VulnHub

Ivanti's Endpoint Manager Mobile (EPMM) is currently facing serious security threats due to two newly discovered zero-day vulnerabilities. Initial limited attacks were reported before Ivanti made its findings public, but since then, numerous threat groups have exploited these weaknesses, leading to a surge in attacks. More than 1,400 instances of EPMM remain exposed, putting organizations at risk of unauthorized access and data breaches. This situation is alarming as it highlights the vulnerabilities in widely used software, prompting urgent action from affected users to protect their systems. Companies using EPMM should prioritize patching and securing their environments to mitigate the risks associated with these vulnerabilities.

A new wave of GlassWorm malware has been detected, targeting Open VSX software components. This self-replicating malware has infiltrated various development environments, leading to infections that steal sensitive information from users. As developers integrate these compromised components, they unknowingly expose their systems and data to potential breaches. The implications are significant, as downstream victims may suffer from data theft and loss of trust in their development tools. Developers and organizations using these components need to take immediate action to secure their environments and mitigate the risks associated with this malware.

Recently, a coordinated effort has been observed targeting Citrix NetScaler systems through a large-scale scanning operation. This campaign utilized tens of thousands of residential proxies to locate login panels, indicating a significant interest in potentially exploiting these systems. Organizations using Citrix NetScaler may be at risk, as the scans could lead to unauthorized access or data breaches if vulnerabilities are found. The use of residential proxies suggests that the attackers are trying to mask their activities and avoid detection. This incident serves as a reminder for companies to strengthen their security measures and monitor their networks for unusual activity.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability in SolarWinds Web Help Desk that is currently being exploited in active attacks. This flaw poses a risk to federal agencies, which have been instructed to apply necessary patches within three days to mitigate potential damage. The urgency of the situation underscores the importance of maintaining up-to-date systems, especially for organizations that rely on SolarWinds products. If left unaddressed, this vulnerability could lead to unauthorized access and compromise sensitive data, affecting not just government agencies but potentially their partners and clients as well. The situation is a reminder for all users of SolarWinds software to remain vigilant and ensure their systems are secure.

CrossCurve, a decentralized finance platform, recently lost $3 million due to an exploit in its smart contract. Attackers took advantage of a vulnerability in the ReceiverAxelar contract, which was missing an essential validation check. This flaw allowed them to manipulate transactions undetected, leading to significant financial loss. The incident raises concerns about the security of smart contracts within the DeFi space, where similar vulnerabilities can have widespread implications for users and investors. As decentralized finance continues to grow, ensuring the security of such contracts is crucial to maintaining trust in these platforms.

Hackers have been exploiting a serious vulnerability in the React Native CLI, identified as CVE-2025-11953, to execute remote commands and deploy stealthy Rust-based malware. This flaw arises from the React Native CLI's Metro server, which, by default, binds to external interfaces, making it susceptible to unauthorized access. This exploitation occurred weeks before the vulnerability was publicly disclosed, indicating that attackers are actively targeting this weakness. Users of React Native should be particularly vigilant, as the impact could extend to various applications built on this framework. Prompt action is necessary to secure affected systems and prevent further malicious activities.

A newly discovered vulnerability in React Native has been exploited in the wild, allowing attackers to disable security protections and deliver malware to affected devices. This flaw, which was previously thought to be a theoretical risk, has now raised alarms among developers and users of applications built with React Native. The impact of this vulnerability can be significant, as it compromises the integrity and security of applications, potentially affecting millions of users. Developers are urged to take immediate action to secure their applications and protect user data from malicious exploitation.

Researchers have identified a new ransomware-as-a-service (RaaS) variant known as 'Vect'. This operation stands out due to its custom malware, which poses a significant threat to organizations. The Vect RaaS allows attackers to easily deploy ransomware attacks, potentially affecting a wide range of victims, from small businesses to larger enterprises. The introduction of this variant raises concerns about the increasing sophistication of ransomware operations, making it crucial for companies to bolster their cybersecurity measures. Users are advised to stay vigilant and regularly update their security protocols to defend against such evolving threats.

A serious security vulnerability, identified as CVE-2025-11953 and nicknamed Metro4Shell, has been discovered in the Metro Development Server, which is part of the '@react-native-community/cli' npm package. This flaw, rated 9.8 on the CVSS scale, allows remote attackers to execute arbitrary code without authentication. Researchers from VulnCheck first detected active exploitation of this vulnerability on December 21, 2025. This poses a significant risk for developers and organizations using this package, as it could lead to unauthorized control over their systems. Users of the affected npm package need to take immediate action to protect their applications.