Weekly Exploit Roundup

Generated 2025-11-04T08:00:14.874101+00:00 (UTC)

1. China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems
   Source: The Hacker News | Published: 2025-10-31T13:26:00+00:00 | Score: 18.904
   The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick.
   The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month, said that it
2. CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks
   Source: The Hacker News | Published: 2025-10-31T07:09:00+00:00 | Score: 16.717
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
   The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain
3. ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
   Source: The Hacker News | Published: 2025-11-01T13:43:00+00:00 | Score: 15.627
   The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY.
   The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an
4. Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching
   Source: BleepingComputer | Published: 2025-11-03T15:22:12+00:00 | Score: 14.705
   An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices. […]
5. Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware
   Source: The Hacker News | Published: 2025-10-28T08:22:00+00:00 | Score: 14.611
   The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.
   The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under
6. Keys to the Kingdom: A Defender's Guide to Privileged Account Monitoring
   Source: Threat Intelligence | Published: 2025-10-28T14:00:00+00:00 | Score: 13.978
   Written by: Bhavesh Dhake, Will Silverstone, Matthew Hitchcock, Aaron Fletcher The Criticality of Privileged Access in Today's Threat Landscape Privileged access stands as the most critical pathway for adversaries seeking to compromise sensitive systems and data. Its protection is not only a best practice, it is a fundamental imperative for organizational resilience. The increasing complexity of modern IT environments, exacerbated by rapid cloud migration, has led to a surge in both human and non-human identities, comprising privileged accounts and virtual systems [compute workloads such as virtual machines (VMs), containers, and serverless functions, plus their control planes], significantly expanding the overall attack surface. This environment presents escalating challenges in identity and access management, cross-platform system security, and effective staffing, making the establishment and maintenance of a robust security posture increasingly challenging. The threat landscape is c
7. Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack
   Source: The Hacker News | Published: 2025-10-29T07:44:00+00:00 | Score: 13.306
   Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck.
   The vulnerabilities are listed below –

   CVE-2025-6204 (CVSS score: 8.0) – A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to

8. CISA Adds Two Known Exploited Vulnerabilities to Catalog
   Source: Alerts | Published: 2025-10-30T12:00:00+00:00 | Score: 11.547
   CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-24893 XWiki Platform Eval Injection Vulnerability CVE-2025-41244 Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly
9. CISA Adds Two Known Exploited Vulnerabilities to Catalog
   Source: Alerts | Published: 2025-10-28T12:00:00+00:00 | Score: 10.119
   CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-6204 Dassault Systèmes DELMIA Apriso Code Injection Vulnerability CVE-2025-6205 Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organiz
10. Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
    Source: The Hacker News | Published: 2025-10-30T16:40:00+00:00 | Score: 9.786
    The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs.
    AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for

End of report.