🗣️ Microsoft confirmed that the nine-hour outage on Tuesday was caused by a DDoS attack. This attack affected many Microsoft 365 and Azure services worldwide.

⚠️ Critical GeoServer RCE Flaw CVE-2024-36401: GeoServer versions before 2.24.4, 2.25.2, and 2.23.6 have a critical RCE vulnerability (CVSS 9.8). Users should upgrade to the latest versions to mitigate the threat.

Our Telegram Channel is Opened Our Telegram channel, where we make all announcements about cyber threats and security vulnerabilities, has been opened. t.me/cyberthreatzip

⚠️ Windows TCP/IP 0-Click RCE Vulnerability CVE-2024-38063: Microsoft released an urgent update for a critical vulnerability. It allows remote code execution via specially crafted IPv6 packets. All Windows and Windows Server versions are affected.

❕Systems are not affected if IPv6 is disabled on the target machine.

⚠️ Cisco Command Injection Flaw CVE-2024-20469: Cisco Identity Services Engine (ISE) has a command injection vulnerability allowing local attackers with admin access to escalate privileges to root. Patch the system to mitigate the threat.

⚠️ DragonRank Hits IIS Servers in Asia, Europe Over 35 IIS servers compromised using BadIIS malware and ASPXspy, exploiting web app vulnerabilities for SEO fraud.

Cumhuriyet, bağımsızlık ateşiyle yanan milletin en büyük zaferidir. 29 Ekim Cumhuriyet Bayramımız kutlu olsun!🇹🇷

⚠️ Palo Alto Networks Authentication bypass vulnerability CVE-2024-0012: An authentication bypass vulnerability in PAN-OS allows attackers to gain administrator privileges.

⚠️ Palo Alto Networks Privilege escalation vulnerability CVE-2024-9474: A privilege escalation vulnerability affecting authorized users.

⚠️ 7-Zip RCE Vulnerability CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zip’s Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code. ❕ Users are advised to update to 7-Zip version 24.07 or later.

✨🎉 A new year brings new opportunities and new goals! At CyberThreat.zip, we’re here to ensure your growth and security in 2025. 🛡️💻 Wishing everyone a happy, healthy, and safe New Year! 🎄🎆 #CyberThreatZip #HappyNewYear2025

⚠️ OpenVPN RCE Vulnerability CVE-2025-10680: High-severity flaw enabling authenticated VPN servers to execute OS commands on clients. Scope: OpenVPN Client (Linux, macOS) Requirement: --dns-updown enabled

⚠️ 7-Zip RCE Vulnerability CVE-2025-11001: Critical vulnerability in 7-Zip! A malicious ZIP file can allow remote code execution on your computer. Simply opening the file is enough. ❕ Users are advised to update to 7-Zip version 25.00 or later.

APT31 (China) targeted Russian gov't IT contractors in 2025 & earlier. The group operated undetected for extended periods, gathering intelligence through sophisticated cyber espionage campaigns.

APT31's Arsenal: SharpADUserIP (Recon) SharpChrome (Password theft) StickyNotesExtract (Data theft) Tailscale VPN (Tunneling) CloudSorcerer/OneDriveDoor (Cloud C2) VtChatter (VirusTotal C2) LocalPlugX (Lateral movement) Various backdoors (Linux/Windows)