID CVE-2025-68615 CVE Name Net-SNMP snmptrapd Stack-Based Buffer Overflow CVSS Score 9.8…continue reading..
Living Off the Cloud: Threat Actors Exploiting .onmicrosoft.com Latest Cyber Attack CyberDefenderDecember 26, 2025December 26, 20254 mins0 What is .onmicrosoft.com? .onmicrosoft.com is the default domain automatically assigned when someone creates a tenant in Microsoft’s…continue reading..
