Shadowserver
Rhadamanthys infostealer operation disrupted by law enforcement
The rumors were true: Operation Endgame, a joint effort between law enforcement and judicial authorities of several European countries, Australia, Canada, the UK and the US, …
Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts
Despite Cisco and various cybersecurity agencies warning about attackers actively exploting zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in Cisco Adaptive …
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)
A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made …
Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)
FortiGuard Labs has reported a dramatic spike in exploitation attempts targeting CitrixBleed 2, a critical buffer over‑read flaw (CVE‑2025‑5777) affecting Citrix NetScaler ADC …
Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)
Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable …
Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113)
With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks …
145 criminal domains linked to BidenCash Marketplace seized
Approximately 145 darknet and conventional internet domains, along with cryptocurrency funds linked to the BidenCash marketplace, have been seized by the U.S. Attorney’s …
DanaBot botnet disrupted, QakBot leader indicted
Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet …
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the …
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access …
48,000+ internet-facing Fortinet firewalls still open to attack
Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too …
UK domain registry Nominet breached via Ivanti zero-day
The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver …
Featured news
Resources
Don't miss
- Salesforce Gainsight compromise: Early findings and customer guidance
- Research shows identity document checks are missing key signals
- How one quick AI check can leak your company’s secrets
- Salesforce investigates new incident echoing Salesloft Drift compromise
- Security gap in Perplexity’s Comet browser exposed users to system-level attacks