APT31's Arsenal:
SharpADUserIP (Recon)
SharpChrome (Password theft)
StickyNotesExtract (Data theft)
Tailscale VPN (Tunneling)
CloudSorcerer/OneDriveDoor (Cloud C2)
VtChatter (VirusTotal C2)
LocalPlugX (Lateral movement)
Various backdoors (Linux/Windows)
APT31 (China) targeted Russian gov't IT contractors in 2025 & earlier. The group operated undetected for extended periods, gathering intelligence through sophisticated cyber espionage campaigns.
⚠️ 7-Zip RCE Vulnerability
CVE-2025-11001: Critical vulnerability in 7-Zip! A malicious ZIP file can allow remote code execution on your computer. Simply opening the file is enough.
❕ Users are advised to update to 7-Zip version 25.00 or later.
⚠️ OpenVPN RCE Vulnerability
CVE-2025-10680: High-severity flaw enabling authenticated VPN servers to execute OS commands on clients.
Scope: OpenVPN Client (Linux, macOS)
Requirement: --dns-updown enabled
❕ Affected Versions:
FortiOS: 7.0.0 through 7.0.16 (upgrade to 7.0.17 or later).
FortiProxy: 7.0.0 through 7.0.19 (upgrade to 7.0.20 or later), and 7.2.0 through 7.2.12 (upgrade to 7.2.13 or later).
⚠️ Fortinet FortiOS/FortiProxy Zero Day Vulnerability
CVE-2024-55591: (CVSS score: 9.6) is an authentication bypass vulnerability in FortiOS and FortiProxy. It allows attackers to gain super admin privileges through specially crafted Node.js websocket requests.
✨🎉 A new year brings new opportunities and new goals!
At CyberThreat.zip, we’re here to ensure your growth and security in 2025. 🛡️💻
Wishing everyone a happy, healthy, and safe New Year! 🎄🎆
#CyberThreatZip #HappyNewYear2025
⚠️ 7-Zip RCE Vulnerability
CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zip’s Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code.
❕ Users are advised to update to 7-Zip version 24.07 or later.
⚠️ Palo Alto Networks Privilege escalation vulnerability
CVE-2024-9474: A privilege escalation vulnerability affecting authorized users.
⚠️ Palo Alto Networks Authentication bypass vulnerability
CVE-2024-0012: An authentication bypass vulnerability in PAN-OS allows attackers to gain administrator privileges.
⚠️ DragonRank Hits IIS Servers in Asia, Europe
Over 35 IIS servers compromised using BadIIS malware and ASPXspy, exploiting web app vulnerabilities for SEO fraud.
❕Systems are not affected if IPv6 is disabled on the target machine.
⚠️ Windows TCP/IP 0-Click RCE Vulnerability
CVE-2024-38063: Microsoft released an urgent update for a critical vulnerability. It allows remote code execution via specially crafted IPv6 packets. All Windows and Windows Server versions are affected.
Our Telegram Channel is Opened
Our Telegram channel, where we make all announcements about cyber threats and security vulnerabilities, has been opened.
t.me/cyberthreatzip
⚠️ Critical GeoServer RCE Flaw
CVE-2024-36401: GeoServer versions before 2.24.4, 2.25.2, and 2.23.6 have a critical RCE vulnerability (CVSS 9.8). Users should upgrade to the latest versions to mitigate the threat.
This vulnerability allows authentication bypass in Active Directory, granting full admin access on ESXi hypervisors. Attackers can escalate privileges by creating or renaming an 'ESX Admins' group. Used on systems with prior access.
⚠️VMware ESXi Authentication Bypass Vulnerability
CVE-2024-37085: VMware ESXi Vulnerability
On July 29, Microsoft announced that ransomware groups were exploiting a vulnerability identified as CVE-2024-37085.
🗣️ Microsoft confirmed that the nine-hour outage on Tuesday was caused by a DDoS attack. This attack affected many Microsoft 365 and Azure services worldwide.
⚠️ 10 billion passwords leaked.
New RockYou2024 Password List.
s3.timeweb.cloud/fd51ce25-6f9...
Oracle WebLogic Server Vulnerability
CVE-2024-21007: Weblogic Server Remote Code Execution(RCE)
Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0
Ollama Vulnerability
CVE-2024-37032: Ollama Remote Code Execution(RCE) vulnerability.
Exploitation involved overwriting /etc/ld.so.preload to load a malicious shared library, escalating from arbitrary file write to remote code execution.
New GitLab Vulnerability
CVE-2024-5655: GitLab security updates fixing 14 vulnerabilities.
GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5
New OpenSSH Vulnerability
CVE-2024-6387: OpenSSH's server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
hi