U.S. Cybersecurity and Infrastructure Security Agency’s new Malware Analysis Report on a malicious listener deployed on Ivanti Endpoint Manager Mobile (EPMM) systems by chaining CVE-2025-4427 and CVE-2025-4428 during real-world intrusions. The report ships with indicators of compromise, YARA and SIGMA rules, and clear mitigation guidance, making it a must-read for defenders managing mobile device fleets… Continue reading Malware Analysis Report on a malicious listener deployed on Ivanti Endpoint Manager Mobile (EPMM) systems
Month: September 2025
Critical Google Chrome Zero-Day CVE-2025-10585: What You Need to Know
Google has just patched a critical zero-day vulnerability in its Chrome web browser—CVE-2025-10585—which has been actively exploited in the wild. This flaw, a type confusion issue in Chrome’s V8 JavaScript and WebAssembly engine, allows threat actors to execute arbitrary code on vulnerable systems, potentially compromising millions of users. The Vulnerability and Its Impact CVE-2025-10585 is a type confusion vulnerability in the V8… Continue reading Critical Google Chrome Zero-Day CVE-2025-10585: What You Need to Know
CISA Issues Nine Urgent Advisories on Industrial Control Systems Vulnerabilities
In a critical bulletin released on September 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published nine new advisories detailing high-severity vulnerabilities affecting widely used Industrial Control Systems (ICS). Organizations operating critical infrastructure—from energy grids to manufacturing plants—must review and implement the recommended mitigations immediately to prevent disruptive or potentially catastrophic attacks. Key… Continue reading CISA Issues Nine Urgent Advisories on Industrial Control Systems Vulnerabilities