Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real time, enhancing its operational value significantly.
[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.
"Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals," Percoco stated.
This attack is just shedding light on the fact that you're even more vulnerable outside of the office, said Don Aviv, CEO of Interfor International, a security consultancy.
"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."
"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
A CVE (Common Vulnerabilities and Exposures) is a unique identifier for a publicly disclosed security vulnerability in a specific product, version, or component. A CVE: Identifies that a vulnerability exists Provides a stable reference ID (for example, CVE-2023-45143) Links to descriptions, technical details, and references Does not describe abstract weaknesses or attack classes CVEs are cataloged by MITRE and assigned by authorized CVE Numbering Authorities (CNAs), which include vendors, open-source projects, and security organizations.
