Do Son 
In the past week, several significant cybersecurity incidents have made headlines – including high-impact data breaches, and newly discovered or exploited vulnerabilities. Below is a structured summary of the most notable events, with key details:
CISA Alert – “Resurge” Malware Exploiting Ivanti Zero‑Day (CVE-2025-0282)
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued an alert about a new malware variant dubbed “Resurge” targeting Ivanti Connect Secure VPN appliances. Attackers are exploiting CVE-2025-0282, a critical stack buffer overflow vulnerability that was initially disclosed as a zero-day in January. Read more…
Ivanti Connect Secure Zero‑Day (CVE-2025-22457) Actively Exploited and Patched
Ivanti Connect Secure VPN appliances were found to contain a critical remote code execution zero-day vulnerability (CVE-2025-22457) that was actively exploited by a China-linked espionage actor since at least mid-March 2025. The flaw is a stack-based buffer overflow affecting Pulse Connect Secure 9.1x (now end-of-life) and Ivanti Connect Secure 22.7R2.5 and earlier versions, as well as related Policy Secure and Neurons for Zero Trust Access (ZTA) gateways. Read more…
Critical CrushFTP Authentication Bypass (CVE-2025-2825) Under Active Attack
A critical security flaw in the CrushFTP file transfer server software (tracked as CVE-2025-2825) is being actively exploited less than a week after it was revealed. The vulnerability (CVSS 9.8) allows an unauthenticated attacker to bypass login authentication and gain network port access to the CrushFTP server, potentially exposing stored files and enabling remote code execution. Read more…
Apache Parquet RCE Vulnerability (CVE-2025-30065) Discovered
A maximum-severity remote code execution flaw was disclosed in Apache Parquet, a widely used data storage format in big-data and analytics systems. Tracked as CVE-2025-30065 with a CVSS 4.0 score of 10.0, the issue stems from the deserialization of untrusted data in Parquet’s processing logic. In practical terms, an attacker who can supply a maliciously crafted Parquet file could trigger arbitrary code execution on the system that attempts to read that file, potentially allowing data theft, service disruption, or even ransomware deployment. Exploitation would likely require some social engineering (convincing a user or process to open/import the rogue Parquet file). Read more…
Oracle Discloses Second Hack (Client Login Data)
In a separate incident, Oracle told customers of a second recent breach in which a hacker accessed a legacy system and stole old client log-in credentials. The attacker attempted to sell data stolen from Oracle’s cloud servers last month and sought an extortion payment, prompting an investigation by the FBI and cybersecurity firm CrowdStrike. Oracle said this breach is unrelated to the healthcare incident and involved a system unused for years, minimizing the risk from the leaked credentials. Read more…
Australian Pension Funds Hacked
In early April, several major Australian pension funds were hit by a coordinated hacking campaign that compromised thousands of customer accounts in the A$4.2 trillion retirement sector. The country’s largest fund, AustralianSuper, said about 600 member accounts were accessed using stolen passwords (prompting the fund to lock those accounts), while another fund (REST) reported that roughly 1% of its 2 million members were impacted by a breach last week. Australia’s cyber security chief acknowledged the attacks and coordinated a government response, as financial firms alerted affected members and asserted that no widespread financial damage had yet occurred. Read more…
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
